Standard Privacy Notice Template for the United States
Generate a bespoke document
What is a Standard Privacy Notice?
The Standard Privacy Notice is a fundamental document required for any organization collecting personal information in the United States. It serves as a comprehensive disclosure of an organization's privacy practices, ensuring compliance with various federal and state privacy regulations. Organizations must maintain and regularly update their privacy notice to reflect current data handling practices and evolving privacy laws. The document typically covers what information is collected, how it's used, who it's shared with, and what rights individuals have regarding their personal information. Given the complex regulatory landscape in the U.S., including state-specific requirements like the CCPA/CPRA, organizations must ensure their privacy notice addresses all applicable jurisdictional requirements.
About the Standard Privacy Notice
A Standard Privacy Notice is an essential legal document that organizations must provide to individuals whose personal information they collect, use, or share. Under United States privacy law, this notice serves as your organization's primary tool for transparency and regulatory compliance, ensuring that data subjects understand how their information is handled throughout your business operations.
When do you need this document?
You need a Standard Privacy Notice whenever your organization collects personal information from individuals. This includes operating a website with cookies or tracking technologies, collecting customer information for sales or services, maintaining employee records, processing financial transactions, or handling healthcare information. E-commerce businesses, healthcare providers, financial institutions, and any company with an online presence must have a comprehensive privacy notice. The notice is also required before implementing new data collection practices or when expanding operations to states with specific privacy requirements like California or Virginia.
Key legal considerations
Your privacy notice must accurately reflect your actual data practices and cannot contain misleading or deceptive statements, as this would violate FTC Act Section 5. The document should clearly identify all categories of personal information collected, including both information provided directly by users and data collected automatically through cookies or analytics. You must specify all purposes for data use, including marketing, analytics, and service improvement. Third-party sharing arrangements require detailed disclosure, particularly when involving data brokers, advertising partners, or service providers. The notice must also explain individual rights, such as access, deletion, and opt-out mechanisms, and provide clear contact information for privacy-related inquiries or complaints.
Legal requirements in United States
Federal laws establish baseline requirements for privacy notices across industries. The FTC Act requires truthful and non-deceptive privacy practices for all businesses. COPPA mandates specific disclosures for websites collecting information from children under 13, including parental consent mechanisms. HIPAA requires covered entities to provide detailed notices about protected health information uses and disclosures. Financial institutions must comply with GLBA privacy notice requirements for customer financial information. At the state level, California's CCPA and CPRA require comprehensive disclosures about consumer rights, including the right to know, delete, and opt-out of personal information sales. Virginia's CDPA and other emerging state laws impose similar requirements. Your notice must address all applicable federal and state requirements based on your business type, location, and customer base to ensure full legal compliance.
GOVERNING LAW
Applicable law
This Standard Privacy Notice is drafted to comply with United States law. Key legislation includes:
Explore 208,390+ legal templates
Explore 208,390+ legal templates
Genie's Security Promise
Genie is the safest place to draft. Here's how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie's AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it