Book a demo Log in / Sign up

Privacy Disclosure Notice Template for the United States

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Privacy Disclosure Notice?

The Privacy Disclosure Notice has become increasingly important due to evolving privacy regulations and growing consumer awareness about data protection rights. This document is required when organizations collect, process, or store personal information of individuals in the United States. It must address requirements from various federal laws (such as GLBA, HIPAA) and state-specific regulations (such as CCPA, CPRA). The Privacy Disclosure Notice should be regularly updated to reflect changes in data practices and regulatory requirements, serving as both a compliance tool and a trust-building mechanism with consumers.

Frequently Asked Questions

Is a Privacy Disclosure Notice legally required for my business in the United States?

Yes, Privacy Disclosure Notices are legally required for many businesses under federal laws like GLBA for financial institutions, HIPAA for healthcare entities, and state laws like the California Consumer Privacy Act. The specific requirements depend on your industry, the type of personal information you collect, and your business location.

Can I be fined if my Privacy Disclosure Notice is missing or incomplete?

Yes, penalties can be severe including fines up to $43,792 per violation under GLBA, up to $1.9 million under HIPAA, and up to $7,500 per consumer under CCPA. Incomplete notices may also expose you to lawsuits and regulatory enforcement actions.

How is a Privacy Disclosure Notice different from a Privacy Policy?

A Privacy Disclosure Notice is typically a shorter, legally mandated document that focuses on specific disclosure requirements under federal laws like GLBA or HIPAA. A Privacy Policy is usually more comprehensive, covering broader data practices, and is often required for websites and apps under various state and federal regulations.

How long does it typically take to prepare a compliant Privacy Disclosure Notice?

Creating a compliant Privacy Disclosure Notice typically takes 2-4 weeks when working with legal counsel, including time to review your data practices, identify applicable laws, draft the notice, and ensure compliance. DIY approaches may be faster but risk non-compliance.

Does my Privacy Disclosure Notice need to be updated annually in the United States?

Yes, most privacy laws require annual delivery of notices to consumers, and you must update the notice whenever there are material changes to your information-sharing practices. GLBA specifically requires annual notices, while CCPA requires updates within a reasonable timeframe after changes occur.

Can customers opt out of information sharing under my Privacy Disclosure Notice?

Under many U.S. privacy laws, customers have opt-out rights for certain types of information sharing, particularly under GLBA for financial institutions and CCPA for California residents. Your notice must clearly explain these rights and provide simple opt-out mechanisms when required.

Where am I required to post or deliver my Privacy Disclosure Notice?

Delivery requirements vary by law - GLBA requires mailing or electronic delivery to customers, HIPAA requires posting in facilities and providing upon request, and CCPA requires prominent website posting. You must also provide copies upon consumer request and maintain records of delivery for compliance audits.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

United States

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Notice

Sector

Business

Cost

Free to use

Last updated

About the Privacy Disclosure Notice

A Privacy Disclosure Notice is a critical legal document that explains how your organization collects, uses, and protects personal information. Under United States law, this notice serves as your primary tool for transparency and regulatory compliance, ensuring individuals understand their privacy rights and your data handling practices.

When do you need this document?

You need a Privacy Disclosure Notice whenever your business collects personal information from consumers, employees, or other individuals. Financial institutions must provide these notices under the Gramm-Leach-Bliley Act, healthcare providers require them for HIPAA compliance, and websites serving children need them for COPPA adherence. California businesses handling personal information must comply with CCPA requirements, while any organization processing consumer credit information falls under FCRA mandates. The Federal Trade Commission also requires these notices to prevent deceptive practices in data handling.

Key legal considerations

Your Privacy Disclosure Notice must clearly identify what personal information you collect, including names, addresses, financial data, health records, or online identifiers. You must explain how this information is used, whether for service delivery, marketing, legal compliance, or business operations. The document should detail your information sharing practices, specifying which third parties receive data and under what circumstances. You must also outline individual rights, such as access, deletion, or opt-out options, and provide clear instructions for exercising these rights. Regular updates are essential when your data practices change or new regulations take effect.

Legal requirements in United States

Federal laws create overlapping requirements for Privacy Disclosure Notices. The Gramm-Leach-Bliley Act requires financial institutions to provide annual privacy notices and allow customers to opt out of information sharing. HIPAA mandates that healthcare entities provide detailed notices of privacy practices for protected health information. COPPA requires operators of child-directed websites to obtain parental consent and provide clear privacy notices. The Fair Credit Reporting Act requires disclosure when using consumer reports for employment or credit decisions. State laws add additional requirements, with California's CCPA requiring comprehensive disclosures about personal information categories, business purposes, and consumer rights. The Federal Trade Commission enforces these requirements and can impose significant penalties for non-compliance, making accurate and complete privacy notices essential for legal protection.

GOVERNING LAW

Applicable law

This Privacy Disclosure Notice is drafted to comply with United States law. Key legislation includes:

GLBA: Gramm-Leach-Bliley Act - Federal law that requires financial institutions to explain their information-sharing practices to customers and protect sensitive data

HIPAA: Health Insurance Portability and Accountability Act - Federal law that creates national standards to protect sensitive patient health information

COPPA: Children's Online Privacy Protection Act - Federal law that imposes requirements on operators of websites or online services directed to children under 13 years of age

FCRA: Fair Credit Reporting Act - Federal law that regulates the collection, dissemination, and use of consumer credit information

FTC Act: Federal Trade Commission Act - Prohibits deceptive or unfair practices in privacy and data security matters

CCPA: California Consumer Privacy Act - Comprehensive state privacy law giving California residents rights over their personal information

VCDPA: Virginia Consumer Data Protection Act - State privacy law providing Virginia residents with rights regarding their personal data

CPA: Colorado Privacy Act - State privacy law establishing requirements for data protection and consumer privacy rights in Colorado

UCPA: Utah Consumer Privacy Act - State privacy law providing Utah consumers with rights regarding their personal data

CTDPA: Connecticut Data Privacy Act - State privacy law establishing privacy rights for Connecticut residents

FERPA: Family Educational Rights and Privacy Act - Federal law that protects the privacy of student education records

TCPA: Telephone Consumer Protection Act - Federal law restricting telemarketing calls and the use of automated systems to contact consumers

CAN-SPAM Act: Law setting rules for commercial email practices and giving recipients the right to stop unwanted email marketing

GDPR: General Data Protection Regulation - EU regulation on data protection and privacy applicable when handling EU resident data

PIPEDA: Personal Information Protection and Electronic Documents Act - Canadian federal privacy law governing private-sector organizations' handling of personal information

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it