COPPA Compliance for Websites and Apps: What You Must Do Before Collecting Data from Children Under 13
COPPA (the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501-6506) places parents in control of what personal information is collected from their children online. If your website, app, or online service is directed to children under 13 or has actual knowledge that it's collecting personal information from a child under 13, you must comply with COPPA's notice, consent, and data protection requirements before any collection occurs.
Read MoreData Breach Notification Under Texas Law: What You Must Do When Personal Information Is Compromised
When a business discovers that sensitive personal information in its possession has been accessed by an unauthorized person, two clocks start running simultaneously. Under Texas Business and Commerce Code § 521.053, the business must notify affected individuals within 60 days of determining that the breach occurred.
Read MoreData Processing Agreements: What Your Vendor Contracts Must Include When Third Parties Handle Customer Data
When a business shares customer data with a vendor (a payment processor, a cloud hosting provider, an analytics platform, a CRM system, an email marketing service, or any other third party that receives, stores, or processes personal information on the business's behalf), the relationship must be governed by a written contract that specifies how the vendor handles the data, what it can and can't do with it, and what happens when the relationship ends.
Read MorePrivacy Policies for Online Businesses: What the Law Requires and What Platforms Demand
No single federal statute requires every U.S. website to have a privacy policy. But the combined effect of state privacy laws, FTC enforcement authority, and platform requirements means that every online business collecting personal information from users needs one, and the policy must accurately describe the business's data practices.
Read MoreState Privacy Laws Beyond Texas: What Businesses That Sell Nationwide Must Comply With
As of mid-2026, 20 states have enacted comprehensive consumer data privacy laws, with more legislation pending. There's no federal comprehensive privacy statute, which means every business that collects personal data from customers in multiple states must navigate a patchwork of state laws with different applicability thresholds, different consumer rights, different enforcement mechanisms, and different cure periods.
Read MoreTexas Data Privacy and Security Act: What It Requires, Who It Covers, and How Texas Businesses Comply
Most Texas businesses that collect personal data from consumers are subject to the Texas Data Privacy and Security Act (TDPSA), codified at Texas Business and Commerce Code Chapter 541. Effective July 1, 2024, the TDPSA regulates how businesses collect, use, store, sell, share, and process the personal data of Texas residents.
Read More