Privacy Policy
Last Updated 2022
The Sterling Firm and/or its affiliates may use your information to process your request for information.
The Sterling Firm and/or its affiliates may use your information to register you to receive The Sterling Firm newsletters.
The Sterling Firm and/or its affiliates may use your information to contact you about The Sterling Firm services and products.
The Sterling Firm and/or its affiliates may use your information to contact you about events.
Scheduling a call or having a consultation with The Sterling Firm and/or its affiliates does not create an attorney-client relationship. Further agreements are required to create an attorney-client relationship.
Nothing in The Sterling Firm\’s website is to be considered legal advice. All content contained in The Sterling Firm\’s website is for informational purposes only. Nothing in The Sterling Firm\’s website shall serve as a representation of results or guarantees.
The Sterling Firm is committed to protecting your personal information. Each time you visit The Sterling Firm websites or provide The Sterling Firm with information, you are accepting the practices as described in the policy at that time. Please review this policy from time to time as The Sterling Firm may update it periodically. If you have entered into a separate agreement with The Sterling Firm (i.e. attorney client agreement for legal representation) that agreement may include additional relevant information. California residents, please also see the “Note To California Residents” Section for additional rights that apply to you.
Information The Sterling Firm May Collect From You
In order to provide you with information and materials, The Sterling Firm may collect personal information (i.e. name, user name, shipping address, phone number, email address), financial information (i.e. credit card numbers and billing addresses), and demographic information (i.e. zip code, age). The Sterling Firm retains personal information no longer than is necessary for business purposes or legal requirements. If you do not provide certain account information, or withdraw consent for The Sterling Firm to use it, The Sterling Firm may not be able to provide information to you.
Voluntary submissions of personal information can occur for various reasons, such as if you request to receive information about The Sterling Firm services, or if you subscribe to one of the The Sterling Firm mailing lists. If you subscribe to one of The Sterling Firm mailing lists, The Sterling Firm generally collects your name, email address, and your telephone or other information if you provide it to so The Sterling Firm can customize your experience and better serve your needs.
Minor Children
Children under the age of majority are required to provide consent from their legal guardian with parental responsibility. This person may review the child’s personal information, withdraw consent to use it, or have it deleted, by contacting [email protected].
How The Sterling Firm May Use Your Personal Information
The Sterling Firm may use the information you provide, like names, addresses, phone numbers, email addresses, and sometimes credit card information when such information is voluntarily submitted by website visitors as well as to deliver the services you have requested, to contact you when necessary in connection with those service requests, to send you information regarding your order or requested services, and to prevent fraud and spam. Most of your customer information is stored in a third-party Customer Relationship Manager (CRM) system, and not directly on The Sterling Firm servers.
Your credit card information may or may not be stored by The Sterling Firm, and may also be passed to payment processors. These include but are not limited to: Stripe, PayPal, Zelle, among others.
The Sterling Firm may also collect and store certain information in server logs. This includes your IP address, your browser and operating system, and details of how you used The Sterling Firm website. Cookies are text files that are used by your computer’s web browser to store your preferences, and enable The Sterling Firm to enhance your user experience with The Sterling Firm site. Third party retargeting networks may also use cookies to display advertisements to you on other sites. You can learn more about how to opt-out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page.
Please note that you do have the option to configure most web browsers to NOT accept cookies. However, be aware that disabling cookies may keep you from having access to some functions or services on The Sterling Firm site or the web-hosted software that runs on The Sterling Firm site.
Because there is not yet a common understanding of how to interpret web browser-based “Do Not Track” signals other than cookies, The Sterling Firm does not currently respond to “Do Not Track” signals that are undefined.
If you opt in to emails about The Sterling Firm, then The Sterling Firm may send you emails about topics on behalf of The Sterling Firm and/or affiliates. You can opt out of non-transactional emails by clicking the unsubscribe link at the bottom of any email communication, or by emailing [email protected]. By contacting The Sterling Firm or by visiting The Sterling Firm website, you have authorized The Sterling Firm to contact you, either directly, or through a third party, online, by email, through social media, by telephone, SMS, direct message and/or text message, or by any other means now known or to be created in the future.
By submitting your email address, you also agree to allow The Sterling Firm to use your email address for custom audience targeting on sites like Facebook and other platforms. If you visit these sites with an open ID (such as Facebook), you may also be sharing and integrating data with third-party social media sites, and The Sterling Firm may track aggregate data about the number of visits to this site with an open ID, the number of items “liked” on this site, or items on this site that you choose to share with a third-party social media site.
If you wish to stop seeing ads from The Sterling Firm on Facebook, you can turn off the ad by using the following steps:
From within Facebook, go to the advertisement you want to turn off.
Click on the drop-down arrow in the top corner of the ad (that may be in the top right corner or top left corner).
Click on “Hide ad”.
You can also customize the ads you see in Facebook across all advertisers by using the following steps: Log in to your Facebook account and click “settings”.
Click on “Ads”.
On that page you will see a list of options you can choose to limit and/or block the information Facebook shows to advertisers.
If you wish to stop seeing ads from The Sterling Firm in Google Ads, you can turn off the ad by using the following steps: Go to the advertisement you want to turn off.
Click on the x in the top left corner.
Click on “Stop seeing this ad”.
Other ad platforms The Sterling Firm may use in the future may have similar ways you can turn off any ad from The Sterling Firm to stop seeing it.
In addition, you agree that by submitting your telephone contact information on The Sterling Firm site, such act constitutes an inquiry and/or an application for the purposes of the Amended Telemarketing Sales Rule (ATSR), 16 CFR 310 et seq. and any applicable state and local “do not call” regulations. The Sterling Firm retains the right to contact you via telemarketing in accordance with the ATSR and the applicable state regulations. If you enter information into The Sterling Firm website(s), and/or social media platforms or any other property, outside of secure transactions, the content you provide may be visible to the public along with any associated username. Do not post sensitive personal information such as your address or credit card number outside of secure transactions on The Sterling Firm site(s) and/or social media platforms or any other property.
Users posting messages to The Sterling Firm sites or groups, or sending emails to The Sterling Firm, automatically grant The Sterling Firm the royalty-free, perpetual, irrevocable, nonexclusive right and license to use, reproduce, modify, adapt, publish, translate, sublicense, copy and distribute such messages throughout the world in any media. By attending any event produced by The Sterling Firm, online or in person, you agree that you release any claim for right of publicity and defamation against you, and hereby grant permission to The Sterling Firm in perpetuity to use the materials for any purpose.
How The Sterling Firm May Share Your Personal Information
In some cases, it is necessary for The Sterling Firm to provide information particular to you to a third party. For example, when you give The Sterling Firm a billing address or credit card information, The Sterling Firm provides it to a credit card processor to check your qualifications and to charge you for products and services you order from us. By making a purchase or engaging in another activity on The Sterling Firm websites that uses financial information, you consent to The Sterling Firm providing your financial information to third parties as necessary to process your transactions. If you do not provide this information, or withdraw consent to The Sterling Firm sharing it for the above purpose, The Sterling Firm cannot process your orders.
When you give The Sterling Firm an address, The Sterling Firm may provide it to shipping services in order to determine shipping rates and to ship your packages. If the address is within the United States, The Sterling Firm provides it to an address verification service for standardization. If the address is within the state of Washington, The Sterling Firm provides it to a geolocation service to determine your tax district so that The Sterling Firm can correctly charge sales tax. If the address is outside of the United States, The Sterling Firm may ask for a phone number; this is provided to the shipper per their requirement. If you do not provide this information, or withdraw consent to The Sterling Firm sharing it for the above purpose, The Sterling Firm cannot process your orders.
This information may also be used by affiliate providers of The Sterling Firm solely to provide access to and pricing information for that provider’s products or services. If you do not provide this information, or withdraw consent to The Sterling Firm sharing it for the above purpose, The Sterling Firm providers’ ability to provide access to and beneficial information for products or services may be limited.
The Sterling Firm may disclose your personal information to other parties if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on The Sterling Firm or The Sterling Firm sites; (b) protect and defend the rights or property of The Sterling Firm and its web sites, or (c) act in urgent circumstances to protect the personal safety of users of The Sterling Firm, its web sites, or the public.
Other parties such as advertising providers and analytics companies may also be collecting information about your online activity across various websites over time. The information collected by those third parties may include identifiers that allow those third parties to tailor the ads that they serve to your computer or other device.
The Sterling Firm will not share your personal information with third parties without your permission, other than for the limited exceptions stated above.
Information Other Websites May Collect From You
While many websites share information about your browsing activities with other services, The Sterling Firm does not. Some parts of The Sterling Firm services are hosted by companies that may collect usage data for the purpose of providing and improving service.
Please be aware that there are links from The Sterling Firm site to other websites operated by other parties where The Sterling Firm privacy policy does not apply. The Sterling Firm encourages you to review their privacy policies, and remind you that The Sterling Firm is not responsible for their actions.
Access To And Control Of Your Personal Information
You have the means to ensure that your personal information is correct and current. You can contact [email protected].
Notice Of Rights
Subjects in the European Union are advised of the following rights; The Sterling Firm gladly provides the same opportunities to subjects outside the European Union. (You may have other rights.)
- You may request access to and rectification or erasure of personal data concerning you.
- You may request restriction of data processing concerning you.
- You may request the personal data which you have provided The Sterling Firm concerning you, and you may transmit those data to another controller without hindrance from us.
- You may object at any time to The Sterling Firm processing of personal data concerning you and you may withdraw your consent for future processing.
If you are a subject in the European Union, and you believe that The Sterling Firm’s processing of personal data relating to you infringes the EU’s General Data Protection Regulation, you may lodge a complaint with your Member State’s designated supervisory authority.
IP Addresses
The Sterling Firm may use your IP address to help prevent fraud, to help diagnose problems with The Sterling Firm server, to gather broad demographic information, and to offer you products and services.
Commitment To Data Security
All information collected from you is stored in a technically and physically secure environment. Furthermore, employees, contractors, and vendors who have access to your personally identifiable information in connection with providing services for The Sterling Firm are required to keep the information confidential. The Sterling Firm uses SSL encryption to protect sensitive information online, and The Sterling Firm does everything The Sterling Firm can to protect user information offline. Unfortunately, no transmission over the Internet can be guaranteed to be 100% secure. As a result, while The Sterling Firm takes reasonable measures to protect your information, The Sterling Firm cannot ensure or warrant the security of the information that you transmit to us, and you do so at your own risk.
Changes To This Policy
The Sterling Firm will occasionally update this privacy policy. When The Sterling Firm does, The Sterling Firm will revise the “last updated” date at the top of the page. For material changes to this policy, The Sterling Firm will notify you by placing prominent notice on The Sterling Firm websites, and may contact you via email.
Contact
If you have questions or concerns about this privacy policy, or about your dealings with The Sterling Firm websites, contact: [email protected]
Severability
If any part of this privacy policy is held invalid or unenforceable, that portion shall be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intentions of the parties, and the remaining portions shall remain in full force and effect.
Note to California Residents
If you live in the State of California, under the California Civil Code, you have the right to request that companies who conduct business in California provide you with a list of all third parties to which the company has disclosed Personal Information during the preceding year for direct marketing purposes.
Alternatively, the law provides that if a company has a privacy policy that gives either an opt-out (often referred to as “unsubscribe”) or opt-in choice for use of your Personal Information by third parties (such as advertisers or affiliated companies) for marketing purposes, that the company may instead provide you with information on how to exercise your disclosure choice options.
This site qualifies for the alternative option; it has a comprehensive privacy policy and provides you with details on how you may either opt-out or opt-in to the use of your Personal Information by third parties for direct marketing purposes. Therefore, The Sterling Firm are not required to maintain or disclose a list of the third parties that received your Personal Information for marketing purposes during the preceding year.
If you are a California resident and want to request information about how to exercise your third party disclosure choices, you must send a request to the following address with a preference on how The Sterling Firm response to your request should be sent (email or postal mail).
All requests sent via regular mail must be labeled “Your California Privacy Rights” on the email subject line or envelope and clearly stated on the actual request. For all requests, please include your name, street address, city, state, and zip code. Please include your zip code for The Sterling Firm own record keeping.
The Sterling Firm does not accept requests via the telephone or by facsimile. The Sterling Firm is not responsible for notices that are not labeled or sent properly, or do not have complete information.
Disclosure And Acknowledgment Of State Laws Related To Digital Privacy
You acknowledge that you have been provided with full notice and disclosure of all applicable laws and regulations concerning your visit to The Sterling Firm websites or providing The Sterling Firm with information, and that all terms and use comply with the relevant laws, including but not limited to the following:
Overview
The Internet and new technologies continually raise new policy questions about privacy, and state lawmakers are continuing to address the array of privacy issues arising from online activities.
This web page documents state laws in a limited number of areas: comprehensive consumer data privacy, website privacy policies, privacy of online book downloads and reader browsing information, personal information held by Internet service providers, online marketing of certain products directed to minors, and employee email monitoring. Other types of state laws address privacy and can also apply to online activities. You are directed to review the applicable relevant and current Consumer Data Privacy Legislation. The following information may or may not be up to date.
Comprehensive Consumer Data Privacy Laws
Three states—California, Colorado and Virginia—have enacted comprehensive consumer data privacy laws. The three laws have several provisions in common, such as the right to access and delete personal information and to opt-out of the sale of personal information, among others. Other provisions require commercial websites or online services to post a privacy policy that describes the types of personal information collected, what information is shared with third parties, and how consumers can request changes to certain information.
California
Cal. Civ. Code §§ 1798.100 et seq. (California Consumer Privacy Act of 2018 (CCPA))
Allows consumers the right to request a business to disclose the categories and specific pieces of personal information that the business has collected about the consumers as well as the source of that information and business purpose for collecting the information. Provides that consumers may request that a business delete personal information that the business collected from the consumers. Provides that consumers have the right to opt-out of a business’s sale of their personal information, and a business may not discriminate against consumers who opt-out. Applies to California residents. (A.B. 375, Effective Jan. 1, 2020. Amended by 2018 S.B. 1121.)
Related CCPA Information:
- CCPA Regulations, California Office of the Attorney General
- California Attorney General, Background on the CCPA and the Rulemaking Process
- Standardized Regulatory Impact Assessment: California Consumer Privacy Act of 2018 Regulations, prepared for California Attorney General\’s Office, Aug. 2019
California Consumer Privacy Rights Act (CPRA)
Proposition 24, approved Nov. 2020, effective January 1, 2023
Expands the consumer data privacy laws. Permits consumers to: (1) prevent businesses from sharing personal information; (2) correct inaccurate personal information; and (3) limit businesses’ use of “sensitive personal information”—including precise geolocation; race; ethnicity; religion; genetic data; private communications; sexual orientation; and specified health information. Establishes the California Privacy Protection Agency to additionally enforce and implement consumer privacy laws and impose fines. Changes criteria for which businesses must comply with laws. Prohibits businesses’ retention of personal information for longer than reasonably necessary. Triples maximum penalties for violations concerning consumers under age 16. Authorizes civil penalties for theft of consumer login information, as specified. (Amended by 2021 A.B. 1490)
Colorado
Colo. Rev. Stat. § 6-1-1301 et seq. (2021 S.B. 190)
Creates the Colorado Privacy Act within the Colorado Consumer Protection Act. Addresses consumers’ rights to privacy, companies’ responsibility to protect personal data, and authorizes the Attorney General and district attorneys to take enforcement action for violations. Defines various terms related to covered businesses, consumers, and data, including defining the term “controller” as the person or group of people who determine how data is used and processed. The effective date is July 1, 2023.
Virginia
2021 H.B. 2307/2021 S.B. 1392 (Consumer Data Protection Act)
Establishes a framework for controlling and processing personal data in the Commonwealth. The law applies to all persons that conduct business in the Commonwealth and either (i) control or process personal data of at least 100,000 consumers or (ii) derive over 50 percent of gross revenue from the sale of personal data and control or process personal data of at least 25,000 consumers. The law outlines responsibilities and privacy protection standards for data controllers and processors. The bill does not apply to state or local governmental entities and contains exceptions for certain types of data and information governed by federal law. The law grants consumer rights to access, correct, delete, obtain a copy of personal data, and to opt-out of the processing of personal data for the purposes of targeted advertising. The law provides that the Attorney General has exclusive authority to enforce violations of the law, and the Consumer Privacy Fund is created to support this effort. The law directs the Joint Commission on Technology and Science to establish a workgroup to review the provisions of this act and issues related to its implementation and to report on its findings by November 1, 2021. The effective date is January 1, 2023.
Other Key Consumer Data Privacy Laws
California
Cal. Civ. Code §§ 1798.99.80 et seq. (Data Broker Registration)
Requires data brokers to register with, and provide certain information to, the Attorney General. Defines a data broker as a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship, subject to specified exceptions. Requires the Attorney General to make the information provided by data brokers accessible on its internet website. Data brokers that fail to register are subject to injunction and liability for civil penalties, fees, and costs in an action brought by the Attorney General, with any recovery to be deposited in the Consumer Privacy Fund, as specified. The bill would make statements of legislative findings and declarations and legislative intent.
Nevada
NRS § 603A.300 (Requires websites in Nevada to allow users to opt-out of having their personal data sold to third parties.)
Requires an operator (e.g., a person who owns or operates an Internet website or online service for commercial purposes or collects and maintains specified information from Nevada residents) to establish a designated request address through which a consumer may submit a verified request directing the operator not to make any sale of covered information collected about the consumer. The term “sale” is defined to mean the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons. The law also prohibits an operator who has received such a request from making any sale of any covered information collected about the consumer. The Attorney General may seek an injunction or a civil penalty for violations.
Nevada 2021 S.B. 260, Chap. 292
Relates to Internet privacy; exempts certain persons and information collected about a consumer in this state from requirements imposed on operators, data brokers and covered information; prohibits a data broker from making any sale of certain information collected about a consumer in the state if so directed by the consumer; revises provisions relating to the sale of certain information collected about a consumer in the state.
Vermont
9 V.S.A § 2446-2447 (Protection of Personal Information: Data Brokers)
Requires data brokers–businesses that knowingly collect and license the personal information of consumers with whom such businesses do not have a direct relationship—to register annually with the Secretary of State. Data brokers also must provide consumers with specified information, including the name, e-mail, and Internet addresses of the data broker; whether the data broker permits a consumer to opt-out of personal information collection or data sales; the method for requesting an opt-out; activities or sales the opt-out applies to; and whether the data broker permits a consumer to authorize a third party to perform the opt-out on the consumer\’s behalf. A statement specifying the data collection, databases, or sales activities from which a consumer may not opt-out and a statement as to whether the data broker implements a purchaser credentialing process must also be disclosed, among other disclosures. Data brokers also must implement and maintain a written information security program containing administrative, technical, and physical safeguards to protect personally identifiable information.
Privacy of Personal Information Held by Internet Service Providers (ISPs)
See also 2017-2020 Privacy Legislation Related to Internet Service Providers
Nevada and Minnesota require internet service providers specifically to keep private certain information concerning their customers unless the customer gives permission to disclose the information. Minnesota also requires ISPs to get permission from subscribers before disclosing information about the subscribers\’ online surfing habits and Internet sites visited. Maine prohibits using, disclosing, selling, or permitting access to customer personal information unless the customer expressly consents to such. Maine also prohibits a provider from refusing to serve a customer, charging a customer a penalty, or offering a customer a discount.
- Maine – 35-A MRSA § 9301 (effective 7-1-20)
- Minnesota – Minn. Stat. §§ 325M.01 to .09
- Nevada – NRS § 205.498
Children\’s Online Privacy
California
Calif. Bus. & Prof. Code §§ 22580-22582
California\’s Privacy Rights for California Minors in the Digital World Act, also called the \”eraser\” bill, permits minors to remove, or to request and obtain removal of, content or information posted on an Internet Web site, online service, online application, or mobile application. It also prohibits an operator of a Web site or online service directed to minors from marketing or advertising to minors specified products or services that minors are legally prohibited from buying. The law also prohibits marketing or advertising certain products based on personal information specific to a minor or knowingly using, disclosing, compiling, or allowing a third party to do so.
Delaware
Prohibits operators of websites, online or cloud computing services, online applications, or mobile applications directed at children from marketing or advertising on its Internet service specified products or services inappropriate for children’s viewing, such as alcohol, tobacco, firearms, or pornography. When the marketing or advertising on an Internet service directed to children is provided by an advertising service, the operator of the Internet service is required to provide notice to the advertising service, after which time the prohibition on marketing and advertising the specified products or services applies to the advertising service directly. The law also prohibits an operator of an Internet service who has actual knowledge that a child is using the Internet service from using the child’s personally identifiable information to market or advertise the products or services to the child, and also prohibits disclosing a child’s personally identifiable information if it is known that the child’s personally identifiable information will be used for the purpose of marketing or advertising those products or services to the child.
e-Reader Privacy
Arizona
Provides that a library or library system supported by public monies shall not allow disclosure of any record or other information, including e-books, that identifies a user of library services as requesting or obtaining specific materials or services or as otherwise using the library.
California
Cal. Govt. Code §§ 6254, 6267 and 6276.28
Protects a library patron\’s use records, such as written records or electronic transaction that identifies a patron\’s borrowing information or use of library information resources, including, but not limited to, database search records, borrowing records, class records, and any other personally identifiable uses of library resources information requests, or inquiries.
The California Reader Privacy Act protects information about the books Californians browse, read or purchase from electronic services and online booksellers, who may have access to detailed information about readers, such as specific pages browsed. Requires a search warrant, court order, or the user\’s affirmative consent before such a business can disclose the personal information of its users related to their use of a book, with specified exceptions, including an imminent danger of death or serious injury.
Delaware
Protects the personal information of users of digital book services and technologies by prohibiting a commercial entity that provides a book service to the public from disclosing personal information regarding users of the book service to law enforcement entities, governmental entities, or other persons, except under specified circumstances. Allows immediate disclosure of a user’s book service information to law enforcement entities when there is an imminent danger of death or serious physical injury requiring disclosure of the book service information, and requires a book service provider to preserve a user’s book service information for a specified period of time when requested to do so by a law enforcement entity. Requires a book service provider to prepare and post online an annual report on its disclosures of personal information unless exempted from doing so. The Consumer Protection Unit of the Department of Justice has the authority to investigate and prosecute violations of the acts.
Missouri
Mo. Rev. Stat. §§ 182.815, 182.817
Defines \”E-book\” and \”digital resource or material\” and adds them to the items specified in the definition of \”library material\” that a library patron may use, borrow, or request. Provides that any third party contracted by a library that receives, transmits, maintains, or stores a library record may not release or disclose all or a portion of a library record to anyone except the person identified in the record or by a court order.
Privacy Policies and Practices for Websites or Online Services
California
Calif. Bus. & Prof. Code § 22575
Requires the operator of a commercial web site or online service to disclose in its privacy policy how it responds to a web browser \’Do Not Track\’ signal or similar mechanisms providing consumers with the ability to exercise choice about online tracking of their personal information across sites or services and over time. It also requires the operator to disclose whether third parties are or may be conducting such tracking on the operator’s site or service.
Calif. Bus. & Prof. Code § 22575-22578 (CalOPPA)
California\’s Online Privacy Protection Act requires an operator, defined as a person or entity that collects personally identifiable information from California residents through an Internet Web site or online service for commercial purposes, to post a conspicuous privacy policy on its Web site or online service (which may include mobile apps) and to comply with that policy. The law, among other things, requires that the privacy policy identify the categories of personally identifiable information that the operator collects about individual consumers who use or visit its Web site or online service and third parties with whom the operator may share the information.
Cal. Civ. Code §§ 1798.130(5), 1798.135(a)(2)(A)
Requires certain companies to disclose specified information in an online privacy policy or policies if the business has an online privacy policy or policies and in any California-specific description of consumers’ privacy rights, or if the business does not maintain those policies, on its internet website and update that information at least once every 12 months. Requires certain companies to include a description of a consumer’s rights pursuant to Section 1798.120, along with a separate link to the “Do Not Sell My Personal Information” Internet Web page in online privacy policies.
Requires private nonprofit or for-profit postsecondary educational institutions to post a social media privacy policy on the institution\’s Internet Web site.
Connecticut
Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. The policy must be \”publicly displayed\” by posting on a web page and the policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers.
Delaware
Requires an operator of a commercial internet website, online or cloud computing service, online application, or mobile application that collects personally identifiable information through the Internet about individual users residing in Delaware who use or visit the operator\’s commercial internet website, online or cloud computing service, online application, or mobile application to make its privacy policy conspicuously available on its internet website, online or cloud computing service, online application, or mobile application. An operator shall be in violation of this subsection only if the operator fails to make its privacy policy conspicuously available within 30 days after being notified of noncompliance. Specifies requirements for the policy.
Nevada
Requires operators of Internet websites or online services that collect personally identifiable information to identify the categories of information collected through its Internet website or online service about consumers who use or visit the site or service and the categories of third parties with whom the operator may share such information. Provides a description of the process, if any such process exists, for an individual consumer who uses or visits the Internet website or online service to review and request changes to any of his or her information that is collected through the Internet website or online service.
Oregon
Makes it an unlawful trade practice if a person publishes on a website related to the person’s business, or in a consumer agreement related to a consumer transaction, a statement or representation of fact in which the person asserts that the person, in a particular manner or for particular purposes, will use, disclose, collect, maintain, delete or dispose of information that the person requests, requires or receives from a consumer and the person uses, discloses, collects, maintains, deletes or disposes of the information in a manner that is materially inconsistent with the person’s statement or representation.
Other Laws Related to Disclosure or Sharing of Personal Information
In addition, California and Utah laws, although not specifically targeted to on-line businesses, require all nonfinancial businesses to disclose to customers, in writing or by electronic mail, the types of personal information the business shares with or sells to a third party for direct marketing purposes or for compensation. Under California law, businesses may post a privacy statement that gives customers the opportunity to choose not to share information at no cost.
- California Civil Code §§ 1798.83 to .84 (\”Shine the Light Law\”)
- Utah Code §§ 13-37-201 to -203
False and Misleading Statements in Privacy Policies
Covers laws that expressly refer to false or misleading statements in online privacy policies. All 50 states also have Unfair and Deceptive Acts and Practices (UDAP) laws that can also apply to information posted online.
Nebraska
Neb. Stat. § 87-302(15)
Nebraska prohibits knowingly making a false or misleading statement in a privacy policy, published on the Internet or otherwise distributed or published, regarding the use of personal information submitted by members of the public.
Oregon
Oregon\’s law classifies the following as an unlawful trade practice if, a person, in the course of their business, vocation or occupation:
\”…(12) Publishes on a website related to the person’s business, or in a consumer agreement related to a consumer transaction, a statement or representation of fact in which the person asserts that the person, in a particular manner or for particular purposes, will use, disclose, collect, maintain, delete or dispose of information that the person requests, requires or receives from a consumer and the person uses, discloses, collects, maintains, deletes or disposes of the information in a manner that is materially inconsistent with the person’s statement or representation.\”
Pennsylvania
Pennsylvania includes false and misleading statements in privacy policies published on Web sites or otherwise distributed in its deceptive or fraudulent business practices statute.
Notice of Monitoring of Employee E-mail Communications, Internet Access or Location Information
Connecticut, Delaware and New York require employers to give notice to employees prior to monitoring e-mail communications or Internet access. Colorado and Tennessee require states and other public entities to adopt a policy related to the monitoring of public employees\’ e-mail. Hawaii prohibits employers from requiring employees to download a mobile application to the employee\’s personal communication device that enables the employee\’s location to be tracked or the employee\’s personal information to be revealed.
Connecticut Gen. Stat. § 31-48d
- Employers who engage in any type of electronic monitoring must give prior written notice to all employees, informing them of the types of monitoring which may occur.
- If an employer has reasonable grounds to believe that employees are engaged in illegal conduct and electronic monitoring may produce evidence of this misconduct, the employer may conduct monitoring without giving prior written notice.
- Provides for civil penalties of $500 for the first offense, $1,000 for the second offense and $3,000 for the third and each subsequent offense.
Delaware Del. Code § 19-7-705
- Prohibits employers from monitoring or intercepting electronic mail or Internet access or usage of an employee unless the employer has first given a one-time written or electronic notice to the employee.
- Provides exceptions for processes that are performed solely for the purpose of computer system maintenance and/or protection, and for court-ordered actions.
- Provides for a civil penalty of $100 for each violation.
Hawaii 2021 H.B. 1253
Prohibits an employer, with certain exemptions, from:
- (1) Requiring an employee or prospective employee to download a mobile application to the employee\’s personal communication device that enables the employee\’s location to be tracked or the employee\’s personal information to be revealed as a condition of employment or continued employment; or
- (2) Terminating, discharging, or otherwise discriminating against an employee for: (A) Refusing to download or refusing to consent to download to the employee\’s personal communication device, a mobile application that enables the employee\’s location to be tracked or the employee\’s personal information to be revealed; or (B) Opposing any practice forbidden by this Act or filing a complaint, testifying, or assisting in any proceeding concerning an unlawful practice prohibited under this Act.
New York Civ. Rts Code § 52-C*2 (effective May 7, 2022)
- Requires private sector employers who monitor or intercept telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage of or by an employee by any electronic device or system, to give prior written notice upon hiring to all employees who are subject to electronic monitoring.
- Provides for enforcement by the attorney general. Employers found to be in violation is subject to a maximum civil penalty of $500 for the first offense, $1,000 for the second offense and $3,000 for the third and each subsequent offense.
Colorado Colo. Rev. Stat. § 24-72-204.5
- Requires the state or any agency, institution, or political subdivision thereof that operates or maintains an electronic mail communications system to adopt a written policy on any monitoring of electronic mail communications and the circumstances under which it will be conducted.
- The policy shall include a statement that correspondence of the employee in the form of electronic mail may be a public record under the public records law and may be subject to public inspection under this part.
Tennessee Tenn. Code § 10-7-512
- Requires the state or any agency, institution, or political subdivision thereof that operates or maintains an electronic mail communications system to adopt a written policy on any monitoring of electronic mail communications and the circumstances under which it will be conducted.
- The policy shall include a statement that correspondence of the employee in the form of electronic mail may be a public record under the public records law and may be subject to public inspection under this part.
Privacy Policies: Government Websites
At least 16 states require government Web sites or state portals to establish privacy policies and procedures, or to incorporate machine-readable privacy policies into their Web sites.
| State | Statute |
| Arizona | Ariz. Rev. Stat. Ann. § 41-4151, 41-4152 |
| Arkansas | Ark. Code § 25-1-114 |
| California | Cal. Govt. Code § 11019.9 |
| Colorado | Colo. Rev. Stat. § 24-72-501, 24-72-502 |
| Delaware | Del. Code tit. 29 § 9017C et seq. |
| Iowa | Iowa Code § 22.11 |
| Illinois | Ill. Rev. Stat. ch. 5 § 177/15 |
| Maine | Me. Rev. Stat. tit. 1 § 14-A § 541- 542 |
| Maryland | Md. Gen. Prov. Code § 4-501 |
| Minnesota | Minn. Stat. § 13.15 |
| Montana | Mont. Code Ann. § 2-17-550 to – 553 |
| New York | N.Y. State Tech. Law § 201 to 207 |
| South Carolina | S.C. Code Ann. § 30-2-40 |
| Texas | Tex. Govt. Code Ann. § 10-2054.126 |
| Utah | Utah Code Ann. § 63D-2-101, -102, -103, -104 |
| Virginia | Va. Code § 2.2-3800, – 3801, -3802, -3803 |
Cookie Policy
The Sterling Firm may collect information using “cookies.” Cookies are small data files stored on the hard drive of your computer or mobile device by a website. The Sterling Firm may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them) to provide you with a more personal and interactive experience on The Sterling Firm website. The Sterling Firm use two broad categories of cookies: (1) first party cookies, served directly by The Sterling Firm to your computer or mobile device, which are used only by The Sterling Firm to recognize your computer or mobile device when it revisits The Sterling Firm website; and (2) third party cookies, which are served by service providers on The Sterling Firm website, and can be used by such service providers to recognize your computer or mobile device when it visits other websites. Cookies The Sterling Firm uses on The Sterling Firm website uses the following types of cookies for the purposes set out below:
Type of Cookie and Purpose:
Essential Cookies
These cookies are essential to provide you with services available through The Sterling Firm website and to enable you to use some of its features. For example, they allow you to log in to secure areas of The Sterling Firm website and help the content of the pages you request load quickly. Without these cookies, the services that you have asked for cannot be provided, and The Sterling Firm only uses these cookies to provide you with those services.
Functionality Cookies
These cookies allow The Sterling Firm website to remember choices you make when you use The Sterling Firm website, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of The Sterling Firm website which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit The Sterling Firm website.
Analytics and Performance Cookies
These cookies are used to collect information about traffic to The Sterling Firm website and how users use The Sterling Firm website. The information gathered does not identify any individual visitor. It includes the number of visitors to The Sterling Firm website, the websites that referred them to The Sterling Firm website, the pages they visited on The Sterling Firm website, what time of day they visited The Sterling Firm website, whether they have visited The Sterling Firm website before, and other similar information. The Sterling Firm uses this information to help operate The Sterling Firm website more efficiently, to gather broad demographic information and to monitor the level of activity on The Sterling Firm website. The Sterling Firm uses Google Analytics for this purpose. Google Analytics uses its own cookies. It is only used to improve how The Sterling Firm website works. You can find out more information about Google Analytics cookies here: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies You can find out more about how Google protects your data here: https://policies.google.com/privacy. You can prevent the use of Google Analytics relating to your use of The Sterling Firm website by downloading and installing the browser plugin available via this link: http://tools.google.com/dlpage/gaoptout?hl=en-GB
Targeted and Advertising Cookies
These cookies track your browsing habits to enable The Sterling Firm to show advertising which is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with The Sterling Firm permission, third party advertisers can place cookies to enable them to show adverts which The Sterling Firm think will be relevant to your interests while you are on third party websites. You can disable cookies which remember your browsing habits and target advertising at you by visiting http://www.youronlinechoices.com/uk/your-ad-choices. If you choose to remove targeted or advertising cookies, you will still see adverts but they may not be relevant to you. Even if you do choose to remove cookies by the companies listed at the above link, not all companies that serve online behavioral advertising are included in this list, and so you may still receive some cookies and tailored adverts from companies that are not listed.
Social Media Cookies
These cookies are used when you share information using a social media sharing button or “like” button on The Sterling Firm website or you link your account or engage with The Sterling Firm content on or through a social networking website such as Facebook, Twitter or Google+. The social network will record that you have done this.
Disabling Cookies
Disabling cookies You can typically remove or reject cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings. If you do not accept The Sterling Firm cookies, you may experience some inconvenience in your use of The Sterling Firm website. For example, The Sterling Firm may not be able to recognize your computer or mobile device and you may need to log in every time you visit The Sterling Firm website.
