Privacy & Cybersecurity
GDPR, CCPA, breaches, data compliance.
Frequently asked questions
Plain-English answers to the most common privacy & cybersecurity questions. For a cited answer tailored to your state, open it in the research workspace.
Do I need a privacy policy on my website?
If you collect any personal information (even names, emails, or analytics/cookies), you very likely need a privacy policy — several laws and app-store/ad-platform rules effectively require one. It should explain what you collect, why, how it's used and shared, and users' rights.
What are my rights under the CCPA/CPRA?
California's privacy laws give residents rights to know what personal information a business collects, to delete it, to correct it, and to opt out of its sale or sharing. Covered businesses must honor these requests and can't unlawfully discriminate against you for exercising them.
What must a business do after a data breach?
Most states require notifying affected individuals (and sometimes regulators) without unreasonable delay when personal information is exposed, and specific timelines and content requirements vary by state and sector. A prompt investigation, containment, and documented response are essential.
What is GDPR and does it apply to me?
The EU's General Data Protection Regulation governs personal data of people in the EU/EEA and can apply to businesses outside Europe that offer goods or services to, or monitor, those individuals. It requires a lawful basis to process data and grants strong individual rights.
What is HIPAA and who must comply?
HIPAA protects health information and applies to "covered entities" like healthcare providers, health plans, and clearinghouses, plus their "business associates" who handle that data. It sets privacy and security rules and breach-notification duties for protected health information.
More popular questions
Tap any question to get a cited, QC-verified answer in the research workspace.
