Consumer Privacy Concerns In Self-Storage

Posted by Ashley Oblinger on Aug 6, 2021 12:00:00 AM

One of the bigger issues facing both companies and their customers (and even potential customers) today is the collection, retention, and possible dissemination of information and other data through websites (and apps). The type of information collected through websites that has garnered the most attention is personal information (any information about an individual, including name, address, e-mail address, phone number, social security number, and date of birth) and more technical data such as usage (how and when customers access/use the website), analytics, and cookies (to track computer settings, IP addresses, browser type, time, etc.).

As more and more self-storage operators use websites to attract customers and complete the rental agreement process, those operators are most likely collecting personal information and other data from customers through the website. If you collect any personal information from your customer though your website (or app), you may be required by law to have a privacy policy for your website.

A privacy policy is essentially a legal document, provided on a website, that describes what information and data the business will collect from its customers through the website and how the business collects, uses, protects, and/or shares the information and data it collects with others. While there is no federal law in the United States requiring a business to include a privacy policy on its website, many states have addressed this issue head on by enacting laws requiring some businesses to have privacy policies on their websites. California and New York were two of the first states to enact such laws, but a number of other states have followed suit and have either passed data privacy laws that require the inclusion of privacy policies on websites or have proposed data privacy laws waiting to be passed. In fact, at least 16 states have recently introduced legislation on data privacy.

Most of these laws or proposed laws grant similar rights to the consumers and have similar requirements on the businesses. Consumers are often given the right to know what personal information is being collected about them, to know if that information is going to be sold and, most importantly, to control and limit the disclosure and sale of their information to third parties.

With regards to requirements on the businesses, these laws generally apply to businesses that fall into specific categories (for example, the size of the company or amount of annual revenue). If a company falls into any of the specific categories within the law, the company must implement practices to protect the consumer data they collect and implement procedures to allow consumers the ability to recover their personal information and stop the sale of their personal information to others. Depending on the state, these data privacy laws may require businesses to permit consumers to request access to their stored data, restrict the sale of data to others, and provide safeguards to protect the security, confidentiality, and integrity of their customer data.

It is also important to note that, since these data privacy laws apply to residents of the state, if your company has customers who are residents of that state or if you do business in that state, you are required to comply with that state’s data privacy laws no matter where you are located. Furthermore, a violation of the state data privacy laws usually subjects the company to potential fines, and often the fines can be levied per violation.

There is an ever-increasing burden now on companies to protect their customers’ data and a resulting increase in potential liability to companies for failing to properly and adequately safeguard their customers’ data. Depending on the state where your business operates and where your customers live, you may be obligated to comply with state data privacy laws, which could require you to have a privacy policy on your website. It is a great time to familiarize yourself with your state’s data privacy laws (and all states in which you have customers) to see if you need to add a privacy policy to your website or  update your existing privacy policy.


Ashley Oblinger is an attorney in the law firm of Weissmann Zucker Euster Morochnik & Garber P.C. in Atlanta, Georgia. Ashley specializes in business law and self-storage law, advising self-storage facilities throughout the country on all legal matters, including lease preparation, lien enforcement, tenant issues, tenant claims defense, and employment policies. He can be reached at (404) 760-7434 or