Responsibility and Revenue With Website Policies

Are you unknowingly taking on liability with privacy policies? Find out your responsibility with website policies, common mistakes web designers and developers make and how to make recurring revenue with them in this discussion with Donata and Hans from Termageddon.

Donata Stroink-Skillrud is the vice-chair of the American Bar Association’s ePrivacy Committee and the chair of the Chicago Chapter of International Association of Privacy Professionals. Donata is also the president and legal engineer of Termageddon, a website policy generator that automatically updates website policies when the laws change.

Donata’s husband and cofounder, Hans Skillrud, is the vice president of Termageddon, overseeing sales and marketing. Prior to Termageddon, Hans ran a 12-person web design and software company, which he sold in early 2018. When they aren’t working on Termageddon, you can find them gardening, beekeeping or on nature hikes.

Colleen Gratzer: Welcome to the podcast, Donata and Hans. It’s great to have you here.

Donata Stroink-Skillrud: Thank you so much for having us. We’re very excited to talk to you today about privacy.

Hans Skillrud: Yeah. Nothing’s more exciting than a talk about privacy, so we are super pumped to be here.

Getting to Know Donata and Hans

Colleen: Well, first, I have to ask you about the beekeeping because my husband wants to do that too. So when did you get into that?

Donata: Ahh. I think it was two years ago that we first started with it. Yeah. And we lost one of our hives in the wintertime. So this is kind of our second batch, so hopefully, they make it through.

Hans: Yeah. If you are considering it or your husband is, I highly recommend it. It’s a very easy hobby, and it’s really fun watching your bees.

It’s amazing how conscious you become about their well-being like you just want to make sure they’re doing well all the time.

Donata: And they’re so cute. Like they’re adorable.

Colleen: Wow. Do you have like the full-body outfit to wear to go see them?

Hans: Yeah.

Donata: Yeah. We’ve had some mishaps with getting stung a couple of times.

Colleen: Oh, wow.

Hans: Yeah. We would highly recommend don’t go the cheap route with a suit. Get a good suit. They’re built for ventilation, which is a critical piece.

Donata: Especially in the summertime, yeah. And some of the suits will actually prevent the bee from stinging you. They have this metal mesh, which is protective, which is really, really nice. Because if you buy those cheap suits off of Amazon, the bee will sting right through it. No problem.

Colleen: Oh my gosh. That’s really good to know.

Donata: That’s a big lesson we’ve learned.

Hans: There’s also a lot of wonderful podcasts on beekeeping. They’re soothing. You could start your day off with a nice coffee and listen to people talk about beekeeping. That’s very peaceful.

Colleen: Oh my gosh. That’s great. Okay, well, I thought we’d start out with a couple of other fun questions too. One of those is would you rather wrestle a lion or fight a shark?

Donata: I guess I’ll go first here. Definitely wrestle a lion, because shark means I’m in water. And I don’t like deep water. I find it to be kind of scary. So I would much rather die on land than on water.

Hans: I’m actually on the opposite end. Yeah, because the only thing is I’m screwed either way. But as I’ve been told, if you punch a shark in the nose, you have a good chance of it running away.

I don’t know what to do for a lion. So I have one strategy and that happens to be against a shark. So I would choose a shark.

Colleen: I might have to add in a question that has to do with bees.

Hans: I guess I pick the bees…

Donata: Would you rather get stung by a bee or a hornet?

Hans: Oh, bee. Definitely bee.

Colleen: And if you could have any skill when you wake up tomorrow, what would it be?

Donata: I think for me the skill would be running. I don’t know if people think of that as a skill, but I’ve always wanted to be a runner to run down paths and stuff and outside, run for many miles and see things.

But I’m really, really bad at running. I will literally start crying if I have to go more than half a mile. I think running would be the skill that I’d like to be blessed with tomorrow morning.

Hans: Yeah, for me it would be being able to speak Lithuanian. It’s by far…

Donata is Lithuanian. She speaks fluently, and it is by far the most complicated language I’ve ever heard in my life. I, out of respect because she’s my wife, I want to learn it. But I’m telling you every syllable is a challenge.

Donata: Well, it’s not your fault. The ability to form certain sounds forms when you’re a child. If you weren’t forming those sounds when you’re a kid, it’s almost impossible to form them as an adult.

Hans: Yeah, it’s wild. It is a wild… It turns out, it’s actually one of the hardest languages to learn.

Colleen: Really?

Hans: Yeah.

Colleen: Well, see, I have a foreign language degree in Spanish and French, and I took linguistics classes. I’m always fascinated with languages.

Hans: Cool.

Colleen: My Spanish is spot on. My French sounds like Spanish. I cannot make the proper mouth noises, the throat noises, you know?

Hans: Interesting.

Donata: Yeah. If you ever have kids, when they’re really little, teach them those sounds, and then they’ll have at least a chance to learn one of those languages in the future.

Privacy Policies

Why Web Designers and Developers Need to Think About Privacy Policies

Colleen: Okay, so let’s dive into privacy policies.

Hans: Let’s do it.

Colleen: My first question is: why do web designers and developers even need to be thinking about privacy policies?

Hans: Yeah, I’d be happy to field that one. As a former web agency owner, I used to copy and paste privacy policies for my clients all the time and didn’t think anything about it.

That’s kind of what I’m trying to talk about web agencies is when you copy and paste privacy policies for clients, you are giving yourself no upside and a whole lot of downside.

Because if you copy and paste the privacy policy for your clients, if they’re anything like my clients, they’d be like, “Okay, thanks.” They move on with their life and never think about it again.

So you see that document you drafted for them is just sitting there. You have to deal with the new incoming privacy laws that are going into effect and so forth.

My message to web agencies is pretty clear:

When you build websites that include contact forms, or Google Analytics, that means you may be forcing that client to comply with not one, but possibly multiple, privacy laws.

Rather than treating it as not a big deal, just acknowledge that “Hey, I’m helping you collect personal information, I think you should look into getting a privacy policy,” and maybe have some solutions that you can provide them as means to generate policies for their own website.

Donata: Absolutely. Then I’d say from my end, as more and more privacy laws are passed and enacted, more and more businesses are going to be fined or even sued for privacy law non-compliance.

If you wrote your client’s privacy policy and then your client gets sued or gets fined, that’s going to come back on you. That’s going to be liability that you’re going to have to face in your business.

Whatever your client’s paying you for this privacy policy, or especially if they’re not even paying you for it, you could become liable for it. You could potentially have to shell out thousands of dollars in a lawsuit from your client.

So it’s really not worth it. Your main capability is building websites. I don’t know how to build websites, so I don’t build them.

Privacy policies are definitely something that’s better left to people who focus in that field and people who have a lot of very specific knowledge about it.

Small Clients and Small Websites

Colleen: Some designers might say, “Oh, well, I’m just building a small brochure site,” or “I’m not concerned with that.”

So do all web designers and developers need to be concerned with these policies?

Hans: Yeah. Whenever someone thinks like, “Oh, my client’s too small for this,” or something like that, I think that’s when they’re stepping over a line that they didn’t need to step over.

They’re making an assumption they didn’t need to make. They’re making a decision for that business or for that individual who owns that website.

The fact is there are multiple privacy laws already in existence that say if you process the data of people of certain states in the U.S. or countries or continents, you may be required to make certain disclosures on your privacy policy by law.

If you have a contact form, and you’re collecting personal information from residents of California, for example, you may need… You already need to comply with CalOPPA, one of California’s multiple privacy laws.

Donata: Yeah, I definitely agree with that statement. You can’t make that decision for your client.

That’s a decision that they should make themselves whether or not they want it. Because most privacy laws don’t specify that your business needs to be of a certain size, don’t think that your client’s too small to get a fine.

Hans: Yeah. The message we want to send is don’t just don’t make decisions… It’s up to your client to comply with privacy laws.

It’s not your job. It’s their job. But by you thinking, “Oh, they’re too small for this,” that’s where you’ve made a misstep because you help them collect personal information by building out tools so that the website can collect name and email from contact forms, or collect IP addresses for Google Analytics purposes.

If I was still running my agency, I would run just a strict, “Hey. Here’s my website policies waiver. You have to sign this acknowledging that I told you that you may need to have a privacy policy now for your website.”

We’ll even make it that simple. Don’t try to make decisions for the client. Let them make the decisions.

Liability for Privacy Policies

Colleen: So, Donata, you’re an attorney. You were saying earlier as a web designer or developer, the client could come after you if you’re not including that on the website. But then you’re saying it’s the client’s responsibility ultimately or…?

Donata: Yeah, so let me preface this with this is not legal advice.

Colleen: Sure.

Donata: But I’ve spent a lot of years writing contracts for web agencies and reviewing contracts for web agencies. That’s actually what I did before Termageddon.

Your relationship with your client and your liability as it relates to that client depends on the contract that you signed with them, right?

A lot of agencies have contracts that are really bad.

I don’t mean to freak anybody out here, but you should check your contract to see what your liability is.

I’ve seen some agency contracts that say that the agency is going to make sure that the website complies with all applicable laws, rules and regulations, which means that if your client gets fined or sued for a bad privacy policy on that website or accessibility issues, then that agency is responsible for that because you breached your contract.

In a lot of those cases, you can be held responsible for that. A lot of agencies don’t even have contracts with their clients.

If an agency is providing a legal document to a client, and that client takes it and puts it on their site and thinks that the agency has sufficient knowledge, then the agency can become liable if that privacy policy is not accurate.

I’d say as an agency, it’s kind of a two-part thing that you need to do. So part one is check your contract, make sure that you’re not liable for all this stuff, make sure that you’re not making promises that you can’t keep.

Two, make sure you tell your clients in writing that they need to have a privacy policy some potential solutions for it. Because failing to do so can really put your own business in jeopardy.

Other Types of Website Policies

Terms of Service

Colleen: Besides a privacy policy, are there other types of policies that you think should always be included on a site?

Hans: I love adding a terms of service to virtually any website.

A terms of service, AKA a terms and conditions — those mean the same thing… I didn’t know that up until like three years ago.

A terms of service sets the rules to using a website and why I love a terms of service for any website is for two reasons.

Number one, a terms of service can say, “Hey, we offer links to third-party websites. We’re not responsible if you click on one of those links.”

So what that means is like, “Hey, if you click on a link to a third-party site, and that site’s hacked, and you get hacked, you can’t come back and sue the website owner that brought you to that link.”

A really good example is church websites that offer links to no-name donation pages, where you can make a donation, give money to the church. With a lot of those donation platforms, people are putting in their credit card information and all that stuff.

Well, if that site gets hacked, you don’t want that liability to be brought back to who they’re donating to.

DMCA disclosure

Hans: Another reason why I like terms of service is what’s called a DMCA disclosure. It’s under the Digital Millennium Copyright Act.

It basically is a way to help limit your liability by stating, “Hey, if we are infringing on your intellectual property, please let us know. Here’s all our contact information.”

What this can do is help a business from being successfully sued for copyright infringement. So incorrectly using imagery or content on their website by having a DMCA notice, you give a disclosure to your website audience saying, “Hey, if we’re doing anything wrong, just let us know and we’ll fix it.”

Giving you a chance to significantly reduce your chances of being sued.

Donata: Yeah, and basically, you can resolve that.

Somebody will email you saying, “Okay, you’re using our logo without our permission.” They’ll email their evidence and all of that. You can amicably resolve that without ever having to go to court, and that’s a really big benefit.

Also, with a terms of service, you can really kind of keep control of your website as well and answer some commonly asked customer questions.

If you’re running an e-commerce store, you can provide information about refunds, cancellations, all of that stuff.

If you’re doing subscriptions, you can provide all of those disclosures to make sure that you can automatically charge people’s credit cards for the subscription.

Then also, if people can make comments on your website, you can specify what types of comments they’re allowed to make and what types are not.

For example, they couldn’t write something that harasses others or infringes on the rights of somebody else. Basically just allowing you to keep your website a nice and clean place that’s welcoming for everyone.

Personally Identifiable Information

Colleen: A lot of these policies address what’s called personally identifiable information. And can you kind of go into some of that, because I think that some web designers and developers kind of think, “Oh, well, my client just has a contact form, and they’re just getting name and email, nothing beyond that, no credit card, so we don’t have to worry about that.”

So could you go into that a bit?

Donata: Yeah, absolutely. I think it’s a huge misconception in the industry.

People think that if they don’t sell it, they don’t share it, then it’s totally fine. They’re not subject to any privacy laws.

Unfortunately, that’s just really not true. I kind of wonder where this rumor came from.

But basically, personally identifiable information, also called PII, is any data that could identify someone.

So examples of PII are names, emails, phone numbers, physical address, IP address, stuff like that.

Basically, if your website collects those through a form or, for example, through Google Analytics, that’s when privacy laws can start applying to that website.

You don’t need to sell that information. You don’t need to share it. You don’t even need to use it. It’s basically the moment that you collect that information. That’s when privacy laws can start applying to you.

Who GDPR Applies To

Colleen: And then who needs to consider GDPR? Because that is a big topic now.

Donata: Yeah, absolutely. So GDPR has been around since… Well, it was enacted in 2018, and we’ve seen some complexities with GDPR when it comes to Brexit. But I won’t get into that just because it’s gonna be way too complicated and boring for everyone else, except for me.

Try to keep it simple. So basically GDPR will apply in three cases.

Case one, businesses that are located in the E.U. So if you’re located in the E.U., GDPR applies to you. There’s nothing you can do about that.

Case number two is websites that offer goods or services to European Union residents.

Now, that doesn’t mean just because your website is accessible from Europe that you offer goods or services to Europeans. Your website has to be offered in E.U. language. You have to accept payments in euros, or if you ship to Europe or you provide directions from Europe — things like that — or you have testimonials from customers from Europe on your website. All of those things.

Then case number three is if you monitor the behavior of E.U. residents from your website.

For case two and case number three, you don’t actually have to be located in the E.U. I can be located in Illinois, and the law could still apply.

Case number three is where most websites get caught up in GDPR compliance.

So, basically, if your website has analytic services like Google Analytics, you are tracking the behavior of E.U. residents online potentially, because Analytics just starts tracking people. It doesn’t really care where you’re located.

That’s the umbrella under which most companies fall to be required to comply with GDPR.

If you have analytics or if you offer goods or services to E.U. residents, and you’re not located in the E.U., that’s when you need to start worrying about GDPR.

Hans: And I think GDPR, obviously, was the hot item for all people in the web industry. But I think very few people realize the fact that there’s over a dozen privacy bills in the U.S.

Colleen: Wow.

Hans: States like New York have proposed bills which will enable their citizens to sue any business of any size located anywhere for collecting as little as a name and an email on a contact form without a proper privacy policy.

Colleen: Wow.

Hans: New York has multiple privacy bills, and several of them have that in there.

So the fact is privacy’s… It kind of started in Europe, but, well, technically, California has had one for a very long time.

But the trend really started with Europe, and now in the U.S., we don’t have a federal law. We have individual states proposing their own unique privacy bills. Most of them can apply to any business located anywhere.

If you have a website and you’re collecting personal information, like a contact form, you may need to comply with each and every one of these.

That’s crazy to us. I think it’s… I love the fact that people have a right to privacy, and more and more people are getting those rights. But as a small business owner and as someone who has helped small business owners his entire career, I am frightened at the idea that a small business owner is going to have to somehow strategize to keep up to date with all these moving privacy bills and laws and keep their policy up to date to avoid a fine or even a lawsuit.

Donata: Yeah. So currently, there are some privacy laws in the U.S. that are already in place. Nevada, Delaware and California have their own privacy laws.

I think what’s important to note about these privacy laws is people think, “Okay, I’m not located in Nevada. I’m not located in California. That means I’m fine.”

But privacy laws were created to protect consumers and non-businesses.

What that means is that they have a very broad reach and can apply outside of the states in which they were enacted.

For example, one of California’s laws applies to any website that collects the PII of California residents. Now, as we know, anybody from anywhere could go to your website and submit their information on your contact form. So that law will apply to basically any modern website with forms or analytics on it.

I think it’s important to note that right now, we do have over a dozen proposed privacy bills as well. So for example, this morning, Washington proposed its own privacy bill. It’s the second one that is proposed. You can actually see the tracker on our blog.

It’s funny because I have to update that thing almost every other day or almost every week. It’s something that would be very difficult for small business owners to keep track of without additional help.

You don’t really have the time to spend an hour each day on privacy laws.

Colleen: Yeah, totally.

Well, so when we were talking about GDPR applying to E.U. residents, I thought there was something that even if they weren’t a resident of the EU. If they were a citizen of the E.U., and they lived in the United States, GDPR would still apply to you.

Donata: It is possible, yes. But it’s a little bit more murky there because it’s technically the lives of residents. I mean, you can live in the U.S. and still be a resident of the E.U. That is possible under various immigration laws.

Colleen: Oh that’s true. Lawful permanent resident.

Donata: Yeah. So it’s pretty complicated. But I guess for what most website owners need to know is those three cases, so like offering goods or services being located in the E.U. or tracking E.U. residents online.

Colleen: What you were describing earlier sounded like you have to intentionally target or intentionally serve that group of people. Is that right?

If they just randomly happen on your site, just because they have access to the internet… They can come across your site. That doesn’t necessarily mean that GDPR applies?

Donata: That’s correct. Yeah. That would be assuming that you don’t have analytics on your site.

If you don’t have analytics on your site, which I think most websites nowadays do have that… It’s pretty standard to have that installed by default.

But let’s say you don’t have analytics, then, yes, it definitely needs to be more than just having a website that’s accessible in the E.U.

Privacy Laws in the U.S. and Other Countries

Colleen: Do you find that privacy laws in the United States and other countries are pretty similar to one another? Or do they vary quite a bit?

Donata: Wouldn’t that be nice? I would love to have mostly similar privacy laws everywhere because that would make my job so much easier.

I guess the first comparison would be U.S. to the E.U., right? The privacy laws that are passed in the U.S. are wildly different than the privacy laws that are passed in the EU.

The way the E.U. approaches privacy is basically the consumer has a choice, and they can affirmatively select, yes or no, like, “I want to provide my information,” “No, I don’t want to provide it.” If you say no, then that information is not collected.

In the U.S., we do more of a notice approach. So, basically, if the consumer gets a privacy policy and they’re notified of everything that’s happening, then the business can do essentially whatever they want. Those are kind of the main philosophical differences between those two areas.

In the U.S., we see a lot of privacy bills that are relatively similar. California passed a new privacy law and went into effect last year, the California Consumer Privacy Act. So you’ll see some states that are essentially taking like a carbon copy of the CCPA, replacing California with — for example — New York and submitting that as a privacy bill.

You’ll see a lot of that happening. But there are some states that are taking their own path forward and are writing these bills from scratch with ways that they think would be more beneficial to their consumers and businesses as compared to the CCPA.

So we’ll see some similarities in the U.S. between different states, but definitely huge differences between the U.S. and Europe and other countries.

Who Disclaimers Apply To

Colleen: Besides those types of policies, what about disclaimers? Who do those apply to?

Donata: Disclaimers are basically meant to limit your liability in certain cases.

For example, if your website provides information that could be seen as legal advice, if you’re providing fitness and nutrition tips, if you’re selling medical products or like potentially medical products, such as supplements, or if you’re participating in affiliate programs — all of those — we definitely recommend a disclaimer to our customers.

Obviously, not all businesses undertake things like that.

Mistakes Web Designers and Developers Make With Website Policies

Colleen: Sure. Now, besides not having these policies on the site, what are some mistakes that you see web designers and developers making with these types of policies?

Hans: The number of…

Donata: Ohh. Can I go with my favorite mistake?

Colleen: She can’t even wait.

Donata: Sorry, I’m really excited about this question.

The most common error that I see web designers make when it comes to these policies is combining policies together.

So they will have… In the footer, they will have something that says, “Legal Notices,” and then you’ll click into that. It’s a combination of a privacy policy and a terms of service.

This is a huge mistake because privacy laws specifically state that the consumer must be notified of the privacy policy. They must see it. It must be easy to find.

They specifically say that if you’re going to hyperlink to the policy in your footer, it needs to say, “Privacy Policy” or “Privacy Notice.” Saying “Legal Notices,” people don’t know what “legal notices” mean. They might think it’s your tax ID or your FEIN number or stuff like that. People don’t automatically connect “legal notices” to “privacy policy.”

Then also privacy laws say that if you combine a privacy policy with other agreements, such as a terms of service, that’s very confusing to the consumer. Then you will not be able to prove that the consumer consented to your privacy policy because you combined these documents together.

If I can give you any piece of advice, it’s:

Do not hide the privacy policy. Make sure that it’s clear and visible and conspicuous to consumers, and don’t combine it with other policies.

So that’s my spiel.

Hans: Awesome. That’s good. That’s a great one.

The biggest mistake I’m seeing with web agencies is web agencies not having the conversation about website policies with their clients. I’m guilty as charged. I think I was intimidated by them.

I just tried to act like they didn’t exist. If my client asked for them, I would just try to find a template online.

I think, five years from now, we’re gonna look back at these times and be like, “Remember when we just told a company, ‘Sure, you can collect all the information you want and don’t worry about any of the repercussions.’”

I think about, like an SSL certificate, five years ago, we knew an SSL was nice for e-commerce websites, and then anything else was above and beyond.

Nowadays, you go to a website that’s not secure, you don’t feel secure. I think we’re gonna see the exact same trend with privacy.

Privacy is becoming a bigger deal, not a smaller deal.

Colleen: Like accessibility!

Hans: Yeah, like accessibility — a great one.

So my biggest piece of advice to agencies is rather than trying to avoid the conversation about privacy or thinking, “My client’s too small. I don’t need to stress about this at all…”

All you’re doing is adding more liability to your agency. When you think along the lines… Rather than trying to avoid it, I vote embrace it.

And there’s cool tools like Termageddon out there — not to plug us or anything. But there’s really powerful tools that are literally built for web agencies to help them make some recurring revenues while offering a policy generator solution to clients.

Donata: Yeah, and I also say, if you do want to talk to your clients about this, you don’t necessarily need to go out and get a law degree or become a certified information privacy professional.

All that you need to say is, “Hey, here’s your website. It has a couple of forms. It has analytics. You’re collecting PII. I really think you should look into getting a privacy policy.”

[ Cat meows ]

I’m sorry, that’s our cat.

It doesn’t have to be… Sorry.

Colleen: That was purr-fect!

Donata: It doesn’t have to be a complicated conversation. You don’t have to know the names of all the privacy laws or all the privacy bills. Just tell your clients.

I would definitely suggest you do so in writing so that there’s record of it.

Hans: Yup.

Why Termageddon Started

Colleen: So how did you all get into this? Because I know, Hans, you had a web agency and, Donata, you’re an attorney. This seems like the perfect match for you all personally and professionally.

So how did you switch to going from a web agency into privacy policies?

Hans: Yeah, so Donata and I were dating, and over dinner, I was telling her how I copied and pasted privacy policies for my clients.

Colleen: Oh no.

Hans: In standard Donata fashion, she was like, “Well, you’re gonna stop that immediately” and explained to me just how bad of an idea that was.

After talking, I was like, “Donata, I don’t think I’m the only agency doing this.”

From there, we came up with the idea. It was a back-burner project for years for me. But I decided two years ago, “You know what this Termageddon thing could be big,” and I love working with my now-wife. So let’s go full time.

We made that decision about two years ago and are very happy. We have about 4,000 web agency partners, spanning the U.S., Canada and U.K.

Colleen: Wow.

Hans: Yeah. We’re just here to help educate people and try to help agencies not screw themselves over.

Website Policy Generators

Colleen: Yeah. Well, there’s some free term generators out there. What should a web designer and a developer look for when they’re picking a free versus a paid terms generator?

Hans: Yeah, absolutely. I’m a big believer in the statement, “You get what you pay for in life.” And I think privacy is no different.

The fact is the best option is actually hiring an attorney that specializes in privacy, who monitors privacy bills and keeps your website up to date.

Now, that being said, I’ve heard quotes anywhere from $10,000 to $50,000 a year for such a service.

Colleen: A year?

Hans: Yeah, correct. A year. Plus, the fact that they have to constantly monitor it.

Donata is not kidding when she says she spends all of her time monitoring privacy laws. It is a full-time job.

So that’s one end of the spectrum.

I think that’s completely out of scope for the majority of clients that web agencies serve.

Then it comes down to a website policies generator like Termageddon.

The reason why I like Termageddon over free templates or really any generator out there is that a tool like Termageddon will help you identify what privacy laws you actually need to comply with. This is something that gets forgotten.

But I am not familiar with a single free template on the Internet. I throw my challenge out there to anyone. I’m not familiar with a single template out there that complies with all privacy laws or a select few.

So when you select a privacy policy type free template, you are basically playing a game of roulette in the hopes that it is a template built for the privacy laws you actually need to comply with.

A good example of this is the fact that the California Consumer Privacy Act applies to — I’ll just say — larger businesses. We can go into detail what that exactly means.

But under certain criteria of the CCPA, if you match certain criteria, you have to provide a toll-free telephone number for people to opt out of their information being collected.

I struggle to believe a template that provides that — well, maybe you don’t make $25 million in revenue, so you don’t even need to be CCPA compliant… There are other factors that go into that.

But the picture I’m trying to paint is the fact that templates don’t adjust to what your actual needs are. My thought is, well, if you’re not compliant, then you’re not achieving your objective.

You are just trying to answer the question, “What should I do for a privacy policy?,” when your real question you should be answering is “How do I not get fined or sued for privacy law non-compliance?”

Donata: Yeah. And so from my point of view, if you’re considering a free privacy policy generator, you should generate your policy with them. You really should, because what you’re going to see is the minute that the questions start appearing on your page, you’re going to see the question, “Are you a business?” and then you’ll probably see, “Okay, that’ll be an extra $20” and GDPR compliance, okay, that’ll be an extra $50.

Mobile protection, which I don’t even know what that means… I guess it means that a privacy policy displays on mobile, which I don’t understand why it wouldn’t.

Hans: It’s bizarre.

Donata: But that’s going to be extra, so you’re actually going to end up with like a $400 or $500 bill at the end.

I think that’s very important to know that a lot of these free generators aren’t actually free when you start answering the questions.

Then also what I would check for is I would check when’s the last time that they’ve updated their solution.

New privacy laws are passed all of the time. If the company that you want to use the template from is not talking about these privacy bills, and is not notifying you when they come out, and it’s not automatically updating your policy, your policy that you downloaded could be out of date in a month or less.

I’d really make sure to see who created this generator as well. Make sure that they have at least a privacy attorney on staff. See how often they’re updating their client’s policies. See how often they’re talking about privacy bills and what’s happening with privacy.

And make sure that you don’t get suckered in to something that’s free that ends up costing you hundreds and hundreds of dollars in the future.

Colleen: Well, I’m using Termageddon for both of my business websites now.

I have to say, I’m pretty good with some of the legal terminology because I’ve worked for lawyers in the past. But I really appreciated how I sent Hans a message on Facebook, and he jumped on a call with me the next week just to make sure that what I filled out was correct and appropriate.

It was great, and it helped me understand things better as well. I just feel relieved after having that on there because now I know that putting that short code on those web pages is going to automatically update. I don’t have to go back and re-edit the terminology or the laws or whatever every single time.

Hans: That’s awesome. I appreciate you saying that.

I think the relief that you feel is certainly something I’ve heard several times.

I do just want to remind everyone that we don’t provide legal advice. I just help you through our platform.

But I feel like I see a lot of eyes open whenever I do a video chat when I explain when someone submits a contact form, okay, you already know you’re collecting name and email.

But usually a backup gets stored in the content management system, AKA WordPress. So that means you’re sharing data with your content management provider.

Usually, when a form gets submitted, you add that lead to your sales management tool — your CRM. You need to say that you share data with your CRM.

Also, when forms get submitted, you may add those emails to an email newsletter provider, meaning you’re sharing data with email newsletter or email marketing providers.

So just the simple act of submitting a form… I’ve showed how quickly that data does get shared.

A lot of companies say, “Well, I don’t share any data.” The moment I hear that I know that we’re gonna have to rethink about what it means. I think what people think is “I don’t sell data.”

Colleen: Yeah.

Hans: I would agree to that. Most businesses do not sell the data they collect. But sharing? Oh, man that, any well-built website is sharing data. I’ll guarantee it.

Colleen: Yeah. It’s very helpful to clarify that. Yeah, yeah. Cause, I think I was thinking the same thing about that.

Hans: And you’re not alone. I would say it’s 99% of the people I speak with are of that mindset.

It’s just because… As a former web agency owner… You’re just trying to solve problems for clients, you’re trying to give them website analytics tools, so they can understand how their website performs and perform updates to improve the conversions.

You have contact forms to help generate more business and get online exposure. We just have to accept reality. Personal information is now being regulated.

Rather than trying to avoid it, I vote embrace it. Help your clients out. Make some money while doing it. Everyone wins moving forward.

Adding Value to Your Website Builds With Policies

Colleen: Yeah, it’s definitely a great way to add value to the sites that you’re building.

Because maybe there’s a lot of web designers and developers… Well, I’m sure there are web designers and developers not thinking about this.

If you’re the one talking about it with the client — this is the same thing I say about accessibility… If you’re the one bringing it up, you’re the one that looks more like an expert against the ones that aren’t bringing this up.

Hans: 100%, a 100%. If I was a small business owner, and I got a quote from two web developers to build out a new website, all else equal, if one person’s talking about the importance of privacy, and the other person just doesn’t address it at all, I’m gonna ask the person who talked about privacy, “Hey, tell me more about this.”

Then I’m gonna talk to the person who didn’t bring it up at all and be like, “You quoted out building me analytics and a contact form. Why didn’t you talk about website policies? Do I not need one with your website?”

I’ve come to learn over the years having knowledge about the little details like that is what builds trust with clients.

Colleen: Yeah.

Hans: I can’t tell you how many times I had to deal with DNS records that were completely unrelated to a website. But just because I had an idea of what CloudFlare was and how that works, I was able to answer client random questions along those lines.

Those little tidbits of knowledge go a very long distance with people. That’s what builds trust and loyalty.

Colleen: Well, this has been really insightful. I’m sure so many people are gonna find this helpful.

I think you really broke it down into plain-English terms that are going to make it so much easier and less intimidating for web designers and developers to implement these policies.

So thank you so much for coming on.

Hans: Absolutely.

Donata: Of course, thank you so much for having us and for being forward-thinking enough to talk about privacy, because it’s a very important issue.

About Termageddon

Colleen: It definitely is. Let’s remind everybody where they can find you online.

Hans: Yeah, absolutely. I would love for anyone still listening to register at Termageddon.com. Check out our Agency Partners page and fill out the form there. We’ll give you a free license forever. Mention this podcast and we’ll hook you up with an extra free license.

We do that in the hopes that you want to protect your own website. Then, if you like our solution, offer us to your clients.

We provide free website policy waivers to help you limit your liability and help your clients.

Yeah, I’m rambling here, but…

Donata: And give you a way to make more recurring revenue.

Hans: Yup, through our reseller and affiliate programs. Then in our footer of Termageddon.com are all our social media links. We constantly tweet about new privacy bills, new privacy laws…

Colleen: Great. Thank you so much.

Hans: Thank you so much for giving us a platform to share this message.

Donata: Yeah. Thank you for having us.

Originally published as a podcast and transcript at https://creative-boost.com/website-policies/