Realize It or Not: You Must Comply with Privacy Laws

While this may not be the most entertaining thing you read all day— if you own or manage a website, it just might be the most important.

privacy law

Kyle Van Deusen

Since its inception, the internet has had the flair of the “wild west”. In those days it seemed outlaws are always one step ahead of the law, but in today’s world it’s technology that stays ahead— and that changes 100 times faster than laws (and lawmakers) can keep up with.

Companies are consuming personal information on millions of customers, and since almost everything has become digitized, this means that your personal information is floating around in cyberspace with little oversight and greedy corporations that can capitalize and profit from it.

But in the last few years we (“we” as in the general public) have started to find out just how much of our personal information companies are collecting, sharing, and selling which has caused a lot of worry.

Breaches, like the famous Cambridge Analytica scandal (they harvested personal data from millions of Facebook accounts (without consent) and used it for political advertising in the 2016 election), have brought this to light and it seems that now governments are willing to step in and provide some protections for the citizens.

In this article you’ll learn why I trust Termageddon to provide compliant policies for my customers and myself.

I’ve recently been accredited as a Data Privacy Certified Agency, which required me to take a test over my knowledge of data privacy (scored a 100%, wahoo!).

Data privacy certified agency
Data Privacy Certified Agency

What’s being done about the mishandling of private data?

The European Union was one the first places to make a sweeping law change (called GDPR) forcing companies (of any size) to report what information they are collecting and what they do with it. You may have noticed more and more and more websites asking you to agree to their policy or notices when you first enter their website— that’s thanks to GDPR.

Even though it’s taken more time, United States law makers are starting to make progress towards more transparency with your personal data (clearly stating what data you collect and what you do with it)— with some states already passing laws to protect their citizens and dozens more making their way through legislation.

It seems individual states are making progress quicker than the Federal government— which means that instead of one set of guidelines to govern us all, website owners are now forced to comply with many individual laws from different states.

Even if/when the federal government puts something on the books, State laws can still supersede those laws (yeah, law is confusing).

What does this mean for you?

As someone who owns or manages a website, it’s likely that many of these laws apply to you and your website, even if the laws aren’t in the books of the state you operate from.

The majority of the laws being passed are done to protect the citizens of a specific state or country, and worded (paraphrasing here) so that any website that is accessible from citizens of those areas must comply.

In other words— California’s new act might apply to you in Texas even though your business doesn’t operate in California.  Your compliance is required because people in California are able to access your website.

What are the consequences of non-compliance?

Using the new California Consumer Privacy Act (CCPA) as only one example, the penalty for non-compliance is up to $7,500 per infringement— and an infringement can come from each and every Californian who visits your website.

With nearly 40 million people in California alone, and American’s appetite for litigation, it’s clear that this isn’t something you want to put your company at risk of— no matter the size (or your ability to do math).

Does your website need to comply?

While there’s no blanket answer for this without looking at your website individually, it’s a safe bet that your website meets the criteria and is legally obligated to company with dozens of laws that you probably didn’t even know existed!

If you have an eCommerce store, use Google Analytics, or even have something as simple as a contact form (so people can send you an email directly from your website) there are laws already in effect that you are obligated to comply with.

This means that the vast majority of small business websites are subject to compliance— including most of my customers.

How do you comply with privacy laws?

This can get fairly complicated quickly— but essentially you need to have a Privacy Policy (and in some cases a Terms of Use document and Disclaimer) that states (in legalese) what data you collect, what you do with it, and how people can request you erase their data.

These documents are most commonly drafted up by lawyers, and are specific to your website (meaning a “generic template” just won’t do). While there are hundreds of generators and templates on the market willing to take a quick buck from you for a policy— most of these don’t actually comply with the laws that are being updated, changed, and created every day.

If you opt to go the safe route and hire a lawyer to write your privacy policy, you’ll want to keep them on retainer— as you’ll need to have them update your policy any time Nebraska, New Hampshire, Oregon (or any other governing body in on the globe) passes anything new.

Unless you are the lawyer on retainer— this isn’t welcome news.

The most cost-effective & complaint solution

I’m not sure lawmakers think of the logistics of these things and the impact this will have on small businesses who can not afford to either comply or not comply.

The fines for non-compliance seem to be aimed at large corporations, as racking up only just a few of them could bankrupt many of the 28.7 million small businesses in America—but there’s no exception for a mom-and-pop shop.

A lawyer is going to cost you a few grand to draft a policy, and will happily invoice you whatever they please to update it continuously.

Luckily, I’ve found a much more cost-effective way to protect your business— it’s called Termageddon.

Termageddon was founded by a privacy and technology attorney, and offers a solution unlike anyone else on the market.

For just $10 per month, you can have compliant policies (privacy policy, terms of use, disclaimers, and more) that are specifically generated for your website and stay up to date as laws across the globe change.

How, you ask?

Using their policy generator you answer a few questions about your website and the type of data you collect. This process takes less than 5 minutes, and when you’re done you’re given an “embed code” (code for your website) that will embed your policy on your website.

Because the policy isn’t hosted directly on your website (it’s embedded on your website and being delivered from Termageddon’s servers) Termageddon is able to update your policy remotely— and this is the key.

They are able to, as a single entity, stay up to date will all the changing laws, publish revisions to their policies globally, and push those updates to you instantly— ensuring that you stay compliant no matter what new laws come into effect.

Termageddon will gladly (and personally!) walk you through the entire process and even help you generate your policies. When new laws go into effect, it’s sometimes required that you answer a few new questions. When/if that happens, you’ll get an email notifying you of the updates and prompting you to login and answer the new questions.

Did you know that if you have a contact form on your website that you are collecting personally identifiable information (PII)?

Several states have already passed privacy laws to protect the PII of the consumers of those states. These laws require most websites that collect PII to have a privacy policy.

On top of that several other states are proposing their own privacy laws, each with their own unique requirements for what your privacy policy needs to disclose as well as unique penalties for not complying.

Some states are proposing businesses be fined over $5,000 per violation, per website visitor. Others are proposing “private right of action”— meaning citizens of that state can sue businesses anywhere in the US for not having a compliant privacy policy.

These laws are created to protect the consumers of those States, not the businesses. In other words, your business doesn’t have to be located in that state for those laws to apply to you.

That is why we created Termageddon.

With Termageddon you can generate a privacy policy for your website in less than 15 minutes. What makes Termageddon special is that when the laws change we automatically update your policies for you, helping you stay compliant and avoid fines and lawsuits.

We protect your website for $10 per month or $99 per year— saving you both time and money.

— Termageddon

I’m using Termageddon to protect my company— and my customers.

I first signed up with Termageddon in April of 2019, when my company’s website had a very generic (and “borrowed”) privacy policy.

Within just a few minutes I had a fully-compliant policy on my website and felt instant relief that I was protected.

I emailed Termageddon back to thank them and compliment them on their work (I’m telling you, I was impressed!). Within just a few minutes I was on the phone with co-founder Hans Skillrud.

Because I spend quite a bit of time networking and collaborating with web developers across the globe, I was anxious to share my find with my colleagues.

Since then, I’ve introduced hundreds of web agencies and business owners to Termageddon, and started protecting my clients with their policies (which I help them setup and implement for free).

In October of 2019 I was able to meet with Termageddon’s co-founders (turned engaged couple— Hans and Donata) at a WordPress event in Fort Worth.

Besides providing a fantastic service (that is so desperately needed), they are two humble and wonderful people. While that may not seem important to this article, I always enjoy supporting companies with a clear mission and passion to help their customers— and Termageddon has that in abundance.

For nearly a year now, Termageddon has been nothing but fantastic— and their company is growing and gaining recognition for its innovative and effective system.

What you should do next

If you don’t have a privacy policy, or you have one but you’re not sure if it’s compliant— reach out to me and let’s have a chat.

You can go through Termageddon directly and embed the policies yourself, or I’ll be glad to work with you personally, as an official Agency Partner of Termageddon, to ensure your policy is complete (and applicable to your website) and embed the policies for you (which is what most people prefer).

For $10/mo, the peace of mind alone is worth the price— but one lawsuit and penalty would likely be more than you ever spend on Termageddon’s services for the life of your website.

An interview with Termageddon Co-Founder, Hans Skillrud

I recently asked Hans to jump on a quick call with me to talk (in generic terms) about the importance of data privacy and how this applies to small businesses like yours.

YouTube video

Video Transcript:

Kyle Van Deusen:
Hey, it’s Kyle from OGAL Web Design, and while this subject might not be the most entertaining, if you own or manage a website, it is the most important.

Kyle Van Deusen:
Today, I’m joined by Hans from Termageddon to talk about data privacy and why your website, realize it or not, must comply with data privacy laws. So hello, Hans. Thanks so much for joining me today. First let me ask you, what is the purpose of privacy policy and terms of service?

Hans Skillrud:
Hi, Kyle. Thanks for having me on. A privacy policy discloses what information a website collects and with whom that information is shared with. It is required by law already in four states in America, and at the moment we’re recording this, there’s 14 states that have proposed privacy laws. So it tells visitors of your website what you do with the data that they submit on your website.

Hans Skillrud:
In terms of service, otherwise known as a terms and conditions statement, it sets the rules for a website. So maybe you offer links to third-party websites, like Facebook or Twitter. That’s a great example of wanting to provide a terms and conditions where it states, “Hey, we provide links to third-party websites, but we don’t control those websites. So you can’t sue us if you click that link and you get to a hacked website and then you get hacked. We’re not responsible if that happens because we don’t have any control of that”.

Hans Skillrud:
Another great reason for terms and conditions is what’s called a DMCA notice. And what this is is maybe you are unknowingly using copywritten images or text. With a DMCA notice, it says, more or less, hey, if we’re using copywritten images and it’s your property, that is unintentional and we will immediately remove it. Here’s our contact information to have us do that. A DMCA notice can create a safe harbor for a business, protecting from potentially being sued.

Kyle Van Deusen:
Yeah. And all that is extremely important if you own a website, but a lot of small businesses might wonder if they really need one. So who needs to have a privacy policy on their website?

Hans Skillrud:
Anyone that collects information on their website, personal information. A good example is if you have a contact form on your website. A contact form is a fantastic lead generator for businesses, but that’s a great example of when a company, no matter what their size, are collecting what’s called personally identifiable information. Another great example is newsletter sign-ups; e-commerce, if you transact through your website; and another great example is Google Analytics, where you’re tracking the behavior of a visitor on your website. Yet again, amazing tools to help your business grow and to understand how to improve your website, and simply you just nowadays need to disclose a privacy policy.

Hans Skillrud:
And, yes, a lot of people are like, “Well, I only hear about Facebook or Google getting sued, and I only hear about the big ones.” That’s because that’s what news talks about, the big ones, the ones where people are getting sued for hundreds of millions or bajillion dollars, whatever. The fact is, though, privacy laws are entering into America on a state-by-state basis. If you have a contact form and you get inquiries across state lines, you not only have to operate on a state level with the state you’re located in, but you have to comply with all the privacy laws where you’re collecting information from. Privacy laws do not care about where a business is located. They only care about protecting their citizens. So if you get inquiries across state lines, you not only need a privacy policy, you need a strategy to keep it up to date over time.

Kyle Van Deusen:
Yeah. So what are some of the consequences if you don’t have a privacy policy? I’m sure people are starting to figure out by now that they really need one, but what are they at risk for if they don’t a privacy policy in place?

Hans Skillrud:
They are at risk currently for being fined, and they soon will be at risk for being sued. Several states already have laws in place that are requiring certain businesses to comply with their privacy laws, to provide specific disclosures as it meets their specific privacy laws; and you could be fined up to $7,500 per violation. And what that means is not just a one-time slap on the wrist $7,500. Per violation could be interpreted as per website visitor. So that is something you don’t want to mess with because that could literally take out small businesses, which I think is a joke personally, but hey, we’re here and we’re trying to solve it.

Hans Skillrud:
The thing that people also need to be aware of is there are several states that have proposed privacy laws, like New York for example, which will enable their citizens to sue businesses of any size, any location, just for having a contact form without a privacy policy.

Kyle Van Deusen:
Yeah, that’s something you definitely don’t want to mess with because those kind of fines could bankrupt most small businesses in America once you start adding them up. So with some of these things already in place and some more underway, going through legislation now, where do you see the future of internet privacy and policies? Where do you think all of this is going?

Hans Skillrud:
There’s a lot of talk about, oh, once we have a federal law, everyone’s good and dandy. No, that’s not the case. In fact, I forget the exact name… I’m not the privacy attorney, the president of Termageddon is. She’s the newsletter editor for the American Bar Association and has a whole bunch more credentials. I’m just a lowly sales person. But there’s a phrase that goes into it, but it’s something along the lines of if a state privacy law exists and there’s a less aggressive federal law, the state can enforce the more aggressive state-specific privacy law. So it’s a mess. I don’t even see there being a worldwide privacy law. That would be foundational change to how we operate as a world together. So I see things getting more complicated, not less complicated, over time.

Hans Skillrud:
From today when we’re recording this, in the last week, at least three other states have been added to the list of proposing their own unique privacy bills with their own unique penalties, and they’re all unique disclosures that are required. I see it getting more complex for the foreseeable future.

Kyle Van Deusen:
Yes, I agree. Unfortunately, that’s the case. But luckily, we have Termageddon to help solve this problem for small businesses like myself and the customers I deal with.

Kyle Van Deusen:
Hans, I appreciate it so much. Thank you for taking the time to explain this to us today, and I appreciate all the work you guys do. We’ll talk to you on the next one.

Hans Skillrud:
Hey, thank you so much.

Contact Me About Your Policies & Protection

Use the form below to let me know you’re interested in protecting your  company for privacy lawsuits, and I’ll get back with you to setup a time to walk through the process and get you compliant.

Disclaimer: Because what good would this post be without one, right? I am NOT a lawyer and am not offering legal advice. This article was written and reviewed to provide you with the knowledge you need to help protect yourself. In all cases it’s best you consult with your lawyer to ensure you are complaint. OGAL Web Design cannot guarantee any policy or procedure to be 100% compliant.

About the Author

Kyle Van Deusen

Since 2003 I have helped businesses like yours increase their online presence through powerful websites that help you easily, effectively, and affordably grow your business.

More Articles You Might Enjoy...

Continued Success

Writing Better Posts

close up of man writing in notepad. Working on project concept
Getting Started

The 5-point checklist for project success

Close up of a mans handing highlighting on a document
Getting Started

Why Project Discovery is Essential