Upcoming Privacy Laws and How You Can Protect Your Business
Note: This post is regularly updated to include the latest data privacy laws. (Most recently updated in Februrary 2023)
I used to pick on FAQ pages for being one of the least alluring pages on a website but I was wrong. When it comes to the ugly duckling of web pages, privacy policies and terms of service take the cake. Usually buried in teeny tiny links at the bottom of websites, only clicked on by lawyers, and almost never actually read word-for-word -- the legal pages of your website are probably the last thing on your mind every day.
So why does every website need these pages filled with what looks like gibberish and legalese? Well, #1 because it’s just good business and #2 because there are current laws - and many proposed new ones coming down the pike - that could equate to fines for violations of privacy laws starting at $2,500... per website visitor 😱 Don’t do the math on that, it will def make you sick to your stomach. And that’s just the start. In this post, we’re looking at what a privacy policy is, why it’s important that you have one that’s always kept up to date, and what I think the best solution is.
What is a Privacy Policy?
In short, a privacy policy is a document that discloses what personal information you collect on your website, what you can do with that information, and who you share it with, among other things. Your website needs a privacy policy if you use it to collect personal info such as names and email, which is pretty much every website out there. I mean, I’ve never made a website that doesn’t collect this type of information and more ever. Basically, if you even have a contact form or an email newsletter signup form on your site, you need a privacy policy.
Why is a Privacy Policy Important
Having an up-to-date privacy policy on your website can help you avoid fines and lawsuits. Remember what I said above about the only people really checking these pages out are lawyers? Well, I wasn’t exaggerating. Currently, there are a number of laws in the US and EU that require websites that collect personal information to have a privacy policy. These include:
European Union’s General Data Protection Regulation (GDPR)
The California Online Privacy Protection Act (CalOPPA)
The California Consumer Privacy Act (CCPA)
Nevada’s Revised Statutes Chapter 603A and SB220
Nevada Senate Bill 260 - signed into law June 2021
There are 6 new laws that are going into effect in 2023 that will cover even more ground:
The California Privacy Rights Act (CPRA)
Virginia Consumer Data Protection Act (VCDPA)
Colorado Privacy Act (SB190)
Utah Consumer Privacy Act
Connecticut SB6
Quebec Bill 64
These laws all are designed to protect consumers of those states and countries - which is good - but these laws are not in place to protect online businesses like yours. What this means is that these laws can apply to businesses outside of those states and countries and may apply to you if you collect the personal information of or enter into transactions with consumers from the EU, California, or Nevada. With eCommerce being a truly global endeavor, there’s no way to prevent people from anywhere accessing your site and exposing you to some level of risk.
Why You Need to Keep Your Privacy Policy Up to Date
In addition to the laws above, several US states have proposed privacy bills that, if passed, would require websites that collect personal information to have a compliant Privacy Policy. This is all well and good but things get tricky when you consider that these bills all have different requirements for the disclosures that need to be made in a Privacy Policy and would impose heavy fines for failing to include those disclosures.
In fact, some states are proposing to allow consumers to sue businesses directly for not having a compliant privacy policy. This boils down to the fact that if your website gets inquiries or does business across state lines (and let’s hope it does!) it’s not enough to just have a privacy policy; you need to have a privacy policy that complies with multiple state privacy laws. Yikes. Now, I’ve done a fair bit of research into privacy policies and website terms of service and I know for sure that I don’t have the bandwidth or legal acumen to stay on top of all of this myself.
The Best Solution I Know Of: Termageddon
Termageddon is an auto-updating privacy policy generator. This means that it will automatically update your website’s policies any time laws change, making sure you are always 100% in compliance. It works through small snippets of code that are added to your privacy and terms pages and uses information from a simple questionnaire that you only have to answer once at setup. It’s also fun to know that it is the only privacy policy tool listed as a trusted privacy technology vendor by the International Association of Privacy Professionals.
A super affordable solution:
Most people aren’t looking to spend thousands for a lawyer to draft these types of documents up for them which means that most people are out there unprotected from risk. The thing I like about Termageddon is that for just $10/mo or $99/yr, you receive the following expert-prepared policies to protect your site:
Privacy Policy
Terms of Service
Disclaimer
End User Licence Agreement
Why they’re awesome:
I mean beyond the tech magic that makes sure your site is always in compliance, you can set up your policies in 15 mins or less and the team at Termageddon is top-notch. You’ll basically have access to the best of the best when it comes to privacy and data protection if you ever have any questions. Their team has already helped some of my clients that have some pretty unique setups ensure they are protected now… and in face of whatever future laws may bring. Privacy matters a ton but so does protecting your business need to continue to do business online confidently.
BONUS: You can use this link or code KRISTINE for 10% off your first-year payment on your Termageddon subscription!