Up next in 10
Privacy Policies with Donata Kalnenaite of Termageddon
370 views
Jun 30, 2020
Donata Kalnenaite Website: https://termageddon.com/ LinkedIn: https://www.linkedin.com/in/donata-kalnenaite/ Facebook: https://www.facebook.com/termageddon Guest’s giveaway (if applicable): A free set of policies for web agency owners - apply here: https://termageddon.com/agency-partners/ Host: www.copyflight.com
View Video Transcript
0:00
[Music]
0:27
hey everyone welcome to the copy jet show my name is todd Jones I'm the host
0:33
and the owner of copy flight and on the copy chat show we talk about copywriting
0:39
content marketing in a world of digital marketing which we all pretty much are a part of and I'm pretty excited about
0:46
yesterday this is a de nada from termikid terma Gavin and she told me I didn't have to try to pronounce her
0:52
last name so I'm thankful for that but I'm glad to have her on and do not owe
0:58
you one tell us a little bit about yourself sure hi Todd it's really nice to be here and thank you everybody for
1:05
listening as Todd said my name is de nada I have an unpronounceable last name but
1:11
I'm an attorney and I work in privacy and Technology law and I'm the president
1:17
of termeh Kevin which generates privacy policies Terms of Service and other
1:22
policies for websites and applications I am the chair of the International
1:28
Association of privacy professionals Chicago chapter and the newsletter editor for the e privacy committee of
1:36
the American Bar Association I'm not sure we've had to bring some pretty
1:41
smart people on this show before but not it could be the smartest one we've ever had on that saying a lot so I'm not
1:50
confirming that title at all definitely not the smartest one here well she
1:55
definitely will accomplish and having a lawyer on the show I'm sure we'll get all of our law questions answered 30
2:02
minutes but okay so we're going to get to the getting-to-know-you lightning round and as I told you before we
2:09
started I did change up the questions a bit so you got to be on your toes so you ready yes I'm ready
2:17
okay who is your hero I would say
2:23
probably my fiancé's mom so she was the first female neurosurgeon to graduate
2:30
out of Mayo Clinic and she's also like one of the nicest people you'll ever meet so she's
2:36
extremely competent when it comes to her job but can still hold your hand in the operating room so she's awesome
2:42
Wow okay that's Tonya's mom yes yeah
2:47
that's awesome I have a great appreciation for healthcare professional
2:53
professiona professionals especially nurses but that's that's awesome so what
3:01
motivates you to work hard you know I
3:06
don't know I've always had this motivation to work hard ever since I was little I think so I was raised by my
3:13
grandparents in Lithuania and my grandparents taught me that you know there's nothing more important in their
3:19
opinion than education and working hard and I feel like that kind of translated towards the rest of my life and I kind
3:27
of hear their voice in the background saying what are you doing taking a nap it's time to go back to work
3:35
yeah I think we all have a little bit and when you're raised that way you you're specially you are especially
3:42
sensitive to that so I know my mom still struggles with that in she's long you
3:48
know pastor working days but she still hears her mom and the back of her well what you know in the back of her head
3:54
it's trying to get her to do stuff as well so next question if you could
4:01
choose to do anything for a day what would it be I would probably well does
4:08
this have to be career related or just in general I could do anything for a day anything okay I would probably just work
4:15
in my garden for a day because the weeds are taking over and it's time to do some
4:20
planting so if I had it like a complete day off we could just do whatever I wanted I would probably go there you
4:27
really enjoy doing that I do I do it's really fun I'm not good at it by any
4:32
means almost half of my plants will die but I do enjoy it so yeah you know we
4:42
tend to think about plants is not being having personality or anything like that they do really a mom refers to hers as
4:49
her babies so I totally understand that favorite holiday so since I'm Lithuanian
4:57
my favorite holiday is what's called John's and Janes Day it's on June 24th which also happens to be my birthday and
5:04
it's a national holiday so everybody gets the day off and it's actually it
5:11
kind of moved back from pagan time so you'll have like very large bonfires by the beach and you know lots of food and
5:19
drinks and fun so that's my favorite holiday by far that sounds nice I like that I would imagine the the summers
5:27
there are not as I would imagine the summers there are not as hot as like the south in America it's not as humid which
5:35
makes things a lot easier but you know there would be like months of preparation for John and James Dave
5:40
building like large fires and sometimes they'll be in like different shapes
5:49
learn something new every day I have to look that up okay let's see I asked this
5:57
is a different version of another question I guess if money was no object what would you do all day you can't
6:03
answer gardening you've already done that I would probably do my job I
6:11
actually really enjoy it I truly it sounds bizarre but I actually really enjoyed reading laws and interpreting
6:19
them and figuring out regulations and what's changed and what hasn't so I I think I would keep my job because I to
6:26
me I have the perfect job so I think I would just do what I do now we'll talk about more about that in a little bit if
6:35
you could live anywhere where would it be I would probably live in my exact house
6:44
like a replica of my house maybe like 50 miles into the Indiana border we live in
6:50
Illinois now and so we're subject to crazy taxation you know for just fifty miles since
6:56
Indiana I'd be very happy you'd like Indiana pretty good I think there's a
7:06
lot of similarities with Indiana and Arkansas yes I had some friends that
7:12
lived there we went up there and visited I felt like I was you know pretty much in Arkansas just you know North so a lot
7:19
of similarities yeah Indiana's like wait here just with more fast-food places
7:27
well that's America for you right yeah what influencer would you like to meet
7:34
for a cup of coffee or teeth so because I'm a lawyer I would actually really
7:40
like to meet Trevor Hughes I have met him once but I would like to meet him again and Trevor's news is the president
7:47
of the International Association of privacy professionals so he's definitely a very very cool and interesting guy who
7:55
knows a lot about privacy so I would love to meet him again sounds like a great cocktail conversation for for those are into that
8:06
probably would be okay it's like a bunch of coders sitting around talking about coding for yeah okay okay do you collect
8:15
anything we actually so maybe half a
8:21
year ago we started collecting magnets for a fridge from all the places we've put into so we got like six or seven
8:29
magnets and now we can since we don't travel anywhere but once all this is
8:35
over I'm hoping to continue my magnus collection so what are you doing you run out of space on a refrigerator
8:41
I've seen people buy like a magnet board and you know stick it up to their walls
8:47
so maybe I'll do that my couch is pretty decent-sized though so it'll take me a while to fill it
8:54
completely yeah okay I worked at a bookstore for a while and it seemed like we sold these little magnets that you
9:00
could turn into words and some of them even had like Shakespeare phrases and
9:07
that kind of stuff so I guess let's bring her now somebody could do that for like famous loss maybe and that
9:16
would be you have a new side hustle there you go yes just set up shop right
9:22
now wait that's one of the things that once you make them you just sell them you
9:27
keep selling them you don't have to like do something with it every day so yeah
9:32
if new laws passed that I would have to constantly just keep making packets
9:38
well they don't they don't happen as often you know for like famous laws you know you just got to be something that
9:44
then stands the test of time kind of deal do you have a personal motto my
9:53
personal motto would be don't let perfect be the enemy you've done I feel
9:58
like sometimes I can get really bogged down into the binew sure of things and
10:04
trying to make something that's super perfect and there's not always time for that yeah so yeah don't let perfect be
10:12
the enemy have done I would say I like that you know I can I can do the same
10:18
thing with any Content I produce you know it's got to be perfect so how do you perfect well no you actually got to
10:24
get it out the door so yeah I hear you okay last one ready do you have any
10:33
famous distant relatives or friends not
10:38
really I would say famous in terms of like the tech space I'm friends with Kyle Van Dusen Matt server from the
10:45
admin bar that's about as famous as my friends get but now you probably know
10:54
the bill they should guy yeah I would I
11:00
would put him up there as well for sure for sure okay all right listen let's get started on
11:07
our discussion now as a de nada said term again helps you create privacy
11:15
privacy policies and terms for your websites and applications and I want to talk I wanted to bring her on to talk
11:21
about this because this is becoming more and more important
11:26
each day for those that have websites which is pretty much anybody now what
11:33
changes have that has happened recently in the last few years that requires more
11:39
awareness regarding prophecy policies and why do we need a service like term again yeah of course
11:46
and so everybody listening unless like you've been living under a rock probably remembers the cambridge analytic Oh
11:53
scandal so where Facebook shared data with a third-party tool without authorization and that that's what
12:01
really spurred the whole privacy conversation so in the European Union
12:06
they've been talking about privacy for a while about guaranteeing individuals the right to privacy you know Australia and
12:14
Canada had privacy laws before then but really in the United States what spurred
12:20
all of these changes was the Cambridge analytic Ross scandal and that scandal
12:25
was so famous that a lot of consumers started to realize what is happening to
12:31
their personal information online and they started to realize that that information is used that information is
12:37
disclosed that information is sold and what they did was talk to their
12:42
legislators and say you know what maybe this is not okay anymore you know we kind of turned a blind eye to this but
12:49
you know what we don't feel comfortable doing so anymore and ever since then we've seen more and more states proposed
12:55
and passed privacy bills so for example California proposed impressed the
13:01
California consumer privacy act which one into effect January 1st of this year and then we also have Nevada that
13:10
amended their existing privacy law and now we have over 12 states that have proposed her own privacy bills and each
13:17
of these privacy bills has their own requirements for who they apply to you know who needs a privacy policy what
13:24
does that privacy policy need to disclose what are the privacy rights given to consumers and if you think
13:31
about it as a small business you know you might have had a privacy policy in the past and you never had to look at it again
13:37
and that was that like you just put it on your site and you were set and unfortunately that's not the case
13:43
anymore because we're seeing all these privacy laws and privacy bills now if you think about it as a small business
13:50
owner do you really have the time to keep track of all of that right you have the time to read every single bill every
13:56
single time it's changed how it passes what the Attorney General say about it what the guidance is that's really a lot
14:04
of requirements on businesses so what term again does is we keep track of
14:10
those requirements for you and will change your privacy policy when new privacy laws go into effect meaning that
14:18
you can actually just continue running your business continue running your website and not have to worry about
14:24
getting hit with privacy fines or lawsuits because you know some states
14:29
are even proposing that consumers can sue businesses of any size for
14:35
collecting personal information without having a privacy policy you know and
14:40
some of us talk about and I've had this conversation with Rob and Devinder some other people and and people locally as
14:48
well we have a big database company in town and it's collected information for
14:54
years and you know your Facebook or
15:00
YouTube your Twitter all these applications that we use that's what
15:05
they are are the applications social media you you get to use are free and
15:12
the the price for doing that is your
15:18
your information your data those of us have been around in this space for a
15:23
while understand that I mean it's like you know you see people on Facebook complaining about the information being
15:30
they've been using that ever since you signed up and of course they probably didn't read the fine print which I
15:37
probably didn't either how does that play into what we're what we're dealing
15:44
with with the privacy policies or is that a separate issue
15:49
well I think what a lot of you know consumers didn't necessarily realize is
15:56
who that data was going to be shared with right so and there was a lot of
16:01
things that were hidden at the time so for example I'm a lot of websites back in the day you you could potentially
16:08
scroll to through five or ten pages to actually get to the privacy policy or it
16:13
was in really small text or you know you had to request it or you know you just
16:19
download an app and it doesn't ask you to agree to a privacy policy just says oh you download it that means you agreed
16:25
but you never actually saw HUD so it wasn't necessarily that consumers were
16:31
just ignoring these things I think that at the time it was something that they were not made aware of properly by
16:38
companies which is why a lot of privacy laws will now state how will privacy policies just be displayed as well yeah
16:45
so you're talking about the difference in transparency and maybe being veiled a
16:51
little bit we don't really want you to know what we're doing with your information so we're going to hide it from you and basically the laws that
16:58
have caught up or basically trying to make companies be more transparent with the information they collect is that
17:04
correct exactly yeah so for example well under some older privacy laws you don't
17:11
have to disclose whether or not you sell the data that you collect in the more modern ones you do have to disclose that
17:18
so back in the day you know even if you read the privacy policy you know top to bottom you wouldn't have been told
17:24
whether your information is sold whereas now you might be required to one of the
17:30
things that I think that makes having a promise to privacy pollyana policy on a site and I've generated a few leaves
17:36
because of sites over the years I think it makes it more complicated as the fact
17:41
that we use third-party apps with their sites so Google Analytics for instance
17:46
you have to account for that somehow maybe some other third-party application
17:54
using to do something on your site I'm guessing we have to account for that in
18:00
our privacy policy somehow or so it really depends on what laws apply to you but for example Google Analytics
18:09
their Terms of Service actually requires you to have a privacy policy so when you install Google Analytics you agree to
18:16
their terms of service that means you're agreeing to have a privacy policy on your website right and things like Google Analytics do collect what's
18:23
called personal information because they will collect IP address and browsing history and things like that
18:29
what I see a lot of businesses get stumped by is the sharing of data and so
18:34
I help a lot of people to create their privacy policies right and one of the questions that I'll ask is do you share
18:40
data and the first thing they tell me is no I do not share data I have never shared data they're almost offended that
18:47
I would ask them but you have to realize that a lot of websites do share data so
18:52
for example if you have an email newsletter signup form your you might be sharing that data with MailChimp you
18:58
might be sharing that data with Constant Contact that is considered sharing data and you need to disclose that in your
19:04
privacy policy one thing that I see a lot of people be confused by is some
19:10
privacy policies will disclose the actual names of the companies with which you share data so for example they will
19:16
say MailChimp or Constant Contact and other privacy policies will do categories of third parties so for
19:23
example email marketing tools and under the general data protection regulation
19:28
which is the European privacy law and under United States laws under Canadian
19:34
and Australian laws you can disclose the categories instead of the actual names so you don't have to go through and list
19:41
every single email marketing service that you use you could just say email marketing service and that's
19:46
completely acceptable - that's a good thing because we change sometimes we change those things I might be using
19:53
Mara like today and get to a point where I feel comfortable using something like drip or active campaign you know next
20:00
year and so yeah I wanted I can change that exactly and that way you don't have to
20:06
go back and forth through your privacy policy changing things and it also helps keep your privacy policy shorter as well
20:13
and less confusing to users which is definitely a positive in my opinion and in CRM so if you're using
20:22
say the hub Scott HubSpot free CRM is that something you have to put in there as a category as well you have to say
20:29
what CRM you're using yeah you can just say CRM right you don't necessarily have to say
20:36
HubSpot or salesforce you can just say CRM and that's something that a lot of
20:41
people get kind of tripped up by as well and I would say another thing that
20:46
people get tripped up by is that privacy law us start applying to you when you
20:52
collect the personal information not when you share it not when you sell it not when you use it it's when you
20:58
collect it so if you have a contact form that collects name email phone number address you know that kind of stuff you
21:05
are collecting personal information and that's the point at which you should say to yourself okay I need to have a
21:11
privacy policy yeah and and so that's a good point and that was one of the
21:18
questions I was gonna ask you is you know when do I'm sure you talk to people all the time like I don't need a privacy
21:24
policy and then you point out oh whoa do you have a contact form if you have a contact form because why do you have a
21:31
website if you don't have a contact form yeah exactly anyway that's another lesser in fact I
21:37
have a whole talk about you have anyway but if you have a contact form which I
21:43
hope you do on your website because you're trying to get people to contact you to do business with you whether
21:49
you're as service based business is okay you have the product based businesses
21:55
and it's more ecommerce base and I guess that's a whole nother topic that
22:00
probably falls under as well but but I guess the most two two most basic things I'm thinking about is if you have a
22:06
comment or a contact form and you have an email newsletter you need to have a
22:12
privacy policy is there any way any reason you would not need a privacy
22:18
policy on a website so you don't need a privacy policy on a website that does
22:24
not cause personal information so if you don't have a contact form if you don't have an email
22:29
reform if you don't use analytics if you don't use cookies like if your website
22:34
does not do any information collection whatsoever that's the only point at
22:40
which you should be fine and I'm not sure I've ever seen a website like that I haven't either I've seen websites
22:47
without contact forms but they will always have Google Analytics sure or something yeah we used to do StatCounter
22:54
it's 15 years ago you know okay and but that was back before I think I believe
22:59
before Google Analytics was out so and there's a number of other kinds of stat counters or analytic counters that are
23:07
out there actually so yeah I would think even if you didn't have contact form or
23:13
a sign-up email signup form you usually have some kind of analytics installed to
23:18
be honest with you having launched many websites over years your hosts probably
23:23
had some kind of data information for stats in in this suite that you you may
23:32
not even realize is there so that would probably qualify you for meeting a proxy politics policy wouldn't it yes
23:38
definitely if you are collecting personal information of any kind that's when you need to have it so what we've
23:44
established if you have a website 99.999% of the time you need to have a
23:51
privacy policy right so what are constant consequences people would have
23:57
everyday people I mean obviously you know I think somebody had a big fine a
24:03
while back there was a large corporation so if I'm a small medium sized business if I break the privacy policy law
24:11
what what what kind of consequences would I expect so there's two types of
24:18
consequences and number one would be fines which can range from $2,500 per
24:24
violation and per violation means per website visitor whose privacy rights you
24:29
infringed upon to 20 million euros in total or more it's actually interesting
24:35
because you know we're saying a lot of people say that they haven't seen small companies being fined and
24:43
when you look at the news that's true right when you look at like New York Times and BBC or whatever you'll only
24:50
see the large fines but if you actually look up you know if you have the time
24:56
Google search GDP our enforcement tracker and you will see over 200 cases
25:01
of one GDP are was enforced and a large number of those cases are actually
25:06
against small businesses so we've seen you know small restaurants small grocery
25:13
stores we've seen marketing companies get fined and there's recently a marketing company that was fined like
25:20
over a hundred thousand euros for changing the email of their particular
25:26
customer in their CRM without that person's permission so you actually see
25:32
a lot of small businesses being fined even if you know they weren't getting
25:41
fined twenty million dollars or something like that you know as a small business owner myself I would really not
25:47
like to shell out a hundred thousand dollars because I changed somebody's email this second and as more privacy
25:55
laws are passed in the United States as consumer interests and this increases we'll see more and more fines being
26:01
pushed out so for example the California consumer Privacy Act that was the
26:07
enforcement date for that is July 1st of 2020 now the some groups have contacted
26:14
the Attorney General asking hey can we push back the enforcement date because of kovat and he said no so it's
26:22
something that's not going away regardless of the status of the world right now which I find interesting but
26:30
there's also second set of consequences there and that's losing customers and so there was recently a study that came out
26:36
that said 52% of Americans will not use a product or service if they feel like
26:42
it has privacy violations or if they feel like their privacy isn't safe that's about half so half of your
26:50
potential customers could be leaving and then there was another study showing that the average sales delay that is
26:58
caused by privacy concerns is about seven point eight weeks so sales your
27:03
sales cycle could potentially be delayed just because you failed to have a privacy policy because it's something
27:09
that consumers look at now it's not just something that lawyers look at it's not something that just state attorney
27:16
generals look at it's something that consumers look at and read now which is interesting because five years ago you
27:22
know nobody read a privacy policy they just click I agree but now people will actually look for it read it make sure
27:28
that they feel safe and secure it's kind of like the SSL certificate right like a
27:34
few years back you know it was nice to have on some ecommerce websites and now
27:39
Google won't let you access a website without an SSL certificate without making you feel like you're jumping into
27:45
like some nasty froze pond right so I think something similar is starting to
27:52
happen with privacy as well yeah we're in a course businesses online now I mean
27:58
yes you know we're in a world when it comes to business which consumer wants
28:04
some transparency about things so that's definitely something to to consider now
28:10
I want to ask you I was just thinking about this when you were talking about the marketing company being fined and
28:15
you in Europe anybody working in marketing and that could be any kind of
28:21
content creator content marketing copywriters web developers digital
28:27
marketing agencies anything in that general marketing bucket do they have
28:34
more opportunity to make a mistake with this because they manage so many clients
28:41
web sites is that something that they really should pay attention to a little
28:46
bit more in partner with somebody like a term again so I used to work at a
28:52
software development company way before this and in reality the way I see the
28:59
relationship between an agency and a client it really depends your contract and your relationship with
29:05
your client so for example if you have a contract that says we will build you a
29:11
compliant website rip that up right now because you're going to end up being
29:16
responsible for privacy law compliance for that website make sure that your contracts are air tight on that make
29:23
sure that your clients understand that you're not responsible for compliance make sure that your clients understand
29:28
that they're responsible for how they handle data how they collect how they use how they disclose it how they
29:34
destroy it and if there's something that your client wants you to do on that particular website you know make sure
29:40
that you get it in writing I know with a lot of marketing and development
29:46
professionals this is a complicated topic right you know but the truth is
29:52
you don't have to be a privacy attorney to have that conversation with your clients so when you're building them a
29:58
contact form when you're running an email newsletter campaign when you're doing marketing for them it's a great
30:04
time to talk to them and to say hey you know it looks like you're collecting personal information I'm not a privacy
30:11
lawyer but you know I think that you should get a privacy policy on your website and looking to what your
30:17
compliance requirements are and make sure that you do that in writing because as we see more and more privacy lawsuits
30:25
coming out we'll see more and more companies blaming somebody else for it their faults because at the end of the
30:32
day it's up to the website owner to make sure that that website is compliant not to the agency but you know as we see
30:39
here in the United States litigation was very common if somebody gets sued for
30:45
$500,000 there they might be trying to come back to you and say well this guy
30:50
built it he said he knew what he was doing and it turns out that he didn't so it's not my fault so make sure that you
30:56
talk to your clients about it make sure you tell them that they need a privacy policy and make sure that you do so in
31:02
writing and really protect yourself and your agency for the future yeah I think
31:07
it should be in the onboarding or even not even an onboarding but the pre-qualified questions like you know
31:16
that's a good point I'm sorry go ahead you know and we partner with agencies so
31:23
we actually have a website policies waiver that we do offer to our agency partners that basically is a addendum to
31:31
your contract that you would have your client sign saying you know we're not responsible for privacy law compliance you need to make sure that you have a
31:38
privacy policy they eat people keep it up to date but a term you get and we partner with agencies so we give them a
31:45
free set of our policies so you can test it out see if you like it put it on your own agency's website get protected that
31:52
way and then we offer recurring revenue for the girls yeah
31:57
that's very good I have another question but this should be for later not on the
32:03
show but yeah I have yet to try out your service as well as I should at this
32:09
point I need to go in and actually make a privacy policy for my website I this
32:16
you're talking about compliance brings up another question that I didn't expect to do in this show but I just got
32:23
through doing I'm in the middle of a two-part article writing about Colleen great sir I said her name correctly and
32:30
she is a consultant for people who need
32:36
have accessible websites and accessibility issues how does that play into privacy policies it seems like some
32:44
similar stuff going on like you know unless the client I mean maybe she might
32:50
even say and I would have talked to her about this but she might even say if you're building a website you should just automatically make it accessible
32:56
she does accessibility audits so people will come to her you know but does that
33:03
play into privacy policy much there's some similarities there I think so I'm
33:10
not an accessibility expert so I can't speak too much in depth about it but the
33:16
way that I understand that the relationship between the two right so privacy laws are pretty clear right here
33:25
are the requirements that you need to meet here's what your privacy policy needs to
33:30
now I mean relatively clear you know you'll probably need a lawyer to parse
33:36
it out but you can't parse it out and get to something that's good right accessibility is something that is much
33:43
more nebulous in my mind there are requirements as to what needs to happen
33:48
but you know people are still very unclear as to whether those are real requirements or suggestions and as the
33:57
internet changes you know as websites change as design practices change it
34:03
seems like it's a very unclear situation of what's happening in that world you
34:11
know a lot of websites will have an accessibility statement and I do want to
34:16
note just because you have a statement does that mean that your website is compliant so with privacy policies
34:22
having a privacy policy is also part of a myriad of requirements that privacy
34:27
laws impose but it's definitely a great like first line of defense right so you
34:33
go to website and consumer she's a clear privacy policy the likelihood that they will complain because your privacy
34:40
policy is there is a lot lower than for a website that doesn't have it when it comes to accessibility it seems like
34:47
people and lawyers are paying a lot more attention to the actual operation of the website and not to what an accessibility
34:54
statement says so I think that's an interesting difference that I see they
35:00
both have legal ramifications but I guess two sides and maybe not even the same coin for that matter but that's the
35:08
thing that's the world we're getting into now so I've expected to see more and they're starting to be some lawsuits
35:15
for during regarding accessibility especially with government websites that's something I've seen coming for a
35:22
long time and if you're listening to this and you are operating a government
35:28
website it needs to be accessible that's just no other way I can say that you will likely get fined at some point or
35:36
soon sued us or say certainly you should have a privacy policy as well okay
35:43
we talked about consequences a little bit so one of the things you do not talk
35:53
about in previous conversation was you asked me if I want to talk about just the United States or globally and I said
36:00
globally because this is not just the United States or just a Europe thing and
36:07
I mean I'm we've talked a little bit about how many states have Francey policy I know California probably has the biggest
36:13
presence in that area what are the stakes yeah California has two we also
36:20
have Nevada and Delaware right now but we have over 12 states that have
36:27
proposed their own privacy bills so for example I live in Illinois Illinois has three different proposed bills so we
36:34
could go from four to sixteen pretty quick yes because so what happened in
36:42
the European Union is you had all of these countries come together and they came out with one set of directions
36:48
right so you have the GDP are in Europe and that's what applies to businesses they're over here it looks like the
36:55
federal government has been unable to pass a privacy law that would apply in every single state and because consumers
37:02
are asking for it each state is kind of taking the reigns into their own hands and saying okay well the federal
37:08
government won't do this we're gonna do it instead and what's that what that is
37:14
going to create is a patchwork of laws because the laws protect consumers of a
37:19
particular state not the businesses so they have a very wide application so just because you're not located in
37:25
Nevada does that mean that the law doesn't apply to you so if you have a customer in Nevada the law will apply so
37:33
if you think about it if you think about all of the states and if each of the states has its own requirements and you
37:40
can have website visitors from any state submit their information that will create a very extreme patchwork of
37:47
different laws and in my opinion it will become something that's almost
37:52
impossible for a small business to keep track and comply with themselves do you think
37:59
at some point that all these different state laws will somehow push the federal
38:05
government to come up with an overarching law or will just have 50 different laws plus anything is possible
38:13
I would say but even if we do eventually get a federal law so most privacy
38:19
professionals agree that we won't see another we won't see a federal privacy law get passed for at least another two
38:27
or three years so what are you gonna do in those two or three years but then when a federal law is passed there are
38:33
two choices that the legislation can make so choice number one it preempts state laws so that means that if a state
38:40
has a stronger privacy law the federal privacy law will apply instead or two it
38:46
does not preempts state laws which means that you would have to comply with the federal law and the state law at the
38:53
same time in the same place which would create an even more complicated framework to work with okay now that
39:01
okay that I didn't know that I would ever talk about this on the show but it
39:07
reminds me of the cannabis situation so yes I have a couple of friends that work
39:13
in that industry helping people with websites and copy and I can't imagine it
39:19
kudos to them for diving in and doing it and that's great I do know that they've
39:24
had trouble with getting POS because banks won't do it at all and because
39:32
it's against the federal right but then in certain states it's perfectly legal
39:38
and there's a disconnect so I can see that you know it could be similar with
39:43
the privacy policy I suppose exactly and when you think about people who work in
39:49
the cannabis industry they will usually have two or three attorneys on staff or on retainer who are constantly keeping
39:56
track of these requirements and that's something you know cannabis companies are usually well-funded and a lot of
40:04
small businesses aren't so a lot of small businesses can't afford to pay
40:09
eight thousands of dollars a month for something like privacy law compliance when you know you have to pay salaries
40:16
you have to pay over it like you had to pay for your building and phones and
40:22
computers and internet and all of that you know that's just a very very high
40:27
requirement I would say that that's being imposed okay this brings me to the
40:33
next impromptu question this is well this is why I do it like this because no
40:40
matter what I have on the sheet something else comes up and it's more important so let's say I'm small
40:47
business in Indiana and I get a privacy policy my web developer you know
40:54
connects me with you and I'm paying $10 a month whatever you your payment is and
41:01
you you may mean privacy policy does that that live directly on my website or is that something that you refresh
41:06
regularly from your whips how does that work so it comes with an embed code and
41:11
then the embed code is placed on the website and that's what allows us to control the copy so when there is a new
41:19
law that that has passed we either push to update automatically to you or we'll
41:25
ask you to answer one or two more questions and then push the update automatically so for example when
41:31
Nevada's privacy law was amended it started asking for disclosures to whether or not you sell the personal
41:38
information that you collect obviously we can't answer that question for you because that's you know from your
41:43
business you would know we wouldn't so we just sent an email asking that one question you replied yes or no and then
41:49
we pushed it so you don't have to read regenerate the embed code or anything
41:55
like that that's correct yeah that's okay that's good to know
42:00
okay that kind of answers my question now I gotta get back to the globaly
42:05
thing and this is one of the questions that the vendor asked and it's kind of
42:11
along the lines of what we've been talking about so how do you keep up with all these laws from the United States
42:18
Canada Europe I would imagine Australia has their own yes
42:24
what countries what who do you have to keep up with I know we talked about the
42:30
states in the United States and Canada of course they have their own and Europe which takes care of Europe and I guess
42:36
you have Australia has their own and then you have Asia maybe Russia I don't
42:41
know so but who do you have to keep up with and how do you do that so personally when I keep up with is all of
42:49
the states Canada European Union and Australia those are really the places
42:55
that we're focusing on right now and the way I do that is sort of few different pieces of software so number one is
43:02
called LexisNexis which is like a Google for lawyers so I've set up certain search terms and every day I'll get a
43:09
set of emails you know here are the cases in these particular districts that concern those topics here are some of
43:17
the proposals that are coming out here's where they are here's any updates on
43:22
where they are in the process another software that I use is legend so legend
43:28
is actually great for keeping track of new bills and new regulations so usually
43:33
when a new privacy law comes out a state attorney general blow release regulations as to how to comply with
43:39
that law fun fact sometimes they're conflicting with the actual law so that's that's fun
43:46
in terms of outside of the United States so for example the European Union has
43:53
the Data Protection Board it has data protection author parties which come up with decisions about how to interpret
44:00
certain things in gdpr I'll get alerts from those and the Information Commissioner's Office in the
44:07
UK is an amazing resource for keeping track of GPR and decisions and all of
44:13
that Europe also has a what's called an article 29 working party which
44:19
interprets gdpr Information Commissioner's offices in Australia and
44:26
Canada they have a Maine Information Commissioner there and their website
44:31
releases updates on new cases and things like that as well and then I also use the International
44:38
Association of privacy professionals as a resource so if I ever have a question about a law so for example for a
44:45
California law to apply you have to do business in California and that sounds like the easiest thing ever like you
44:51
just do business in California right it took like about 50 attorneys to figure out what that actually means so I
44:58
actually have a list of people that I reach out to on a regular basis if I ever have questions about the law or
45:04
about a case and the IPP also has a state privacy bill tracker a federal
45:10
bill trackers they have a robust news area where I can learn about new bills
45:15
as well and they also have some really great like virtual conferences and talks that are watched about how to interpret
45:22
the law as well so it all kind of comes from a whole bunch of different sources it's not just like you know I go to one
45:30
website and I see everything I need to know it actually spans for like ten different places that I gather all of my
45:37
information from so you were like Google Alerts for prophecy law pretty much yeah
45:44
except like if you had Google Alerts for privacy law just that term you probably
45:49
get like 50 trillion alerts none of which would be relevant so it's it's a
45:55
lot more complicated than that like you have to actually make alerts by each law and then most of the time they don't
46:01
make it to the news so then you have to you know scour down I use that
46:08
metaphorically because I noticed all the sources you mentioned none of them are Google but you become like Google Alerts
46:15
for privacy laws for for the rest of us I guess you might say ends up in Google
46:22
it's like two months too late like I need to know about a law like six months
46:28
before at least before it passes you know I can't if I know that the day of
46:34
passing I'm already way too late because I had to update our clients policies
46:39
when we have thousands of them so usually when an update comes I'll find
46:45
out about I love when it's first proposed and then I'll try to try to track it and then you know when it when it passes
46:53
in between when it passes and the effective date we had to re-engineer our systems so it's it's pretty much crunch
47:01
time to past time and effective day of you know me engineering everything and then our development to building it out
47:09
okay you said you had thousand Japs update I mean once the law comes out I guess it depends on like it could be
47:15
just Australia you have to update so then you have to find all the class for Australia enough is that a one-by-one
47:23
top deal or so we do have a database of our customers where we can pull where
47:28
somebody is located actually interesting fact though so let's say we'll have a
47:34
privacy law come out it's not just you know we updated once for that particular
47:39
privacy law and then it's it's good to go for forever right as long as that law I suppose into fact that's actually not
47:46
the case because will also see Attorney General regulations which interpret the law and then we'll also see case law
47:54
that interprets the laws so for example we can see cases by particular district
47:59
across the United States we can also pull up cases across the world that says
48:04
if your privacy policy says this is incorrect or if your privacy policy doesn't have that particular disclosure
48:11
written in that particular way it's incorrect so I'll actually pull cases as well and as new cases come in throughout
48:18
time will actually update those policies again to make sure that the wording
48:23
complies with what courts have decided I'm glad to shoe it not me that is a
48:31
very valuable service they have one more question and and again this comes from
48:37
our friend to vendor and I'm sure you're gonna add a lot of copy a caveats to
48:42
this but I'll just say it like he said it cuz like it I don't know of a
48:48
software way to say it but are your privacy policies 100% legal proof do
48:54
they give guarantees okay so I'm not
48:59
sure that's the right way to answer it of course of course so nothing is ever
49:04
guaranteed if I go to an attorney right now and I get a privacy policy written
49:09
for me I don't get it guarantee even though I paid $5,000 actually one of my
49:15
friends had a privacy policy written for him by a really really large law firm
49:20
and he asked me to review it and I did and it turns out that it was not
49:26
compliant with Canada Australia or the u.s. because he was basically UK and
49:31
only after asking all of those questions of his attorney was he informed that we can make no guarantees that these laws
49:38
are that the privacy policy of every Road is correct or even useful and also
49:44
we can't control what you put in as the answer so for example if you do sell
49:49
data and in our system when you're filling out that question you say that you don't and then later on you get sued
49:56
because you actually do solid data and you decided to lie we can't really guarantee that because we can't
50:02
guarantee what you're going to be putting into the policy what I can say
50:07
though is you can find what privacy laws
50:13
state that a privacy policy needs to contain so we have those blogs on our on
50:18
our blog even and you can read those and you can cross-check it so you're more
50:25
than welcome to cross-check it and we actually have a lot of attorneys using our system as well with pretty much no
50:32
changes so I don't know it's the best work that I can do that's all I can tell
50:39
you yeah you know guarantees and and that kind of stuff really hard to make
50:46
guarantees and anything I mean I mean you know maybe and most people don't
50:54
I guess you I don't know it just seems hard to make a guarantee or anything but
51:00
but I guess really the ideal for business owner is it is the cost enough
51:09
to compensate for mitigating what risk I have if you know I mean
51:16
why would I use termagant versus the local lawyer in my town yes so before we
51:22
go into that I was also going to say like if you're building a website do you
51:28
guarantee your client that that website will be up forever that that website will never get hacked no because you
51:35
know people just can't make those guarantees just a lot yeah and in terms
51:41
of like using your local attorney if you can afford an attorney we definitely encourage you to do so
51:48
you know if you think that it's worthwhile for your business to spend a few thousand dollars on this you know
51:53
you should like if you can afford that you definitely should do that I would be nervous about going to your local
52:00
business attorney though because privacy laws such a specialized field a lot of
52:05
business attorneys don't know enough about it but you know if you wanted to test your attorney to see if they knew
52:13
enough about it you would ask them what are the privacy laws that apply to my website and why and what is your
52:19
strategy for keeping my privacy policy up to date so a lot of attorneys will charge your set cost to draft the
52:27
privacy policy which is fine but then what happens when the laws change are
52:32
you going to be charged extra and how much extra are you going to be charged usually with hiring a pricey attorney
52:40
you end up with a cost of a couple thousand dollars which might be attainable for some businesses which is
52:46
great but you know for a lot of small businesses that's not something that you
52:51
can afford to spend thousands of dollars on and that's really Hoover a solution for you know we're trying to help small
52:58
businesses and startups get themselves ready for these privacy laws make sure that their website is correct and make
53:04
sure that they don't have to worry about this so our cost is $10 a month or a
53:09
hundred dollars a year for end clients and it's something that's a pretty reasonable cost considering the amount
53:15
of time and work that it takes to keep track of all these laws and update the
53:20
system and end-all and all of that yeah
53:25
I think it's worthwhile and it doesn't you know I don't think you have to be a
53:31
web and you see to appreciate it I think people and other categories of marketing
53:37
should be at least know that you're available obviously some people the type
53:44
of work you do may not have anything to do with privacy but but for the most person who works for the most people in
53:51
our industry who's working with the average everyday business you are the expert for them you know when it comes
53:58
to this stuff and they don't have a attorney attorney on retainer
54:04
so having information about this and and giving this as a solution I think is a
54:10
great thing regardless when you're copywriter or a writer or a web
54:16
developer or whatever and yeah I mean I know some content marketers are probably
54:21
working with larger companies who have lawyers on staff and have access to that kind of thing but for your average small
54:28
business you're a great resource of late yeah really hoped to be and you know we
54:34
have resources on how you can communicate this to your clients as well so if you're not sure what to say we do
54:40
have resources for that and we have blogs up that talk about like what laws require websites to have a privacy
54:47
policy you know what are the most recent bills that have been introduced what does each state look like you know what
54:53
are the requirements of each particular privacy law so we have a lot of good resources and I'm always available if
54:59
you have any questions I'm happy to answer them too well this was a very good chat I think it's gonna be a very
55:07
good show I appreciate you coming on and talking about this we could probably go for two
55:12
hours nobody wants to hear us talk for two hours but never know I'm not bringing back because this is a
55:19
ever-evolving situation and we could probably talk about terms I don't know
55:24
if that's even in your field of expertise but that's another thing that that we also have to think about if
55:31
you're selling something on your website we do terms disclaimers and well sounds
55:39
like a lot to bring you back on just for that topic awesome that sounds great I would love to this has been really fun thank you so
55:46
much for having I like to ask the right questions and I don't know if I did but I like to ask no those are great right
55:52
questions and just turn the guests loose and let them just fill the air with expertise and I think that's what we did
55:59
here so I'm really really happy with it I can't wait to get it out and share it with everybody appreciate you coming on
56:06
again thanks for watching the show today
56:11
I hope you subscribe haven't been asked to that question or asking people to do
56:16
that as well my outros have been poor so I'm trying to get better at that data but I hope you subscribe to the copy
56:23
flight YouTube channel and we look forward to you to the next time again as I always say I know things get tough
56:30
sometimes don't give up don't ever give up never surrender have a nice day
#Legal Services
#Writing & Editing Services