There’s a reason why two-thirds of businesses have a website — great websites generate leads. And in order to generate leads that can be easily captured, it makes sense that a website would have a contact form that collects personal information such as name, email and phone number. While a contact form is a must-have feature for a website, it can also open your clients up to liability.
Lawmakers have recently embarked on a new journey by proposing and passing laws that protect the private information of consumers by requiring Privacy Policies on websites. And it doesn’t end there, the concept of social sharing is taking off as well.
Companies want to connect to their prospects on all platforms to ensure that they are always kept at the top of mind. It’s difficult to find a website now that does not have links to social media. However, having links to third party sites such as Facebook or Twitter can also open your clients up to liability if the consumer’s rights are not respected on such websites. That’s why it’s imperative that your clients have Terms of Service as well.
In this article, you’ll learn why every website that you build should have a Privacy Policy and Terms of Service.
Requirement Number One: Privacy Policy
A Privacy Policy is an agreement that specifies what personal information is collected on a website, how that information is used and who it is shared with. Personal information includes any information that relates to an identified person such as a name, email or phone number — the kind of information that is usually collected via contact forms or email newsletter sign-up forms. Most websites that collect such personal information are actually required by law to have a Privacy Policy.
In particular, the following laws may require your clients to have one:
- General Data Protection Regulation;
- California Online Privacy Protection Act of 2003;
- California Consumer Privacy Act; and
- Nevada Chapter 603A and SB220.
The tricky part of these laws is that they do not necessarily govern just the businesses of that state. The goal of the laws is to protect consumers residing in those states and that means the laws may apply to businesses outside of the EU, California or Nevada, to encompass any business in the United States. Consumers don’t search for websites by location of the business, they search for what they need. This means that businesses in Illinois, Alaska or Florida need to have protections in place.
These laws require websites that collect personal information to have a Privacy Policy and noncompliance can lead to heavy fines and penalties. Furthermore, many additional states are proposing their own versions of privacy laws (e.g. New York, Washington, and Minnesota, just to name a few) which would require businesses to have a Privacy Policy and would impose their own requirements on what that Privacy Policy needs to contain.
The most important part to remember is that any website that has a contact form or an email newsletter form needs a Privacy Policy.
Requirement Number Two: Terms of Service
Terms of Service is an agreement that specifies the rules that one must abide by to use a website and often includes liability limitations that protect a business from bad actors or something going wrong. While Terms of Service is not required by law, it is a crucial part of protection.
Let’s take an example:
You are building a website for a client who wants to have links to their social media accounts such as Facebook or Twitter. If a user goes from your client’s website to Facebook or Twitter and his or her rights are abused by those companies or if they get a virus, they could potentially blame your clients for this.
In fact, there was a recent case where a website owner was held jointly responsible for Facebook’s data processing under GDPR since he had a link to Facebook on his website. Facebook was just fined $5 billion by the Federal Trade Commission for their poor privacy practices.
If there is anything that can be said for certain, it’s that your clients would not want to participate in that type of a fine. Having Terms of Service would help protect them from such mishaps.
Terms of Service is also helpful to answer common end-user questions for eCommerce websites such as “what is your refund policy”, “can I cancel my order” and “what do I need to do to receive a refund?” If your clients have a website that allows users to sign up for accounts, Terms of Service also will help your clients ensure that they have full control of those accounts and can delete them in case of abuse.
Lastly, Terms of Service will help ensure that your clients’ intellectual property rights are protected and that users are put on notice that everything on the website is copyrighted. What’s most important to remember here is that every website needs Terms of Service to ensure protection from lawsuits, penalties and the theft of intellectual property.
How to Educate Your Clients
As a web industry professional, your clients look to you for advice and recommendations on all things web. They may not have heard about the new laws that have been passed, they may not be aware that they collect personal information on their website or they may not know how to protect their business online.
It is up to you to educate them about the importance of Privacy Policies and Terms of Service to make sure that they get the best service that they can from you. Also, it doesn’t hurt to document this in case they do not take your advice and then end up getting themselves into trouble!
There are a few points in time where you may want to broach this subject with your client:
- When you are first quoting out the project
Certain laws require websites that collect personal information to have proper consent captures in contact forms or they even require that websites abide by privacy by design principles. Furthermore, data minimization requires websites to collect the minimum amount of information that is actually needed by the business. Since privacy concerns may affect the design and features of the website that you are building, it is smart to bring this subject up when you first quote out the project as your work may be affected by these concepts. - Prior to launching a website
Hopefully, the website that you built starts bringing in leads as soon as it launches. However, this also means that users will be submitting contact forms and giving their personal information to your client. This means that a Privacy Policy and Terms of Service should be on the website on launch day. If you are worried about how getting these documents may affect the launch day (as in, delay it), make sure that you suggest a solution that takes very little time to set up and implement. - When you sign up your client for a maintenance/care plan
If you have already built and launched the website or if you are inheriting a website from a previous developer and are signing your client up for a maintenance plan, include these policies in your plan to make sure that your clients are protected.
- When you are first quoting out the project
While you would obviously want to get these policies for your clients as early in the game as possible, it’s better that you suggest them, even if a bit late, than not suggest them at all. It is also important to remember that your clients may be asking you for advice on what to do for a Privacy Policy or Terms of Service and it’s important that you are ready with an answer.
