FTC 184 | Website Privacy Policy

184: How To Secure Your Website’s Privacy Policies With Donata Kalnenaite

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn


Privacy policies in your website need to be up to date whenever laws change. However, manually changing or copying policies from other websites can be tedious and takes a lot of time and work. In this episode, host Mitch Russo guests Donata Kalnenaite of Termaggedon to explain to us how privacy policies work and the laws that affect it. She also discusses how Termaggedon offers to automatically update your website privacy policies whenever state law changes.

How To Secure Your Website’s Privacy Policies With Donata Kalnenaite

Have you talked back to me yet? I’m getting several messages a day now using the Speak to Mitch button on every episode. Do you want to react to what I say? Go ahead, make my day. Let’s get the conversation started. One more thing I’m going to tell you about is a new sponsorship partner for the show and that’s VEA, the Virtual Entrepreneurs Association. It’s a place with all the tools, resources, discounts, education and community to help you on your entrepreneurial mission. Think of VEA as the AAA or Swiss Army knife for business. For a limited time, you can get your free VEA trial as well as a copy of the founder, Daven Michael’s new book, The Virtual Entrepreneur at VEABusiness.com/mitch.

My guest migrated to the US at the age of twelve and knew that in the land of opportunity, she would have to work hard to achieve her dreams. She moved in with her mom for the first year and then with her dad and later enrolled in law school, knowing that being an attorney would both open doors and provide opportunities for her as she became more integrated into the business community. That wasn’t okay with her dad who yelled at her for studying too hard. Overcoming her father’s ill will was just the beginning. After graduated in law school, she went to work for a junk mail company, which was depressing and soul sucking. She realized how junk mail violated her personal values of human privacy and watched as your only goal was to exploit their clients. She finally quit her job after having a vision for what her real purpose in life would be. It’s with that purpose driving her forward, she started her company called Termageddon, which is her vehicle for building both the company and the life she wanted. Welcome, Donata Kalnenaite, to the show.

Thank you so much, Mitch. I appreciate it. I’m happy to be here.

I’m glad to have you. Yours is an incredibly interesting story. Other than your dad, who yelled at you, you had the strength and determination to get past that. Landing at a junk mail company, what did you think when you first took that job?

When I first took that job, I thought I need a job. At that time, the job market wasn’t that great. I was working from home for a while and I needed to get out of home. I interviewed at this job and I got it and I was working in compliance. I have been unsubscribed from junk mail for years now. It was very difficult to facilitate the sending of junk mail to people, which we all know that no one wants. No one likes getting it. Facilitating, collecting people’s information to send them junk mail, in my opinion, was wrong. It did not align with what I wanted to do in my life and did not align with my values. I ended up quitting and starting Termageddon instead.

Let’s go back even further. You migrated to this country and you were twelve at that time. You had a vision of the United States and of what life might be like here in the US. How did that all happen?

At that time, my parents were already in the US and they were already divorced. My mom lived in New Jersey and my dad lived in the Chicagoland area. They invited me over to stay. I stayed with my mom for about a year and then I moved to Chicago with my dad. It started because they lived here. At the time, everybody who was from a foreign country thought of the United States as this place where money grows on trees and you can have whatever you want, which is not accurate. That was the predominant thinking at that time. I joined them here in the hopes that if I went to school and studied and did the right things, I could get a good job. It would be a better opportunity to advance than when I was in Lithuania.

Don't quit your day job until you know that your dream can work. Click To Tweet

Anybody who lives anywhere who’s reading this, most of the time they like where they live. They have their friends, their favorite places and their family. What would make you think life in America would be better than something that’s already familiar and the way you already lived your life?

It’s a collective consciousness type of thing. At that time, when I was a child in Lithuania, it was one of those things that if you wanted to be a lawyer, your parents had to be lawyers. If you wanted to be a doctor, your parents needed to know somebody higher up. Everybody understood that in the United States that wasn’t the case. You could be a lawyer even if your parents weren’t lawyers or you could be a doctor even though you didn’t know anybody higher up. Everybody understood at that time that you can create your own path in the United States. That’s what was appealing to most people who immigrated at that time.

I wonder what the way people see the US now is different from the way you saw it when you were a child.

I’m not overly familiar with this or connected to this anymore, but from what I’ve heard is that most people who emigrate from countries like Lithuania go to countries like the UK because it’s a lot shorter distance. If you want to see your family, instead of having to fly for twelve hours from the US, you hop on a plane for a couple of hours and you’re already there. It’s the same level of opportunity. We see more people immigrating within the European Union than they did back when I came over here. That’s in terms of people in Europe and where they go.

That makes sense and I believe it’s a good choice as well. There should be the equivalent or equal opportunity in the UK, but different environment and culture. Getting back to you. You got here, you went to law school. How did you do? Did you not speak English or did you learn English before you arrived?

I learned English before I came here. I was studying English when I was six years old. I did regular classes in English in school and then I did other classes after school in English. I remember going to these contests that we used to have. A bunch of groups of people are trying to translate documents from Lithuanian to English. You could win prizes based on how accurate your translation is, which sounds so boring but it was really fun as a kid.

Anybody listening to the show and hearing you speak would never guess you’re from anywhere, but the US and Midwest somewhere because your accent is very neutral. However you did it and the way you did it worked great because you sound absolutely natural to me.

There’s an age cutoff and I believe that’s thirteen. If you moved to a different country after thirteen, you’re stuck with the accent. If you moved before then, then you’re okay. I’m guessing that’s what happened, but I’m not sure.

FTC 184 | Website Privacy Policy
Website Privacy Policy: If some privacy bills are passed, consumers may get a private right of action, which means that they could sue your business directly for privacy violations and collect judgments on that.

 

That’s useful information that I hopefully will be able to use in my next lifetime because this lifetime it’s too late. It’s good to know. Thank you, Donata. Let’s get back to your depressing and miserable job in the junk mail company. What was the impetus? We have a lot of audience who are working right now for different companies, but would love to build their own business. For many reasons, this might be one of them to get ideas from people who have done it, from understanding what success means from the beginning to the point where they have a thousand clients. Go into some detail about the idea of Termageddon. What were you responding to when you had this idea and more importantly when you implemented this idea? 

There are a couple of different things there. I remember reading one of your previous blogs where you were talking about don’t quit your day job until you know that your dream can work. I completely agree with that sentiment because there are so many dreams that take a couple of different tries to work. You might start one marketing tactic and might work well for a week and then two weeks later, that particular tactic flops and then you’re on your own. For me, the real decision to leave my full-time job is we started to see more and more traction with privacy and with our service. We started Termageddon even before the European Union’s GDPR. It was a back burner project for a while. My fiancé was working in a facility agency. I was doing the attorney work. I was working for this junk mail company and it wasn’t the right time to go all in. After GDPR heads, after we started seeing some more fines for privacy violations, we started seeing more and more interest in our products. We started to see more and more people registering and creating their policies. We started to see some of our different marketing tactics working. That’s what led us to go full-time.

You read my blog, followed the instructions that my guests and I had been talking about and then did exactly what we talked about on the show many times, which is proving out your concept first. As you worked on building it, collecting early revenue until it got to the point where you saw the inevitability of it working. You left your job for working on your own.

I’m very happy that we did it that way. I’m very happy that we knew of this particular way to do it because we were a more steady ground. We weren’t always completely stressed out about whether or not this is going to work. We could focus on what we had to do instead of worrying about the base business in the first place.

It’s great that you did it. For those who don’t know what Termageddon is, tell us a little bit about the company and the products.

Termageddon is a generator of privacy policies, terms of service, end-user license agreements and disclaimers for websites and applications. What makes our product special is we automatically update our client’s policies whenever the laws change. For example, there’s a new law going into fact gender first in California and we make all of the updates for those policies so that our clients don’t have to keep track of the proposed bills and proposed laws.

Just to be clear, because I’m also a client and I know this, let me offer a little more detail and please correct me where I make a mistake. What this is, audience, is that you fill out a form with some basic information to generate an embed code. You put that on your website where your privacy policies that you use and you drop them into your website. As soon as you click Save, the link or that page now communicates with Donata’s servers and then they now know that you have installed their privacy policies on your website. That’s what Donata was talking about automatically updating them. Let’s say you have ten websites. You put the Termageddon policies on all of your websites. At that point, you never have to worry about that ever again because it will automatically be updated every time there’s a change in privacy policies. Is that right?

Yes, that’s totally right.

Privacy laws protect the personal information of residents of a state and don't protect the businesses of that state. Click To Tweet

Let’s get into a little bit about what is going on with privacy in this country? Maybe help some of us who never thought it was that important. You go to some of the big companies like Amazon maybe, you swipe their privacy policy, you change the names, drop it on your site and say, “I’m done.” Why is that bad? Why might that get us into trouble? What happens if we do what I told you?

Privacy was not a conversation that was big years ago. This is something that’s relatively new for us. A few years ago, it was just the lawyers and the people in tinfoil hats worrying about this. Fortunately and unfortunately, that’s no longer the case. If any of the audience here know about the Facebook-Cambridge Analytica scandal, it started all of this. After that all went down, a lot of legislators were saying, “This is not appropriate and this is not okay. You can’t take people’s information and use it however you want to and give it to whoever you want to and sell it and not give people a choice.” After Cambridge Analytica, we saw a lot more legislation popping up.

In the European Union, even before all of this, they started the GDPR, which is the General Data Protection Regulation, which is one set of rules that all businesses in the EU need to abide by and that protect the personal information of European Union citizens. That sounds really nice. There’s one set of rules, you follow them and then you’re fine. Unfortunately, in the US we don’t do things that way. We don’t do things in a way that would make sense. We have a lot of different states passing their own privacy laws. Instead of having a Federal Law, we have a bunch of Privacy Laws that we need to follow. Mostly, that’s in California and in Nevada as of right now. What those Privacy Laws do is they protect the personal information of residents of that state. They don’t protect the businesses of that state.

What that means is that even if your business is not located in California or Nevada, those laws could apply to you as well if you have people visiting your website from California or if you’re entering into transactions with people from California, those laws could apply to you. There are some solutions out there for getting a Compliant Privacy Policy and all of that. Some people do make the choice to copy and paste somebody else’s privacy policy and there are a couple of issues with that. First of all, you don’t know what you’re copying and pasting. You don’t know if it’s any good. You don’t know if a lawyer wrote it. You don’t know if they copied and pasted it from somebody else and you don’t know if it’s completely incorrect.

Number two, you would have to change a lot of the stuff in this privacy policy. If you’re not experienced with this kind of stuff, you can make the wrong changes or you can mess stuff. You can obligate yourself to providing more things to the consumer then you need to provide or you could be providing the wrong things. When you’re copying and pasting these privacy policies, they don’t update for you when the laws change. There are over nine states that have proposed new privacy bills. If you’re copying and pasting a template, you would either have to keep track of all these bills, what they say and when they pass and what the rules and regulations are for those laws. You would have to check the competitor’s website and make sure or check and see if they updated their privacy policy and hope that they updated it in time or that they updated it correctly. When you’re copying and pasting stuff, that’s a lot of responsibility and risk and pressure that falls on you to do all this stuff. As somebody whose main job is keeping track of these privacy laws, I can tell you that it’s a full-time job and it’s a lot of work and it’s not worth your time.

First of all, I agree. Back in the day, meaning before there was all this stuff with Cambridge Analytica, a privacy policy is something that never changed. You would end up getting one. I remember back in the day when I was operating a business, which was not just my own, I was running a business for others. We called an attorney and we had them open up their hard drive, pull out a privacy policy and customize it for us. We never thought about it again. That was the end of it. Things have changed and it’s made a huge difference in what’s going on now in the world. The world has gone nuts with this stuff. More importantly, it’s headed in a good direction.

Before, anybody could do anything for any reason. Now, there’s some regulation about it and that protects consumers. We’re talking about businesses here. Part of the value that I saw in what you’re doing is that you remove the burden of me having to keep track of these laws or even contemplating adjusting these documents on my website. That to me was a big deal because I have too many things to deal with and so do you, audience. You have way too many things to deal with to worry about this stuff. In the end, let’s say you didn’t have an up-to-date privacy policy. What’s the worst thing that can happen to you? What would people do or how would it potentially negatively affect you?

There are a couple of things that could happen there. The first thing to consider would be being fined. Most of the fines in the United States range from $2,500 to $7,500 per violation and by per violation, per website visitor whose rights you infringed upon. That can add up to quite a lot. Even if you have 100 visitors per month, it could add up to a lot. If GDPR applies to you, those fines can be up to €20 million, which is also a lot. If some of these privacy bills are passed, consumers will get a private right of action, which means that they could sue your business directly for privacy violations and collect judgments on that. Another thing to consider is these fines are scary and they can be really big, but another thing to consider is delays in your sales cycle.

FTC 184 | Website Privacy Policy
Website Privacy Policy: Privacy concerns can delay sales cycles by weeks. They can impact a consumer’s purchasing decision.

 

There have been studies done that show that privacy concerns can delay sales cycles by weeks. They can impact a consumer’s purchasing decision. If they’re making a choice between you and a competitor, if your competitor does have a privacy policy and respects privacy rights, they could choose your competitor over you if you don’t do the same thing. That’s something to consider as well. Consumers are very interested in this stuff now. They make you look for it and they do read the privacy policies. Taking care of those consumer concerns is something else to consider in addition to possibly being fined.

I want to acknowledge that because it sounds like theory, but it isn’t. I’ll tell you an exact situation that happened to me. I’m still a software developer. I’ve been developing software for many years, but in my latest reincarnation, my company ResultsBreakthrough.com, we develop a software to match people up for accountability partnerships. We were being evaluated by a learning management system company who took a look at our “privacy policy” and said, “You’re not compliant. We can’t do business with you.” That was the very first time ever that I thought or saw any possible actual difference in the way a company would treat another company. In this case, me. It was shocking that this impacted my little company this way.

Fortunately, we rallied around this problem and got it solved relatively quickly, but it cost me several thousand dollars overall to get it handled as quickly as I needed it to be handled. This stuff is real. If you’re not paying attention and thinking, “I have a little blog. We have a download free report and then we sell some coaching.” It’s real. People will pay attention. It turns out that laws are put in place where consumers can sue you because of having violated their privacy simply by not having the right types of policy statements on your site. I don’t want to be there and I’m going to guess you don’t either. Pay attention to this stuff. This is important. Tell us what you think, Donata, about what is coming down the road here. We’re not done changing privacy policies on a US commerce basis or worldwide basis. What do you think is coming down the road for us all?

This is one of my favorite questions of all time because it has no clear answer. There are a couple of things that we’re seeing, which are very interesting. Let’s take the California Consumer Privacy Act, which is going into effect on January 1st of 2020. We’re seeing a lot of these companies from California consumers, apply those rights to everyone. For example, Microsoft is saying the rights that would normally be afforded to Californian residents under the CCPA are now going to be afforded to everyone that uses any of our websites or products. That’s interesting trend. Instead of trying to segment audiences by where they’re coming from and then using that to tell them what their rights are, those rights are given to everybody. That’s very interesting to see.

We’re also seeing some movement on a federal level, on a Federal Privacy Law. Instead of having all of these states have their own laws, the federal government is saying, “Maybe we should have one overarching law.” What’s interesting about that is that we’re seeing bills being proposed or principles being taken and legislators saying, “If there is a Federal Law, but there’s also a State Law.” If the State Law gives consumers more rights than the State Law would hold versus the Federal Law. We also see proposals for Federal Laws that would allow consumers the right to sue. We’re also seeing a lot of legislators saying, “These are the consumer rights that consumers should have and businesses need to abide by those rights. The rights of the consumer are more important than anything else.” We’re also seeing a lot of states proposing their own privacy bills.

For example, Washington’s legislature said, “The first thing on our docket early next year, whenever our term starts is a statewide privacy law.” That’s very interesting because you see all these states proposing their laws, you see some of them passing them, you see other ones saying, “We’re going to study this for a year.” We have other states saying, “This is the first thing on our docket as soon as our term starts again next year.” We’re going to see a lot more state privacy laws. I don’t think that we’re going to see a federal privacy law in the next six months because it’s very hard to come up with something that everybody can agree on. We’ll also see more businesses giving these rights to everyone instead of segmenting their audiences. I’m very excited to see what happens next.

Only a lawyer could be very excited to see what’s next. I appreciate you pointing that out. We are talking to someone who has extensive experience with privacy laws, Donata Kalnenaite. She has created this incredible company called Termageddon. Donata, the question I have for you going forward here is what do you think people who are starting a business should do? Should they not have anything at all on their website? Assuming that they cannot afford to pay an attorney to put a privacy statement on, what would be the least they could do to be at least moderately safe right now in this day and age?

When you're copying and pasting privacy policies, they don't update for you when the laws change. Click To Tweet

The first question for that would be, does your website need a privacy policy? The best way to evaluate that is if you have a contact form or if you have an email newsletter sign up form. If you have any forms that are collecting personal information, for example, name, email or phone number, that means that you need to have a privacy policy. If you look at your contact form, you have email newsletter form, that’s the best way to tell that you need one. If you don’t have any of that, if your website is not collecting any personal information, then you don’t need one and you’re fine. That’s the first hurdle that I would step over.

In terms of what you should do to get yourself ready, I’m a big believer of you’re either compliant or you’re not. I see some solutions that charge you extra for GDPR compliance or charge you extra if you’re a company versus a person. I’m not a big fan of that. You’re either compliant or you’re not. Being compliant with California’s laws, but not being compliant with Nevada laws doesn’t make sense for a business, in my opinion. If I was a small business and I could not afford to have an attorney write my privacy policy, I would use a generator. A generator would ask you a few questions and then would create your privacy policy for you because apart from hiring an attorney, that’s the next best thing.

Let’s talk about your service. I never asked you what the price of your service is for an individual or a small company of one or two people would be.

We charge $10 per month or $100 per year. We do our recurring fee because it takes a lot of time and energy and resources to keep up to date with the privacy laws and make changes to the system. That’s why it’s not a one-time fee. That includes all the policies and that includes all of the protections. It’s just one fee, you get everything that you need.

Let’s talk about what the protection itself is worth. In other words, we pay you $100 a year or $10 a month and then someone comes at us and threatens a lawsuit. What do we do? Do we call you?

We can provide you with a copy of the privacy policy that was used at the time. The privacy policy that the user agreed to and then you can use that privacy policy to show that the required disclosures were made. If you answered the questionnaire saying, “I don’t sell data,” and then you end up selling it without changing your privacy policy, there’s nothing that we can do in that case if you are deceiving consumers about what you’re doing. Other than that, most of the time, if you have the right privacy policy, if you have the right disclosures and if you follow those disclosures, that can be used as evidence as well.

Ultimately, what it comes down to is your protection is the stated privacy policy on your site at the time of the accused infraction. If somebody claims something or another, your simplest and easiest defense is, “We have this policy on our site and it spells out pretty clearly. What is it we do and don’t do and promise and don’t promise?” This is our true defense is what you’re saying.

If you are doing something completely different than from what’s disclosed in that privacy policy, if you’re selling information and you say that you don’t sell it, that’s a whole different situation.

FTC 184 | Website Privacy Policy
Website Privacy Policy: Privacy by design is the idea that you can incorporate privacy into the design of products, websites, applications and services, to essentially provide users with the best privacy and security experience.

 

As it should be, that’s the way it works. Donata, at this point in the show, what we do is we are going to segment to what we call the personality-based questions. What this simply means is that we use these questions to find out more about you and the owner of the company, the founder of the company and maybe a little bit about what you care about. Here’s the first question. Who, in all of space and time, would you like to have one hour to enjoy a walk in the park, a quick lunch or an intense conversation with?

This one will definitely be an intense conversation. It’s nerdy but I would want to speak to Ann Cavoukian. She’s the person behind Privacy by Design. She’s the one who wrote up the Privacy by Design principles and has introduced them to the world. Privacy by Design is the idea that you can incorporate privacy into the design of products, websites, applications and services to provide users with the best privacy and security experience that you can. I admire her work. I would love to have an intense conversation with her.

Is she still around?

Yes. I believe she’s one of the Data Protection Regulators in Canada.

Why don’t we send her a note and tell her about your software, about your business and about your desire to have a conversation with her and see what happens? What do you think about that?

I highly doubt she would ever respond to me. She is so much better than the rest of us.

I’ve had some incredible people respond to me. What I taught my daughter since she’s a little girl is that you never get anything if you don’t ask. This might be worth a shot at asking. Let’s plan to do that. We’ll set that as a goal together, you and I. We’ll see if we can get Ann to respond. If not an intense onehour conversation, maybe a phone call, a podcast interview. Wouldn’t that be interesting?

That would be very interesting because she has so much knowledge and she’s provided so many great resources to our field. To all privacy professionals, her work is absolutely amazing.

The rights of the consumer are more important than anything else. Click To Tweet

There’s a goal. You and I will chat about that after the show is over and see how we can make that happen. Here is the grand finale, the change the world question. What is it that you are doing or would like to do that truly has the potential to literally change the world?

I hope that I’m doing this. I hope that I’m helping people become more aware of privacy issues and their privacy rights. I’m helping businesses respect those rights in the proper way. That’s very exciting and I hope to continue to be able to do that.

Audience, if you don’t think that’s very exciting, wouldn’t you like to have an attorney who does write your privacy policy? This is serious stuff. You and I may not be interested in the literal law of privacy, but it affects you every single day. I hope that by listening to this episode, it has heightened your awareness of privacy and the need for protection. Take a moment and read as Donata tells us about her free gift.

If you want to send me an email after this episode, it’s Donata@Termageddon.com. You can get 30% off your first purchase. I’ll give you 30% off the fee that you’re paying for your policies on Termageddon.

For $70, I can get a year of protection.

Just mention this podcast and I’ll send that over to you.

That’s a great giveaway and it’s worthwhile. Audience, take advantage of that and get your privacy policy all taken care of in one swell poof. Donata, thank you for your time. I enjoyed chatting with you. I love your service. I’m a user, as you know. Audience, take advantage of this. It’s worth it. I’m looking forward to the next time we get a chance to talk again soon, Donata.

Thank you so much for having me. This has been great.

Resources Mentioned in This Episode:

Love the show? Subscribe, rate, review, and share!

Join Your First Thousand Clients Community today:

Get a copy of Mitch Russo’s new book: PowerTribes and learn how to build your own tribe that automatically helps you grow your business. The link for that is https://PowerTribesBook.com

Download 37 Sure Fire Tips and Tools!
Get Your First Thousand Clients NOW!

DOWNLOAD NOW

Get a copy of Mitch Russo’s new book:

Power Tribes

Learn how to build your own tribe that automatically helps you grow your business.

GET $997 IN BONUSES WHEN YOU BUY THIS BOOK HERE

Malcare WordPress Security