184: How To Secure Your Website’s Privacy Policies With Donata Kalnenaite
Privacy policies in your website need to be up to date whenever laws change. However, manually changing or copying policies from other websites can be tedious and takes a lot of time and work. In this episode, host Mitch Russo guests Donata Kalnenaite of Termaggedon to explain to us how privacy policies work and the laws that affect it. She also discusses how Termaggedon offers to automatically update your website privacy policies whenever state law changes.
How To Secure Your Website’s Privacy Policies With Donata Kalnenaite
Have you talked back to me yet? I’m getting several messages a day now using the Speak to Mitch button on every episode. Do you want to react to what I say? Go ahead, make my day. Let’s get the conversation started. One more thing I’m going to tell you about is a new sponsorship partner for the show and that’s VEA, the Virtual Entrepreneurs Association. It’s a place with all the tools, resources, discounts, education and community to help you on your entrepreneurial mission. Think of VEA as the AAA or Swiss Army knife for business. For a limited time, you can get your free VEA trial as well as a copy of the founder, Daven Michael’s new book, The Virtual Entrepreneur at VEABusiness.com/mitch.
My guest migrated to the US at the age of twelve and knew that in the land of opportunity, she would have to work hard to achieve her dreams. She moved in with her mom for the first year and then with her dad and later enrolled in law school, knowing that being an attorney would both open doors and provide opportunities for her as she became more integrated into the business community. That wasn’t okay with her dad who yelled at her for studying too hard. Overcoming her father’s ill will was just the beginning. After graduated in law school, she went to work for a junk mail company, which was depressing and soul sucking. She realized how junk mail violated her personal values of human privacy and watched as your only goal was to exploit their clients. She finally quit her job after having a vision for what her real purpose in life would be. It’s with that purpose driving her forward, she started her company called Termageddon, which is her vehicle for building both the company and the life she wanted. Welcome, Donata Kalnenaite, to the show.
Thank you so much, Mitch. I appreciate it. I’m happy to be here.
I’m glad to have you. Yours is an incredibly interesting story. Other than your dad, who yelled at you, you had the strength and determination to get past that. Landing at a junk mail company, what did you think when you first took that job?
When I first took that job, I thought I need a job. At that time, the job market wasn’t that great. I was working from home for a while and I needed to get out of home. I interviewed at this job and I got it and I was working in compliance. I have been unsubscribed from junk mail for years now. It was very difficult to facilitate the sending of junk mail to people, which we all know that no one wants. No one likes getting it. Facilitating, collecting people’s information to send them junk mail, in my opinion, was wrong. It did not align with what I wanted to do in my life and did not align with my values. I ended up quitting and starting Termageddon instead.
Let’s go back even further. You migrated to this country and you were twelve at that time. You had a vision of the United States and of what life might be like here in the US. How did that all happen?
At that time, my parents were already in the US and they were already divorced. My mom lived in New Jersey and my dad lived in the Chicagoland area. They invited me over to stay. I stayed with my mom for about a year and then I moved to Chicago with my dad. It started because they lived here. At the time, everybody who was from a foreign country thought of the United States as this place where money grows on trees and you can have whatever you want, which is not accurate. That was the predominant thinking at that time. I joined them here in the hopes that if I went to school and studied and did the right things, I could get a good job. It would be a better opportunity to advance than when I was in Lithuania.Don't quit your day job until you know that your dream can work. Click To Tweet
Anybody who lives anywhere who’s reading this, most of the time they like where they live. They have their friends, their favorite places and their family. What would make you think life in America would be better than something that’s already familiar and the way you already lived your life?
It’s a collective consciousness type of thing. At that time, when I was a child in Lithuania, it was one of those things that if you wanted to be a lawyer, your parents had to be lawyers. If you wanted to be a doctor, your parents needed to know somebody higher up. Everybody understood that in the United States that wasn’t the case. You could be a lawyer even if your parents weren’t lawyers or you could be a doctor even though you didn’t know anybody higher up. Everybody understood at that time that you can create your own path in the United States. That’s what was appealing to most people who immigrated at that time.
I wonder what the way people see the US now is different from the way you saw it when you were a child.
I’m not overly familiar with this or connected to this anymore, but from what I’ve heard is that most people who emigrate from countries like Lithuania go to countries like the UK because it’s a lot shorter distance. If you want to see your family, instead of having to fly for twelve hours from the US, you hop on a plane for a couple of hours and you’re already there. It’s the same level of opportunity. We see more people immigrating within the European Union than they did back when I came over here. That’s in terms of people in Europe and where they go.
That makes sense and I believe it’s a good choice as well. There should be the equivalent or equal opportunity in the UK, but different environment and culture. Getting back to you. You got here, you went to law school. How did you do? Did you not speak English or did you learn English before you arrived?
I learned English before I came here. I was studying English when I was six years old. I did regular classes in English in school and then I did other classes after school in English. I remember going to these contests that we used to have. A bunch of groups of people are trying to translate documents from Lithuanian to English. You could win prizes based on how accurate your translation is, which sounds so boring but it was really fun as a kid.
Anybody listening to the show and hearing you speak would never guess you’re from anywhere, but the US and Midwest somewhere because your accent is very neutral. However you did it and the way you did it worked great because you sound absolutely natural to me.
There’s an age cutoff and I believe that’s thirteen. If you moved to a different country after thirteen, you’re stuck with the accent. If you moved before then, then you’re okay. I’m guessing that’s what happened, but I’m not sure.
That’s useful information that I hopefully will be able to use in my next lifetime because this lifetime it’s too late. It’s good to know. Thank you, Donata. Let’s get back to your depressing and miserable job in the junk mail company. What was the impetus? We have a lot of audience who are working right now for different companies, but would love to build their own business. For many reasons, this might be one of them to get ideas from people who have done it, from understanding what success means from the beginning to the point where they have a thousand clients. Go into some detail about the idea of Termageddon. What were you responding to when you had this idea and more importantly when you implemented this idea?
There are a couple of different things there. I remember reading one of your previous blogs where you were talking about don’t quit your day job until you know that your dream can work. I completely agree with that sentiment because there are so many dreams that take a couple of different tries to work. You might start one marketing tactic and might work well for a week and then two weeks later, that particular tactic flops and then you’re on your own. For me, the real decision to leave my full-time job is we started to see more and more traction with privacy and with our service. We started Termageddon even before the European Union’s GDPR. It was a back burner project for a while. My fiancé was working in a facility agency. I was doing the attorney work. I was working for this junk mail company and it wasn’t the right time to go all in. After GDPR heads, after we started seeing some more fines for privacy violations, we started seeing more and more interest in our products. We started to see more and more people registering and creating their policies. We started to see some of our different marketing tactics working. That’s what led us to go full-time.
You read my blog, followed the instructions that my guests and I had been talking about and then did exactly what we talked about on the show many times, which is proving out your concept first. As you worked on building it, collecting early revenue until it got to the point where you saw the inevitability of it working. You left your job for working on your own.
I’m very happy that we did it that way. I’m very happy that we knew of this particular way to do it because we were a more steady ground. We weren’t always completely stressed out about whether or not this is going to work. We could focus on what we had to do instead of worrying about the base business in the first place.
It’s great that you did it. For those who don’t know what Termageddon is, tell us a little bit about the company and the products.
Termageddon is a generator of privacy policies, terms of service, end-user license agreements and disclaimers for websites and applications. What makes our product special is we automatically update our client’s policies whenever the laws change. For example, there’s a new law going into fact gender first in California and we make all of the updates for those policies so that our clients don’t have to keep track of the proposed bills and proposed laws.
Just to be clear, because I’m also a client and I know this, let me offer a little more detail and please correct me where I make a mistake. What this is, audience, is that you fill out a form with some basic information to generate an embed code. You put that on your website where your privacy policies that you use and you drop them into your website. As soon as you click Save, the link or that page now communicates with Donata’s servers and then they now know that you have installed their privacy policies on your website. That’s what Donata was talking about automatically updating them. Let’s say you have ten websites. You put the Termageddon policies on all of your websites. At that point, you never have to worry about that ever again because it will automatically be updated every time there’s a change in privacy policies. Is that right?
Yes, that’s totally right.Privacy laws protect the personal information of residents of a state and don't protect the businesses of that state. Click To Tweet
Privacy was not a conversation that was big years ago. This is something that’s relatively new for us. A few years ago, it was just the lawyers and the people in tinfoil hats worrying about this. Fortunately and unfortunately, that’s no longer the case. If any of the audience here know about the Facebook-Cambridge Analytica scandal, it started all of this. After that all went down, a lot of legislators were saying, “This is not appropriate and this is not okay. You can’t take people’s information and use it however you want to and give it to whoever you want to and sell it and not give people a choice.” After Cambridge Analytica, we saw a lot more legislation popping up.
In the European Union, even before all of this, they started the GDPR, which is the General Data Protection Regulation, which is one set of rules that all businesses in the EU need to abide by and that protect the personal information of European Union citizens. That sounds really nice. There’s one set of rules, you follow them and then you’re fine. Unfortunately, in the US we don’t do things that way. We don’t do things in a way that would make sense. We have a lot of different states passing their own privacy laws. Instead of having a Federal Law, we have a bunch of Privacy Laws that we need to follow. Mostly, that’s in California and in Nevada as of right now. What those Privacy Laws do is they protect the personal information of residents of that state. They don’t protect the businesses of that state.
There are a couple of things that could happen there. The first thing to consider would be being fined. Most of the fines in the United States range from $2,500 to $7,500 per violation and by per violation, per website visitor whose rights you infringed upon. That can add up to quite a lot. Even if you have 100 visitors per month, it could add up to a lot. If GDPR applies to you, those fines can be up to €20 million, which is also a lot. If some of these privacy bills are passed, consumers will get a private right of action, which means that they could sue your business directly for privacy violations and collect judgments on that. Another thing to consider is these fines are scary and they can be really big, but another thing to consider is delays in your sales cycle.
Fortunately, we rallied around this problem and got it solved relatively quickly, but it cost me several thousand dollars overall to get it handled as quickly as I needed it to be handled. This stuff is real. If you’re not paying attention and thinking, “I have a little blog. We have a download free report and then we sell some coaching.” It’s real. People will pay attention. It turns out that laws are put in place where consumers can sue you because of having violated their privacy simply by not having the right types of policy statements on your site. I don’t want to be there and I’m going to guess you don’t either. Pay attention to this stuff. This is important. Tell us what you think, Donata, about what is coming down the road here. We’re not done changing privacy policies on a US commerce basis or worldwide basis. What do you think is coming down the road for us all?
This is one of my favorite questions of all time because it has no clear answer. There are a couple of things that we’re seeing, which are very interesting. Let’s take the California Consumer Privacy Act, which is going into effect on January 1st of 2020. We’re seeing a lot of these companies from California consumers, apply those rights to everyone. For example, Microsoft is saying the rights that would normally be afforded to Californian residents under the CCPA are now going to be afforded to everyone that uses any of our websites or products. That’s interesting trend. Instead of trying to segment audiences by where they’re coming from and then using that to tell them what their rights are, those rights are given to everybody. That’s very interesting to see.
We’re also seeing some movement on a federal level, on a Federal Privacy Law. Instead of having all of these states have their own laws, the federal government is saying, “Maybe we should have one overarching law.” What’s interesting about that is that we’re seeing bills being proposed or principles being taken and legislators saying, “If there is a Federal Law, but there’s also a State Law.” If the State Law gives consumers more rights than the State Law would hold versus the Federal Law. We also see proposals for Federal Laws that would allow consumers the right to sue. We’re also seeing a lot of legislators saying, “These are the consumer rights that consumers should have and businesses need to abide by those rights. The rights of the consumer are more important than anything else.” We’re also seeing a lot of states proposing their own privacy bills.
For example, Washington’s legislature said, “The first thing on our docket early next year, whenever our term starts is a statewide privacy law.” That’s very interesting because you see all these states proposing their laws, you see some of them passing them, you see other ones saying, “We’re going to study this for a year.” We have other states saying, “This is the first thing on our docket as soon as our term starts again next year.” We’re going to see a lot more state privacy laws. I don’t think that we’re going to see a federal privacy law in the next six months because it’s very hard to come up with something that everybody can agree on. We’ll also see more businesses giving these rights to everyone instead of segmenting their audiences. I’m very excited to see what happens next.
Only a lawyer could be very excited to see what’s next. I appreciate you pointing that out. We are talking to someone who has extensive experience with privacy laws, Donata Kalnenaite. She has created this incredible company called Termageddon. Donata, the question I have for you going forward here is what do you think people who are starting a business should do? Should they not have anything at all on their website? Assuming that they cannot afford to pay an attorney to put a privacy statement on, what would be the least they could do to be at least moderately safe right now in this day and age?When you're copying and pasting privacy policies, they don't update for you when the laws change. Click To Tweet
Let’s talk about your service. I never asked you what the price of your service is for an individual or a small company of one or two people would be.
We charge $10 per month or $100 per year. We do our recurring fee because it takes a lot of time and energy and resources to keep up to date with the privacy laws and make changes to the system. That’s why it’s not a one-time fee. That includes all the policies and that includes all of the protections. It’s just one fee, you get everything that you need.
Let’s talk about what the protection itself is worth. In other words, we pay you $100 a year or $10 a month and then someone comes at us and threatens a lawsuit. What do we do? Do we call you?
As it should be, that’s the way it works. Donata, at this point in the show, what we do is we are going to segment to what we call the personality-based questions. What this simply means is that we use these questions to find out more about you and the owner of the company, the founder of the company and maybe a little bit about what you care about. Here’s the first question. Who, in all of space and time, would you like to have one hour to enjoy a walk in the park, a quick lunch or an intense conversation with?
This one will definitely be an intense conversation. It’s nerdy but I would want to speak to Ann Cavoukian. She’s the person behind Privacy by Design. She’s the one who wrote up the Privacy by Design principles and has introduced them to the world. Privacy by Design is the idea that you can incorporate privacy into the design of products, websites, applications and services to provide users with the best privacy and security experience that you can. I admire her work. I would love to have an intense conversation with her.
Is she still around?
Yes. I believe she’s one of the Data Protection Regulators in Canada.
Why don’t we send her a note and tell her about your software, about your business and about your desire to have a conversation with her and see what happens? What do you think about that?
I highly doubt she would ever respond to me. She is so much better than the rest of us.
I’ve had some incredible people respond to me. What I taught my daughter since she’s a little girl is that you never get anything if you don’t ask. This might be worth a shot at asking. Let’s plan to do that. We’ll set that as a goal together, you and I. We’ll see if we can get Ann to respond. If not an intense one–hour conversation, maybe a phone call, a podcast interview. Wouldn’t that be interesting?
That would be very interesting because she has so much knowledge and she’s provided so many great resources to our field. To all privacy professionals, her work is absolutely amazing.The rights of the consumer are more important than anything else. Click To Tweet
There’s a goal. You and I will chat about that after the show is over and see how we can make that happen. Here is the grand finale, the change the world question. What is it that you are doing or would like to do that truly has the potential to literally change the world?
I hope that I’m doing this. I hope that I’m helping people become more aware of privacy issues and their privacy rights. I’m helping businesses respect those rights in the proper way. That’s very exciting and I hope to continue to be able to do that.
If you want to send me an email after this episode, it’s Donata@Termageddon.com. You can get 30% off your first purchase. I’ll give you 30% off the fee that you’re paying for your policies on Termageddon.
For $70, I can get a year of protection.
Just mention this podcast and I’ll send that over to you.
Thank you so much for having me. This has been great.
Resources Mentioned in This Episode:
- Virtual Entrepreneurs Association
- Ann Cavoukian
Love the show? Subscribe, rate, review, and share!