Episode 399
Luckily, our guest today, Hans Skillrud, has collaborated with his wife to create an easy, self-updating tool that agency owners can implement on their own websites and the sites they build for their clients. He has committed himself to ensuring that data protection tools and documentation are easily accessible for anyone without needing a legal degree to make sense of it all.
In this episode, you’ll learn why you must educate yourself and your clients on the most current privacy policy and data protection laws, why not to cut corners in this department, and why you should never collect more data than you actually need.
Even if it doesn’t seem like a big deal right now, with the constantly changing environment of privacy laws, you never know when you could end up in a mess, even five years later. Don’t delay on this, and get your documentation in check today.
A big thank you to our podcast’s presenting sponsor, White Label IQ. They’re an amazing resource for agencies who want to outsource their design, dev, or PPC work at wholesale prices. Check out their special offer (10 free hours!) for podcast listeners here.
What You Will Learn in This Episode:
- What is Termageddon?
- What agencies are required to provide to their clients in terms of documentation
- The risks for smaller businesses and agencies for not practicing good data protection
- Why agencies should embrace data protection policies, even if it seems complicated
- Can chatGPT write our policies for us?
- Why copying and pasting someone else’s policies is a bad idea
- How data protection lawsuits happen
- How the Termageddon team keeps up with constantly changing data protection laws
- The confusing future of privacy law
- Three best data protection practices for agencies and website builders
“I think that the era is changing, and having proper policies in place is a good way to avoid fines or lawsuits and respect your website.” @DeepSpaceHans Share on X
“I'm a big advocate for not feeling like you have to have a law degree just to tell your clients you think website policies are important.” @DeepSpaceHans Share on X
“When it comes down to it, it’s the website owner that's responsible for complying with applicable laws.” @DeepSpaceHans Share on X
“Noncompliance fines start at $2,500 per website visitor whose rights you've infringed upon.” @DeepSpaceHans Share on X
“The real question is not, how do I get a privacy policy as fast as possible? It's, how do I get a privacy policy that's compliant and comprehensive, so I'm not getting fined or sued?” @DeepSpaceHans Share on X
Ways to contact Hans:
- Website: https://termageddon.com/
- LinkedIn Personal: https://www.linkedin.com/in/hans-skillrud/
- LinkedIn Business: https://www.linkedin.com/company/termageddon/
- Facebook: https://www.facebook.com/termageddon
- Twitter: https://twitter.com/DeepSpaceHans
- Termageddon’s Agency Partner Program: https://termageddon.com/agency-partners/
Resources:
- Facebook Group: https://www.facebook.com/groups/BABApodcast
- Salary Survey: https://agencymanagementinstitute.com/agency-tools/salary-survey-2021/
- GDPR Enforcement Tracker: https://enforcementtracker.com/
Speaker 1:
If you’re going to take the risk of running an agency, shouldn’t you get the benefits too? Welcome to Agency Management Institute’s Build A Better Agency podcast, presented by White Label IQ.
Tune in every week for insights on how small to mid-size agencies are surviving and thriving in today’s market. We’ll show you how to make more money and keep more of what you make. We want to help you build an agency that is sustainable, scalable, and if you want, down the road, sellable. With 25-plus years of experience as both an agency owner and agency consultant, please welcome your host, Drew McLellan.
Drew McLellan:
Hey, everybody, Drew McLellan here from Agency Management Institute, back with another episode of Build A Better Agency. And we are going to talk about all things legal and privacy policy, and cookie, and all the things that we have to think about on websites and really have a fascinating guest that I’m excited to introduce you to.
But before I do that, I do want to remind you that we have created a Facebook group specifically for you, people who listen to the podcast. You don’t need to be a member, you don’t have to have ever given us a dollar. Just head over to Facebook and search for Build A Better Agency podcast, and it’ll show up with the Facebook group. And you have to answer three simple questions. Do you work at an agency? And what is the URL? So, you have to give us the URL, because we’re going to verify that it’s a legit agency. What do you want to get out of the group? What do you want to learn? How do you want to grow? And the third one is, will you be nice? Will you follow the rules?
Lots of interesting conversations going on there. Everything from project management tools, to bonus programs, to commissions for employees and all kinds of fascinating conversations happening, that you are all generating, that you’re all participating in. We jump into the conversations as well. So, it’s just a really robust place to be if you want to connect with other people who understand your world, who are walking in your shoes, and who are really, really ready and generous in terms of being ready to help you and answer your questions. So, head over there, join us, join in the conversation. We would love to have you.
All right. So, my guest today is a gentleman named Hans Skillrud. So, Hans used to own an agency and then married an attorney who specialized in privacy policies and law, and they created a product called Termageddon. And basically it’s code that you put on a website, that constantly updates with all of the world’s privacy policies and other things.
So, I’m going to ask him all about it. We’re going to find out how they get their data, how they keep it current, but more importantly, what we need to be thinking about as agency owners, whether we use their tool or not, in terms of protecting ourselves and our clients. So, with that, I have lots of questions because this is an ever evolving field. I mean, really when you think about it, we didn’t worry that much about privacy policies not that long ago. We might have had one for a client, but it was a template. We probably had built it 10 years before and it was fine.
But then as the world started changing and as the internet started being more sophisticated in terms of the information that it could and does gather, and the more we use websites as that workhorse of a tool for our clients, all of these things came together and there was this big privacy concern, and as we know, all kinds of privacy laws cropping up all over the world. So, the question is, how do we protect ourselves, protect our clients, and do the right thing? And so, that’s the topic for today, and I think Hans has the answer. All right, without further ado, welcome to the podcast. Thanks for joining us.
Hans Skillrud:
Thanks for having me, Drew.
Drew McLellan:
So, give everybody a little bit of your background, starting with your former life as an agency owner and how you came to be doing the work that you’re doing now. And then, I want to dig into all of the nuances of, how do we protect ourselves and our clients when we’re producing digital assets and websites and landing pages in today’s constantly changing legal environment?
Hans Skillrud:
Yeah. It really is changing. And I’d be happy to. So, my name is Hans Skillrud. I’m the co-founder of Termageddon. Termageddon is a website policies generator, but where I started in agency life was running my own agency. So, I started a web development agency in 2012. I built it up to a 12 person team. And in 2019, I ended up marrying a privacy attorney. We ended up building out Termageddon, and as difficult as it was, I made the decision to sell my agency, to go full-time Termageddon. So, a lot to speak on the agency front, of course.
Drew McLellan:
Right.
Hans Skillrud:
And I know everyone is listening to us, but I’ve lost a lot of hair figuring out proper ways to run an agency, but marrying a privacy attorney, running Termageddon, that company really took off. And yeah, now I focus exclusively on that. So, Termageddon is website policies and it’s really built for agencies and their clients.
Drew McLellan:
I was going to say, you really took your experience of being an agency owner, recognized an ongoing challenge, which we’re going to spend our time this hour talking about. And then you and your wife built a product, in essence, a service. It’s really a software as a service product, that allows people to resolve the problem, right?
Hans Skillrud:
That’s right. Yeah. She was charging five figures for complex privacy policies with her law firm practice that she was running. My clients were not interested in paying those types of fees, let alone the ongoing fees for maintenance and monitoring of privacy laws. And my clients would always ask me, “Can you just copy a privacy policy from one of our competitor’s sites?” Which felt unprofessional and very uncomfortable doing it.
Drew McLellan:
But a lot of people do it.
Hans Skillrud:
Yeah, a lot of people do it. And I think we got by for a little while, but I think that the era is changing and having proper policies in place is a good way to avoid fines or lawsuits and respect your website visitors’ privacy rights. And we just felt like there was some middle ground between copying and pasting a legal document from someone else and paying 25 grand for a privacy policy. And there lies why we created Termageddon.
Drew McLellan:
And just really briefly, before we dig into the issue of privacy policies on websites and all of the crazy things that have happened in the last few years that make this such a hot topic. So, with Termageddon, the way it works is, I subscribe in essence to language that as laws and things change, the language automatically changes, right?
Hans Skillrud:
Yeah, that’s right. So, at Termageddon, we give web agencies a free set of our policies forever, via our agency partners program. We do that in the hopes that they’re willing to take the time to get comprehensive policies for their own business and if they like what they see, they can refer or resell our solution to their clients.
And what’s key and fundamental about Termageddon, is that our tool helps you figure out what laws apply to you. And then our questionnaire adapts and asks you the necessary questions to make the disclosures required under the specific laws and disclosure requirements your specifically required to make. And then you copy and paste our imbed code into your body of your policy pages and that’s what allows us to push updates when new disclosures become required.
An excellent example being that in three months from the time of this recording, we have four more privacy laws going into effect with new disclosure. So, we’ve already updated our customers and taken care of that months ago.
Drew McLellan:
Yeah, it’s crazy. So, I think there’s a lot of confusion around privacy policies, terms of service, cookie policies, consent forms. So, just give us the lay of the land of what all as agencies, assuming both for ourselves and more important, as we build out some sort of web or digital presence for clients, what do we need to be thinking about making sure we provide, what’s required, why do we have to do it and what are the risks of not doing it?
Hans Skillrud:
Yeah, no, that’s excellent question. So, I’m struggling between, do I define the policies and what each policy is about? Or, do I go into explaining what agencies need to take into consideration? I’ll start with definitions.
Drew McLellan:
Okay.
Hans Skillrud:
Oh, you know what? My wife’s alarm bells are going off internally now in my head. Please note, this is not legal advice, Termageddon is not providing legal services today, nor am I. It’s for informational purposes only.
Drew McLellan:
Do you have to cross yourself or anything when you say that?
Hans Skillrud:
I might as well. I say it about 50 times a day at this point.
Drew McLellan:
I’m sure.
Hans Skillrud:
So, a privacy policy is a document that exists to comply with laws, and it is to explain to your website visitors what personal information your website’s collecting, what you’re doing with that information, who you may be sharing it with, and a series of other disclosures regarding your privacy practices.
So, privacy policies exist to comply with privacy laws by stating your privacy practices. A terms of service otherwise known as the terms and conditions, or terms. Those are all interchangeable words. They all are one document to explain the rules to using a website. So, I like a terms of service for virtually any website in this day and age, because you can have little disclosures in there, like, “We offer links to third-party websites. We’re not responsible when you click those links.” That little disclosure can help prevent a lawsuit.
And a terms and conditions statement is just a series of those types of disclosures. A terms is also needed for e-commerce websites to abide to consumer protection laws. But when it’s all said and done, privacy policy is to comply with privacy laws, terms is to limit your liability as a website owner by explaining the rules to using the website.
There’s also cookie policies and cookie consent solutions. Those are required under some but not all privacy laws. And they’re an extension of a privacy policy as it relates to the use of non-essential cookies. And a disclaimer is a way to further limit your liability if you’re in a unique business where you’re offering health products like diet pills or nutrition supplements, or offering anything that could be seen as legal advice, or health advice, or fitness tips, or participate in affiliate programs. So, disclaimers help you further limit your liability when you have a unique offering for your website, where you need to make a disclaimer.
So, these policies, we just defined them, and hopefully that’s a good takeaway for people listening, because I didn’t really understand why each of them existed, but they have very specific purposes. And I think the big thing to agency owners is that learning the fact that when you’re building a website that includes a contact form, where you’re asking people to submit their name and email, you’re building something for a client where they may be now collecting regulated data. Privacy laws are protecting and regulating the collection of names, emails, phone numbers, IP addresses, device information, anything that can be used to identify an individual. So, that’s when alarm bells should be going off that like, “Hey, probably best to educate my client about this stuff because they may now be required to comply with multiple laws from the website I just built them.”
And I can go on. I really don’t want this to be a plug because I genuinely believe that this is just a discussion agencies need to start having with their clients. What I’m a big advocate for is not feeling like you have to have a law degree just to tell your clients, “I think website policies are important.” So, we offer a free waiver over at Termageddon. You don’t even have to become a customer of ours. It’s a free website policies waiver, which is, you’re welcome to use it however you wish, but it can educate clients on what website policies are and let the client sign off acknowledging what they want to do about it. They can hire their attorney, they can use a tool like Termageddon, or they can choose to do nothing. And that’s what I’m saying-
Drew McLellan:
I was just going to ask you, who’s responsible? So, the waiver is a great way of saying, you need to document what the client decided to do. So, we’ve had some agencies that have built websites, that even had some sort of a waiver in place, and three, four, five years later somebody’s coming back to sue them. So, it’s either accessibility or it’s a privacy thing or whatever. And if they didn’t have the paperwork, the agency was going to be on the hook at the very minimum to fix the problem, let alone there may be legal ramifications as well.
Hans Skillrud:
That’s right. And when it comes down to it, it is the website owner that’s responsible for complying with applicable laws. There is an asterisk there though to that statement, which is, unless you have a contract with the client, where your web services contract states, “I’m going to build you a website compliant with all laws, or X, Y, Z laws.” I personally would not recommend that unless you’re charging like seven figures or more for websites.
Drew McLellan:
Right.
Hans Skillrud:
And even then, I’d be very cautious. So, number one, make sure your contracts don’t offer something that you’re not guaranteeing.
Drew McLellan:
Right.
Hans Skillrud:
Because by default it is the website owner responsible for complying with laws, but the reality is, we’re the ones in the space, we’re the ones seeing all this privacy become a bigger deal. So, that’s why I like the waiver, which just lays the land out and just sets the facts for what it is. “Hey, I’m not responsible for your compliance. Please sign this waiver acknowledging where I told you that and let me know what you want to do.”
And you can give them the option to choose to do nothing. That’s their decision if they want to comply with laws or not. But I really feel like having documentation in place is just such an easy way to get that doc, just to protect your agency while providing that education to clients.
Drew McLellan:
Well, and it really is, if nothing else, a conversation we have to have. And back in the day this was very different, but now with all of the laws, not only US-based laws, but international laws, a lot of people will say, “Well, my clients are small local businesses, so I don’t have to worry about this.” It doesn’t matter. Correct me if I’m wrong, but anyone from anywhere in the world can go to your website, therefore, you have to be compliant with some of these rules.
Hans Skillrud:
Yeah. Drew, you have the right mindset, which is that privacy laws, for the most part, there are some privacy laws that are for bigger businesses, but for the most part, privacy laws start applying to a website owner the moment they collect a single piece of personal information from a resident of a particular state, country, or territory. And a lot of people think, “Oh, well, small businesses don’t get hit with this stuff.” And unfortunately that’s a misconception, and I think it’s because the news covers Meta or Google getting fined billions of dollars, that makes the headlines.
Drew McLellan:
Right. Right. Right.
Hans Skillrud:
But what doesn’t get discussed are one-person marketing companies getting fined 50,000 euros for changing the email address of one of their subscribers without their consent. So, there’s actually a website for this too, enforcementtracker.com that tracks GDPR, which protects residents of the EU and the EEA. Enforcementtracker.com is an excellent resource to validate what I’m saying here, which is, sure there’s big companies getting fined, but there are absolutely one business companies getting just absolutely rocked as well. Yeah, so hopefully that answers that question.
Drew McLellan:
Let’s talk about the risks. If I scrape somebody else’s policy off of their website, or I don’t have anything at all, or I just say to my client, “Look, we’re going to build it out, it’s a WordPress site, you can get on the backend and put whatever policy you want.” What are the risks to us? Tangibly, what kind of fines or consequences are being talked about on enforcementtracker.com or other places, businesses just like ours?
Hans Skillrud:
Sure. Yeah. So, non-compliance fines start, start at $2,500 per website visitor whose rights you’ve infringed upon. So, we mentioned I’m based in Chicago, if I was infringing on CPRA, California’s latest privacy law, which replaced CCPA, the fine would be $2,500 per website visitor from California whose rights I’ve infringed upon. So, if I had, I don’t know, 50, or let’s make it 100, just to make the numbers easier, but that’s like what? 250 grand. Or, is that 2.5 million?
Drew McLellan:
Yeah.
Hans Skillrud:
Yeah, 250 grand. And so, it shows how quickly things can add up. And so, I think it’s certainly a real risk. Not to mention there are privacy bills that are being proposed right now that have passed, they’re going to enable consumers of that state to sue any website owner located anywhere, just for missing the disclosures required under that particular privacy law, if your privacy policy doesn’t include it.
New York is a great example. New York has two bills out right now. If any one of them passes, any New Yorker will be able to sue any website owner for collecting as little as an email address on a contact form without proper New York privacy law disclosures. So, we saw accessibility lawsuits come out of New York originally, and now in privacy is just a few years behind, basically.
So, I personally think it’s only a matter of time until that happens. And I think that speaks to the concerns of copying other people’s legal documents. Outside of that being copyright infringement, which I don’t think any professional agency should be advising a customer to do, copying legal documents or using templates doesn’t answer the question of, “How do I update my privacy policy over time?”
Drew McLellan:
Right.
Hans Skillrud:
And that’s what’s so important to understand is, Drew and I were talking right before this recording, over the last week, Iowa passed a privacy law and now Montana and Tennessee have just passed the Senate and are likely to pass their own laws as well.
Every single privacy law, every single one doesn’t care about where your website’s located. Every single privacy law is there to protect people’s data. And it’s like, “If you’re collecting our people’s data, you need to comply with our laws.” And that’s a new concept for us. We have to have a strategy to keep policies up to date over time.
Drew McLellan:
Again, I’m thinking, if I build a brochureware site for a client or I build a landing page for a client, so there’s not a form and I’m not asking for a name or an email address, behind the scenes though, I’m still gathering data, right? The website itself is grabbing IP addresses and other things. So, it’s really, is there a website on the planet that is exempt from these privacy laws?
Hans Skillrud:
I think it’s technically possible to build a website that doesn’t collect any forms of personally identifiable information. Logging IPs though, seems like a fundamental part of how a website works. So, I don’t really know, but I’d like to think that, yeah, you don’t need a … What I can say is you don’t need a privacy policy if your website’s not collecting any personal information. I struggle to understand an example where that is the case, because even websites that don’t have contact forms could be collecting things like IP address behind the scenes, for not just analytics purposes, but for security purposes, for example.
Drew McLellan:
Right.
Hans Skillrud:
So, yeah. I mean, maybe blocking people from all states and countries that have a privacy law, but this brings you to that question, why am I trying so hard not to just embrace these regulations, respect people’s privacy rights, and just take this on? Because I’m a big believer that agencies who embrace these changes are going to do quite well, and agencies that downplay it and think, “Oh, my clients are too small.” Or whatever excuse they’ve made up in their head, I think as time goes on, it’s going to be harder and harder for them to do that. And the agencies that embrace this stuff are going to be doing very well for themselves.
Drew McLellan:
Well, and again, the odds of you being the one in a million that wouldn’t be subject to all of this, and even if you don’t care about it for your own protection, we have an obligation to our clients to help them understand the risks of them being present on the internet. And they look to us for our subject matter expertise. And so, we need to have, I think, a reasonable understanding of what is required.
And to your point, two weeks ago, if you would’ve put a policy in place, it wouldn’t have included the Iowa law because it didn’t exist. And two weeks from now, it wouldn’t have included, you said Wyoming and some other state, because they don’t exist, but they could in 30 days. And so, even if you’re well versed in this, you’re well versed in it in a moment in time in a never static reality of constant legal change.
Hans Skillrud:
Yeah, that’s exactly it. Our tagline on our agency partners page, back when we were less corporate, we’re not that corporate, but back when we were less corporate, we used to just say, “Static policies are dead. Give your customers an auto-updating solution.” Because that’s the reality of it, four months from now, five new laws go into effect with new disclosure requirements if applicable to your business. More people are getting privacy rights. And I very rarely meet people that are not happy to hear that. Most people are happy to hear that more people are getting privacy rights.
It’s just that we as website owners have a responsibility. And it is my personal belief that agencies have an additional level of responsibility where they need to educate their clients about this stuff, because no one wants … I mean, you’re building a website that hopefully will be around for years.
Drew McLellan:
Right.
Hans Skillrud:
That’s a good thing, but it’s important to understand that they’re going to be facing the privacy laws of tomorrow. Yeah, I completely agree, it’s a professional responsibility to educate our customers that, “Hey, I just built you something that you may now need to comply with a bunch of laws for.”
Drew McLellan:
Right. “And by the way, you have no idea what the laws are and you’re not probably going to invest the time and money to learn it.” So, “I’m leaving you a little exposed if I’m not the one that initiates this conversation.”
Hans Skillrud:
Yeah, absolutely. And yeah, I mean, we have a lot of big firms using us with in-house counsel and they are happy that we exist because they’re like, “We don’t want to hire an attorney just to monitor this stuff just for our privacy policy.” Obviously, Meta has $100 million privacy team, but most people aren’t harvesting data.
Drew McLellan:
[inaudible 00:22:16].
Hans Skillrud:
Yeah.
Drew McLellan:
Yeah.
Hans Skillrud:
So, it’s like for a basic website or informational or e-commerce website, it just seems out of the picture spending that type of money to just keep policies up to date.
Drew McLellan:
Yeah. I want to talk a little bit about AI and its impact on all of this, but first let’s take a quick break and then we’ll come back and talk about how that’s changing the landscape even faster and more than before. So, we’ll be right back.
Just a quick reminder that every week we send out a newsletter, we brilliantly call it the Weekly Newsletter. It comes out every Wednesday and it is filled with just some ideas that I have around something that’s important to you. So, the lead story is always something that I’ve been talking to a lot of agency owners about, or something that I want to put in front of you to get you thinking. A lot of times there’s questions to think about or some resources. And then there’s always a link to the weekly video and then a list of the workshops and whatever else is going on.
We also, we get a lot of promotional offers from friends who are running agency programs like Macon or other folks like that with discounts. And so, that’s also where we share all that information. So, if you’re not hearing from me every week in your inbox and you want to do that, just go to the AMI website and scroll down to the footer and you’re going to see a link to our newsletter. Just click on that. All you have to do is give us your name and email and we will start putting that in your inbox. Okay? We would love to be a resource for you every week. So, if that would be helpful, sign up today. Thanks.
All right. And we are back and we are talking about, I know this does not feel on the surface like a scintillating conversation, privacy policy language and protections, but it is a very rare agency today that does not have something to do with their client’s digital presence. And so, whether you’re the website builder or you are just the strategic advisor, this is an area where I think you have to have a depth of expertise and understanding to bring your clients the proper choices, number one, so they can make a good business decision on their own behalf.
And number two, that you protect yourself and the agency from whatever decision they make, because if they make the “wrong decision” and choose to do nothing or choose not to keep updating their policies or whatever, you, in a lawsuit or something else … And like I said earlier in the show, we have several agencies that three, four, five years after they built a website and even talked to the client, there was a lawsuit and somebody came back at them, because the website in this case wasn’t as accessible as this person thought it should be.
And Hans, you were saying that out of New York and lots of other places now, there was this rush of accessibility lawsuits and now we’re seeing it with the policy. So, before the break, I said I wanted to talk a little bit about AI. My suspicion is just like in the old days, people would go and just scrape a policy from somebody else’s website. Some genius has now, probably many geniuses have now said, “I know, I’m just going to get ChatGPT to write my policy.” Could it?
Hans Skillrud:
Great question. So, when ChatGPT came out, we obviously couldn’t help but express interest in what they have to offer.
Drew McLellan:
Sure. Right.
Hans Skillrud:
Termageddon’s questionnaire can be as few as 10 questions and as many as 100 questions, depending on what laws apply to you. So, we decided to go through ChatGPT and run some tests. We first started with, “Write me a privacy policy for GDPR.” And it was non-compliant. And then we said, “Write me a GDPR privacy policy, and we don’t sell any of the data we collect.” I think it was that. And it came back, it was yet again, missing disclosures.
We then however said, “Write me a GDPR privacy policy and include these disclosures.” And we listed out about 30 disclosures we know that are required. And it shockingly created a really good privacy policy at that point. So, I’ll be the first to say, ChatGPT can indeed write a privacy policy.
Drew McLellan:
Yeah. If you feed it all the right stuff.
Hans Skillrud:
Exactly. And it’s kind of embarrassing to say this, now that I’m saying this out loud, but we should do this after this recording, but I would doubt that it would be able to combine privacy laws. I doubt it has the ability to combine CalOPPA, Nevada Revised Statute Chapter 603A, Delaware Online Privacy Protection Act, and GDPR into one location.
And I think that it really just boils down to, I think a lot of people look at ChatGPT and think it’s the solution to everything, but I feel like the real question is not how do I get a privacy policy as fast as possible? It’s, how do I get a privacy policy that’s compliant and comprehensive, so I’m not getting fine or sued? And if that’s the true goal, you’re going to have to face the reality, which is, you’re going to have to answer some questions. So, even if ChatGPT was able to just generate you a comprehensive, compliant privacy policy, it still wouldn’t answer the question though of, how do I keep it up to date over time?
Drew McLellan:
Right. That’s what I was going to say, so even if it wrote the perfect policy today and you paste it into your website-
Hans Skillrud:
Yes.
Drew McLellan:
… either you have to keep going back and asking it to do it again and keep revising it, or you’re going to be non-compliant reasonably soon.
Hans Skillrud:
Yeah, that’s exactly it. So, maybe as time goes on, maybe it will outpace privacy attorney compatibility or abilities, but as we see right now, it’s not even close to a competitor.
Drew McLellan:
So, we were talking before the break about the risk of the fines and things like that, and you were saying that in New York there’s a bill pending that would literally let any citizen, any human being, sue a website for not being compliant and putting their privacy at risk. Who typically right now is triggering all of these lawsuits?
Hans Skillrud:
Well, okay, so there’s several bills out there across multiple states in the US, in particular, that’s where private right of action is being proposed. So, New York has two bills that if any of them pass, it will allow any New Yorker … So, we’re not talking about accessibility with people with physical impairments.
Drew McLellan:
Right. Right.
Hans Skillrud:
We’re talking about any New Yorker will be able to sue any website owner, located anywhere, for failing to comply with applicable laws. So, the tech person side of me is thinking, “Oh my gosh, people could run scans of websites, look for missing disclosures and a privacy policy and just submit lawsuits right on the contact form.” I personally think it’s going to get nuts if one of those bills passes, but as it stands right now, really creating these privacy laws are people, people call their representatives and say, “I want privacy rights. Why don’t I have privacy rights as a resident of X state?” And that’s what’s driving this.
I think also the Cambridge Analytica scandal certainly started to raise attention to the fact that people are harvesting data and using it maybe not necessarily to something you’re appreciative of. So, it’s a hodgepodge of advocates wanting to push for people to have privacy rights. And every single person I’ve talking to so far, at least, when I say I feel like people deserve reasonable rights to their privacy, like their name is their name, their email is their email. They should tell companies, “That’s my property. You can’t do whatever you want with it.” I seem to get head nods. It seems like everyone in general is like, “Yeah, that’s good.” It’s just the moment it comes to your website it’s like, “Oh gosh, this is scary.”
All I can say is, I used to be an agency owner, I had no clue about this stuff. It’s just like learning anything. I’m like, once you learn it, you understand it, and then you’re good to go from there on out. And it really just boils down to respecting people’s privacy, doing what you want to do in terms of a website experience, what you want to experience as a website visitor too.
Drew McLellan:
So, I’m curious, the business model of your clients are agencies and they are taking code from you that automatically updates when privacy policies or laws change. How are they monetizing that with their clients? Do you know how most of them are charging for it? And is it a revenue stream for them?
Hans Skillrud:
Yeah. Yeah, absolutely. So, agencies apply at Termageddon, at the agency partners page and basically we manually review every agency that applies and then we approve them and we set their account up with a free license for their own website. And then we issue wholesale rates and affiliate access, so like a promo code.
So, as an agency partner, if you like Termageddon with your free license, you like what you see, you can recommend our tool via our reseller program or our affiliate program. So, Termageddon is normally $99 a year, but as an agency partner, you can buy them at $38 and 40 cents per year. And I recommend charging a setup fee in addition to the annual subscription fee. And what’s awesome about Termageddon is you can actually share access to your client, to the license. So, you can share the license with the client, and that way they receive all future alerts regarding changes to their privacy policy, if any new disclosures need to be made, and so forth.
So really, we’re trying to set it up so that agencies can assist with embedding the codes, but from there on out, they can just bill the client accordingly and we’ll email the client directly when their policies are being impacted.
Drew McLellan:
So, I’m just making this up. So, I’m charging my client $250 a year and a setup fee. I put the code in and then basically the value proposition from the client’s perspective is they’re getting emails every time the embedded code changes the policy on their site. So, they know that every month, every week, every whatever, “Oh, that would’ve been a change I would’ve had to go in and manually make. First, I would’ve had to know about it, then I would’ve had to go and manually make it.” So, this $250 a year, that’s a piece of cake in comparison to the time it would take to keep track, to research, and to know all the places on my website where this exists, and to be able to change it all.
Hans Skillrud:
That’s right. Yeah. So, the only detail I want to note though is Termageddon is $99 a year. So, we recommend charging the full $99 per year, but some agencies do charge more. That’s great. Good for you. That’s awesome. Buy me dinner next time I see you.
Drew McLellan:
That’s right. I’m in Chicago, there’s great steak.
Hans Skillrud:
There you go.
Drew McLellan:
Yeah. Yeah.
Hans Skillrud:
But yeah, that’s the reseller model. And then the other model is the affiliate model, where you can just give your promo code to your client. They use your promo code to check out, they get 10% off their first payment, and then you receive recurring commissions for the lifetime of all referrals.
So, that’s for agencies that have that mindset where they don’t want to control logins and passwords. They want their client to control everything. So, we have a model that typically supports both types of agencies we’ve seen.
Drew McLellan:
Yeah. Well, that makes sense is for an agency, I mean, it’s very rare in our world anymore that you could have anything that’s set it and forget it. But in this case, it sounds like that’s really what it is, that the code in the background just keeps updating the policies and away you go.
Hans Skillrud:
Yeah. I mean, that’s certainly what we’re striving for and we’ve approved just over 6,000 partners manually to our program and things are going great so far. We actually even spun up a law firm program. I never saw that one coming. So, we thought law firms were going to hate us. Turns out even law firms don’t want to deal with privacy because of just how messy it is combining disclosures from multiple privacy laws. So, we actually even have a law firm partner program where law firms offer … I’m guessing they charge quite a bit more, but yeah, it’s been going well.
Drew McLellan:
Yeah. So, how do you guys actually keep track of all of this? Because, you’ve got to make sure your policies are up-to-date on any given moment of any given day. That sounds like when you’re keeping track of the entire globe’s privacy policies, that sounds like a daunting task.
Hans Skillrud:
It is. And probably to everyone’s happiness to hear, it’s not me who’s doing it, I’m not the attorney. So, Donata, Termageddon’s president, she is the one who oversees it. And basically, it’s several tiers of how we do it. Tier number one is we spend a lot of money every month licensing legal software that monitors privacy laws and notifies us of changes.
Drew McLellan:
Sure.
Hans Skillrud:
And then, the second tier is the fact that we are a part of several communities of privacy attorneys. The most notable one is Donata is the chair of the American Bar Association’s E-Privacy Committee.
Drew McLellan:
Wow.
Hans Skillrud:
So, about 500 privacy attorneys report to her as well on changes that are occurring. And that group is responsible for helping legislators write privacy laws. So, we’re very involved in the community, not just from a output standpoint in terms of what we produce for Termageddon, but just, we’re advocates of privacy rights just in general. And we’re very involved in that community as well as about four other major communities.
Drew McLellan:
So, where do you see privacy policies going? If you are looking at a crystal ball, we are where we’re at today and really a lot of this has come up in the last handful of years. So, where do you see us going next?
Hans Skillrud:
Yeah. So, I’m going to give you where I think it’s going and where I wish it was going.
Drew McLellan:
Okay.
Hans Skillrud:
So, where I wish it was going is, we have one federal privacy law in the US, massively simplifying all of our disclosure requirements, pretty much making Termageddon way less of a value add. But that doesn’t matter. That’s what I want. I want simplicity for people. And it seems almost a little dystopian, but almost like a global privacy law that just small business owners, “Here’s the one set of rules and you’re good to go if you’re a small business.” Let’s at least have that. Unfortunately, that’s not where I see things actually going on.
Drew McLellan:
I was going to say, I can’t imagine that everybody would get along well enough to make that decision.
Hans Skillrud:
Yeah, it’s not happening. And the federal bills that have been proposed, Donata’s reviewed at the American Bar and unfortunately voted by hundreds of attorneys, they have no teeth is the best way to put it in layman’s terms. Technically they’re privacy laws, but they don’t actually do anything. So, the American Bar just keeps shutting them down because they’re like, “No, what’s the point of having a privacy law if it doesn’t actually give rights to people?”
So, it’s a mess on the federal level. So, I think we’re going to see more and more states propose privacy laws, so that you have very specific responsibilities for your website visitors from that particular state. And I think it’s going to get messier, at least for the foreseeable future, foreseeable couple years.
Drew McLellan:
It feels like it’s just begging for scams and people who are going to take advantage of it and just use it as an opportunity to bilk people out of money or to take people who have no intention of doing something wrong, but it’s pretty easy money.
Hans Skillrud:
Yeah. I agree. I mean, I’ll tell you, it’s the weirdest feeling knowing that if a private rite of action bill gets passed where people can start suing, yeah, Termageddon’s probably going to do really well, but I’m not happy about it. I’m not happy that any website owner’s just a sitting duck waiting for a lawsuit to be submitted to their website. I think accessibility is going to be nothing in comparison to what we’re going to see if privacy rights like that pass.
In the same breath, I do like the fact that bigger businesses actually have to listen to you and actually have to respect your rights, like your name, your email, your phone number, that is your data. And companies need to respect that fact. And that’s what has me encouraged. So, I could definitely say it’s going to be a wild ride over the next couple years and it certainly is an exciting environment to be in full-time, but I certainly understand also that it’s probably quite overwhelming from the outside.
Drew McLellan:
Yeah. Yeah. Well, I think it is. I think agency owners and leaders struggle to figure out how to do well and right by their clients and keep up with something that literally is changing every single day.
Hans Skillrud:
Yeah. And I think some really good best practices, we mentioned that waiver. If anyone wants to get that waiver, but they don’t want to become a partner, just email me, hans@termageddon. I’m not judging. Use the waiver please. I’d be so pumped to hear that people that don’t even use Termageddon use it.
Get documentation in place where you just told your clients, “Hey, I just built you this site. You may now be required to comply with laws.” But let them make the decision if they want to or not.
Drew McLellan:
Yeah. Right.
Hans Skillrud:
The second thing maybe are just some good general practices. Make sure links to your policies are clearly visible in your footer. Make sure when people are submitting their data through forms, you have a checkbox to agree to the privacy policy that gets you a timestamp the moment they consented to saying, “I understand you taking my data.”
Don’t collect more data than you actually need. The days of asking people for their birthday or things like that may not be as necessary, maybe it was kind of fun back in the day. Limit the amount of data you collect. And those three pillars are just some really good best practices to consider.
Drew McLellan:
Yeah, it’s a complicated world we live in, that’s for sure.
Hans Skillrud:
Yeah, it sure is.
Drew McLellan:
Yeah.
Hans Skillrud:
It sure is.
Drew McLellan:
This has been fascinating and I can certainly see the value that your company offers to agencies and their clients. And so, if folks want to learn more about the offering, learn more about your agency program, what’s the easiest way for them to get into all of that?
Hans Skillrud:
Yeah. Visit termageddon.com, click the agency partners page, and scroll to the bottom and fill out the application. Seriously, I think we just ask for your name and email and phone number, and your agency website. And that’s just to verify you’re a real human, offering real services. We’ll get you approved, send you over a welcome email. You get to test out our product for free forever, for your own license, for your own website. And if you like what you see, you can make a little recurring revenue helping your clients get protected.
Drew McLellan:
Yeah, awesome. This has been fascinating. Thanks for coming on the show and talking about all of this. It feels like such a risk that we could so easily avoid.
Hans Skillrud:
Yeah. Drew, thanks so much for having me. It’s, to say the least, an honor to be on this podcast. And yeah, I really appreciate you giving us the ability to share some of these takeaways to help agencies help their clients.
Drew McLellan:
Yeah, I appreciate it. All right, guys. So, here’s the deal. If you don’t do anything else, it seems to me like a dumb move to go and get your free terms and conditions and all of the language just for your own website, even if you don’t use it for clients. I mean, it’s rare that somebody offers you a free tool that will constantly be updated, so that you are not at risk, and then you can decide whether or not it’s the right thing for you to do for your clients.
But that seems like an easy choice to me. So, don’t sit on that. Head over and do that and grab that waiver form. I will tell you, I can tell you from personal experience, I have gotten many a panicked phone call from an agency owner who got a letter from a law firm, about a website they built for a client that they haven’t talked to in years, that somehow they are scrambling through, they’ve gone to the storage unit and they’ve pulled out boxes, trying to find documentation of what they did or didn’t say to a client, or an email trail, or whatever.
So, just don’t put yourself in that position. Grab the waiver, talk to your clients about it, let them make the decision. But for the love of Pete, document that you had the conversation and what the client decided, so that you are protected. So, I guess this whole show is really about protecting you. It’s about protecting the agency. It’s about if you choose to, protecting your clients, but it’s just smart business practice in a very litigious world that we live in. And if laws are being passed that make it even easier for people to sue us, this seems like a no-brainer to me. So, head over to the website, grab the waiver policy, grab the opportunity to get this free language for your website, and from there you can decide what to do with it. But that seems like a good first step. So, do all of that.
Want to make sure that we thank our friends at White Label IQ. As you know, they’re the presenting sponsor. They probably know all about this because as you know, they are white label partners to agencies building out white label dev, design, and PPC. So, I promise you that they are good folks who probably would be having this conversation with you on behalf of your clients. And so, check them out at whitelabeliq.com/AMI, to learn a little bit more about what they offer.
And I will be back next week with another guest who’s going to get us thinking a little differently about our business, how to serve our clients better, how to protect ourselves and our client, how to grow our business. Those are the kinds of things that we like to talk about here. And I know that they’re the important things for you building an agency that’s sustainable and scalable. So, super happy to be here with you. Super grateful that you come back every week. And I’ll be here next week, and I hope you will too. All right, I will see you then. Thanks for listening.
Speaker 4:
That’s all for this episode of AMI’s Build A Better Agency podcast. Be sure to visit agencymanagementinstitute.com to learn more about our workshops, online courses, and other ways we serve small to mid-sized agencies. Don’t forget to subscribe today, so you don’t miss an episode.