If you scroll down to the bottom of any website you should see a few things hanging out in the footer. A Privacy Policy, a Cookie Policy, perhaps a Terms and Conditions and/or a Disclaimer.
While you most likely won’t click on, or read, these policies or really know what you’re agreeing to with respect to those cookie consent pop ups, they are there for a reason.
These policies outline what is happening to your data as you visit that website and as the end user that means one thing, but what if it’s your website or a website you build for a client? That user data is now your responsibility.
Privacy policies on websites are required under multiple privacy laws, as well as if you use certain Google products or other third-party tools to track or retain data.
Cookie policies are also required under privacy laws and that cookie consent banner I mentioned helps collect consent before non-essential cookies are installed.
Terms and Conditions are used for items like limiting liability for copyright infringement and third party links.
If you’re an agency or freelancer designing and developing websites, you become an integral part of educating your client on the importance of these policies.
If a client says they don’t need them or don’t care, have them sign a Website Policies Waiver, so you as an agency, or individual, aren’t liable as you build and launch their site. Encourage them to discuss their needs with a privacy attorney.
If you are the owner of a website and you have existing policies in place, they probably need to be updated, and updated at least a few times a year, as laws continually change.
State specific laws, like the California Invasion of Privacy Act (CIPA), are being updated for a modern world and small businesses are now being sued because their websites are non-compliant. CIPA is a 30-year-old privacy law, originally intended to protect California residents from phone tracking software.
Now, this law is being applied to website owners and if you utilize tracking technologies, like say analytics or maps, on your website and you aren’t getting consent from California visitors, you can be sued. We aren’t taking a small sum either. It can be $5,000 per violation.
Cookies, pixels, anything used to track items such as a user’s location or what they are searching online acts as a “pen register.”
CIPA defines a pen register as a “device or process that records or decodes dialing, routing, addressing or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, but not the contents of a communication” and prohibits the use of a pen register without a court order.
The state of Colorado has a similar law called the Colorado Privacy Act that went into effect in July of 2023. The CPA is “designed to protect Colorado citizen’s digital privacy by giving them more control over how their personal data is handled. It requires businesses to give notice to customers which explains what data they collect and process; why and how consumers can exercise their rights; what data they share with third parties; who those third parties are; whether they sell data to third parties; and how customers can opt out.”
More states will follow this lead, including Kentucky, Rhode Island and Indiana in 2026.
So, what can you do to stay on top of these ever evolving laws?
At Vendilli, we’ve been using a solution called Termageddon.
Termageddon is a comprehensive website policies generator and will update your policies when privacy laws change or new privacy laws go into effect, helping you stay compliant and avoid privacy-related fines and lawsuits.
All you have to do is:
- Buy a cost-effective yearly license at $119 or pay $12 a month
- Answer questions about your website and business
- Receive a code to embed into your policy page
You will have full access to your policies with your own Termageddon account, and you will be notified when new laws go into effect and when your policies are being updated or when new disclosures require additional questions that need to be answered.
Although Termageddon is a technology company (not a legal services provider), it was founded by a licensed attorney who also serves as the Chair of the American Bar Association’s ePrivacy Committee. The Termageddon story is worth a read, from how they came up with the name to the founders themselves, who are a married couple, Donata and Hans!
Termageddon is the longest-running Privacy Policy generator listed as a tech vendor by the International Association of Privacy Professionals (the largest privacy organization in the world).
This blog is mainly for informational purposes, but if Termageddon sounds like a good solution for your business, reach out to us.
Some products and services we mention are ones we personally use and love. Occasionally, we may earn a small affiliate commission if you purchase through our links.