It’s that time of year again to have ‘The Talk’ with your clients. You know the one. It’s a private matter. It can be a little uncomfortable. It involves bringing up the consequences of not doing things safely and responsibly.
Let’s all say it together, “The Bills and the Fees” talk.
Every year (at least for the last several years), privacy regulations that impact website owners go through some changes. Those changes typically look like:
- Privacy bills change into privacy laws
- New privacy laws go into effect
- Existing privacy laws are amended
While it’s likely that one of the many privacy bills we’re tracking will become a law in 2026, we don’t know for sure yet. What we do know for sure is that 2026 will bring at least three new laws and two amendments to existing laws.
Good news: At least there aren’t eight new privacy laws like in 2025.
Bad news: As the expert in website anatomy, you may want to be the one to give your client a heads up that changes are on the way (even though it’s ultimately their responsibility).
Good news again: This blog will walk you through how to do that so that your client doesn’t end up on Teen Mom… I mean in court.
*This is not legal or parental advice
Step 1: Reassure them that these changes are normal
Privacy laws are designed to protect people’s privacy and data. Most modern websites – by design – collect personal data such as names, email addresses, phone numbers, payment information, and IP addresses. Several privacy laws even apply to small businesses. Privacy laws are always changing, and new laws are always going into effect.
Therefore, it’s completely normal for your client’s website policies to go through some changes to reflect this. Your client isn’t doing anything wrong or is weird for having to change their policies to comply with these privacy laws. It’s as natural and normal as puberty… for your computer. Compuberty? Ew, no. I take it back.
Step 2: Highlight the specific changes they can expect
Just like every individual body, every website is different and special in its…. You know what? I could make this section a big metaphor as well, but after “compuberty,” I think we all could use a little break.
Here are the privacy law changes coming in 2026 and what websites need to comply with them:
1) Three new laws go into effect in 2026:
- Kentucky HB 15 – effective January 1, 2026
- Rhode Island Data Transparency and Privacy Protection Act – effective January 1, 2026
- Indiana SB 5 – effective July 1, 2026
2) Two existing laws are being amended in 2026:
- Australia Privacy Act 1988 – effective December 2026
- Connecticut Data Privacy Act – effective July 1, 2026
3) If any of these new laws or existing laws apply to your client, they’ll need to make changes to their Privacy Policy.
4) As with most laws – they DO NOT need to be located in these states/countries for these laws to apply to them. For the new laws, here are the requirements for needing to comply with them:
| Requirement | Kentucky HB 15 (privacy rights) | Rhode Island DTPPA (privacy rights) | Rhode Island DTPPA (Privacy Policy requirement) | Indiana SB 5 (privacy rights) |
| Applies to | Those who do business in Kentucky or target residents of Kentucky | Those who do business in Rhode Island or target residents of Rhode Island | Any commercial website that does business in Rhode Island or with customers of Rhode Island | Those who do business in Indiana or target residents of Indiana |
| Thresholds | Process the data of 100,000 residents, or; 25,000 residents and derive 50% of gross revenue from data sales. | Process the data of 35,000 residents, or; 10,000 residents and derive 20% of gross revenue from data sales. | Process the data of 1 Rhode Island resident | Process the data of 100,000 residents, or; 25,000 residents and derive 50% of gross revenue from data sales. |
| Nonprofits | Exempt | Exempt | Exempt | Exempt |
Step 3: Bring up the potential consequences
Now that you’re done talking about how changing PPs (Privacy Policies) are normal… we’re just jumping headfirst back into this metaphor, aren’t we?
It’s important to bring up the potential consequences of practicing unsafe privacy in a way that’s calm, not judgmental, and not overly scary. What you want to do is:
- Sit your client down
- Look them in the eyes
- Calmly let them know that practicing unsafe privacy will lead to LAWSUITS, FINES, AND CERTAIN DEATH.
Kidding. At least about the death part.
The reality is that privacy law violations do come with a hefty price tag that most young businesses can’t afford. For example, here are the penalties just for the three new laws alone:
| Law | Enforcement Authority | Penalty |
| Kentucky HB 15 | Kentucky Attorney General | Up to $7,500 per violation (website visitor whose rights were infringed upon) |
| Rhode Island DTPPA | Rhode Island Attorney General | Up to $10,000 per violation (website visitor whose rights were infringed upon) |
| Indiana SB 5 | Indiana Attorney General | Up to $7,500 per violation (website visitor whose rights were infringed upon) plus any investigation costs |
Say goodbye to your dreams of buying a sports car, amiright?!
But seriously, that’s a devastating blow for any business, especially for clients running a small or medium-sized business. Proper website policies and privacy protection may seem trivial when they have so much else going on, but the peace of mind is absolutely worth it!
Step 4: Explain that it’s ultimately a good thing
Look, it’s not fun bringing up safe privacy practices. We’d all rather joke about logo sizes. But it’s a talk worth having because it’s ultimately a good thing.
Culturally, we are all doing a better job at realizing that people’s data online belongs to them. It doesn’t belong to a business.That’s why we see so many new privacy laws going into effect each year, and more websites fully embracing good privacy practices.
In addition to being the right thing to do,it doesn’t hurt that good privacy practices are also a competitive advantage. Consumers are more aware of their privacy rights than ever before and will actively look for websites that respect those rights. Plus, your client will have peace of mind.
Conclusion
I bet you didn’t think you’d be reading a Privacy-Policy-Meets-Birds-And-The-Bees Blog today. I honestly didn’t think I’d be writing this today. It just seemed right.
If you made it this far, you’re super serious about making sure your clients are practicing safe privacy. If you’d like to skip the discussion altogether, you could always just send them to Termageddon. We won’t have the talk with them (unless they have privacy questions), but we will help make sure their website is protected at all times.
Plus, you can always tell them that if they don’t use our Privacy Policy Generator…
**Editor’s note: That won’t actually happen.
Trevor Willingham
Trevor is the marketing coordinator at Termageddon. Ever since he was a wee lad, Trevor dreamed of promoting Privacy Policies and now he's doing just that. In other words, he started from the bottom and now he's in website footers.
