Fun Fact: The “Scared Straight” documentary from the 70s was the first time the words “f*ck” and “sh*t” were broadcast, uncensored, across many networks.
Yup, that is what was considered to be the most shocking part about that show. Not the part where they forced kids off to hang out with life-in-prison felons for entertainment. Ah, the 70’s (So I’m told… born too late for the real 70’s, but just in time for ‘That ‘70s Show.’)
While scaring people straight apparently makes for good television (enough for a Netflix remake) and even better members of society, it’s not a great way to ease clients into website policies.
Don’t believe me? Try approaching a client and telling them they better clean up their Privacy Policy or get f**ed. That’s F.I.N.E.D, by the way.
This is as good a time as any to remind everyone that this blog is not legal advice nor is it email etiquette advice.
So, how should you approach it? Well, in true Scared Straight fashion, I’ll present an example of how a young, spirited agency might tackle this and then calmly explain how that agency is going down a dark path, their parents would be disappointed, and there’s no future for them in this life… Nah, I’ll just suggest an alternative.
Instead of: “You’ll get sued…”
The reality is that your client might not get sued. The risk will always be there, but it may never happen.
If you put them on the defensive they may look around and see that it’s still mostly major corporations making all the headlines. Granted, Meta being sued for billions will likely get more clicks than the local ‘Curl Up and Dye’ hair salon being sued for 20 grand.
Plus, you don’t want to make your client feel like they are doing something wrong on purpose. Privacy laws are confusing and it’s extremely common for websites (even big ones) to get something wrong regarding their policies.
Try: “I’ve heard of an increase in small businesses getting fined”
While the majority of privacy laws focus on big businesses, there are nine privacy laws that require small businesses to have a Privacy Policy. Not to mention privacy laws are also being passed at an unheard-of rate and more and more of them are not making exceptions for small businesses.
Also, privacy laws like CIPA (drafted over 30 years ago to protect people’s privacy during phone calls) have been reinterpreted to apply to websites. This has caught a lot of the industry off guard as many website owners across the United States have received letters from legal teams saying they are in violation of CIPA and must pay a fine or go to court.
The whole thing is kind of wild. We had a lawyer with experience defending clients from CIPA claims (Jason Kelly) write about it here and talk about it here.
CIPA is a great way to casually bring up the fact that there are some lawyers out there using certain privacy laws to intimidate small business owners into paying fines. Will it happen to them? Who knows. But, as their web agency, you feel obligated to let them know what you’ve heard and how to protect yourself (more on that later).
Instead of: “You have to, it’s the law”
I’ve had enough children to realize that humans are born with a strong distaste for being told what to do – even when the person doing the telling is absolutely right about not putting fireworks in the oven.
Also, some laws are silly. True story, I got a warning from a police officer riding a horse about jaywalking in a town where dollar stores outnumber the people. “Sorry officer, I didn’t see the tumbleweed on its way to work. We’re both lucky to be alive.” My response isn’t true. That’s what I thought of the next day in the shower.
Simply saying it’s the law might not entice too many people. Plus, they may think the laws you’re talking about are only designed to give small businesses headaches. After all, plenty of those exist. This just isn’t one of them.
Try: “It’s a great service for your customers”
Privacy laws are designed to protect people, not businesses. That’s why a business in Florida can get sued for illegally collecting, storing, or sharing the data of a California resident.
Complying with these laws shows your website respects the people coming to it. You’re following all the rules and are completely transparent about how and why you’re collecting the personal information of people who visit your website. It’s their data, they have all the rights to it.
It just so happens, that following these laws is a great way to do that. Since there are still a lot of websites that don’t take privacy seriously, it may even help you build a competitive advantage. After all, a study by Axios found that 94% of Americans would switch to a company that prioritizes data privacy and protection.
Instead of: “You need an attorney”
IS THAT A THREAT?! Sorry, instinctual. I promise I haven’t been to prison, everyone. The only “Scared Straight” I ever needed growing up was my 5 foot 2 mother saying “I brought you into this world, and I can take you out of it.”
Yes, a privacy attorney is the best way to get policies for a website. They can draft them specifically to match the business’ needs, they can update them frequently as laws change, and they can provide legal advice.
They can also charge you whatever they want. And maybe it’s my marketing career choices talking, but some of those hourly rates look like a solid weekly paycheck to me.
Try: “If you need help with policies, I can offer some suggestions”
Repeat after me: “This is not legal advice”
Start off with that. Website policies are the client’s responsibility. They should know that. You should remind them of that often. You should even have them sign a waiver saying you went over all of this. Get it documented.
DID SOMEONE SAY FREE WEBSITE POLICIES WAIVER?!
However, as the professional of all things website, it is nice if you can point them in the right direction.
You should lead off with the fact that an attorney is the best option given they can provide legal advice. However, if that’s not in the budget, a Privacy Policy Generator can work.
Unfortunately, there are a bunch of Privacy Policy Generators out there that don’t help your business comply with anything. They basically act as a placebo for website owners to feel better about their website’s health. So be sure to point them towards one that:
- Has a privacy attorney on staff
- Uses upfront, affordable pricing (doesn’t upcharge along the way)
- Automatically updates as laws change (8 new ones for 2025)
- Trusted by organizations like the IAPP
- And rhymes with Armageddon (wait… is our entire brand based on fear-mongering?!)
Conclusion
Reading a Privacy Policy should be scary enough for most people. When bringing them up to clients, there’s no need to sprinkle in any additional fears or threats.
Fines & lawsuits do happen and they are increasing each year, but having a privacy-focused website shouldn’t be just about the fear of getting caught. It’s about changing how we think about people’s privacy online.
For years the idea was to collect as much data as possible – Hungry Hungry Hippo style – in case you may one day use it. To stockpile it just for the sake of having it. Luckily, that’s starting to change. The consumer is now more aware of how their data is being used online. They pay attention.
It’s now up to website owners to realize it’s not about collecting data. It’s about borrowing people’s information to improve their services and grow their business. And while it’s being borrowed it’s up to the website to protect it from sketchy third-parties or data breaches. Once the data is no longer needed for a specific purpose, it needs to be ‘returned’ to its owner.
It’s about respect. And respect isn’t just given… it’s earned.
may or may not have learned that in prison.
Trevor Willingham
Trevor is the marketing coordinator at Termageddon. Ever since he was a wee lad, Trevor dreamed of promoting Privacy Policies and now he's doing just that. In other words, he started from the bottom and now he's in website footers.
