Web Designers: How to introduce your clients to the importance of privacy

Look, I wish this blog didn’t have to exist. I’d love it if introducing clients to privacy was as easy as:

Web designer: “Hey client who trusts my opinion on all things website and logo-size related! I think it’s a good idea for you to take privacy seriously so you can better respect the rights of your website visitors. Oh, and also so you can avoid getting fined into oblivion and blaming me on Yelp.”

Client: “WOW! Thanks, web professional and dear friend! I 100% agree and am so thankful for you looking out for my best interest and the best interest of my website users! I promise to never again ask you to move an image a half-pixel to the left.”

Web designer: “Great! I’m going to enjoy a weekend free of any panicked emails from clients letting me know Google didn’t index their page properly.” 

Client: “Fantastic! I’m going to stop ignoring your invoices and requests for website content. Have a good one!” 

Unfortunately, privacy is still somewhat new on the scene (even for web designers), so it’s reasonable to assume clients might need a little more work to get on board. That’s where this blog comes in.

But first, is it even your responsibility to get involved?

Are Web Designers responsible for introducing clients to privacy? 

The answer is absolutely not… but also yes.

Since that’s the world’s least helpful answer, the least I can do is offer you two ways to absorb the explanation: Option A) our video: who’s responsible for website policies: Clients or Web Designers? Or, Option B) continue reading.

Absolutely not: Unless a contract has been written that states otherwise, a website that gets fined for violating people’s privacy rights will almost always be paid by the client, not the web designer. So, ultimately, it’s up to the client and their wallet to take this stuff seriously. But…

Also yes: Clients rely on their web designer much like a new gym member depends on their personal trainer. They don’t know what they’re doing. So, if the new gym member commits bad practices – like lifting with their back instead of their legs – ultimately, it’s their body that will pay the price. That being said, if you (the personal trainer and expert) didn’t give good advice, plenty of warnings, or adequate direction, the client will likely be blaming you for the fact that they can’t stand perfectly straight anymore. This means no continued business, no recommendations, and certainly no Christmas Card.

So, it’s considered good practice to – at the very least – introduce your clients to a Website Policies Waiver that outlines what privacy is, why it is important, how it’s their responsibility, and how they can implement it. More on that later.

While we’re fresh off talking about gym memberships, let’s discuss the introduction process while getting our steps in. Seven steps, to be exact.

Step 1: Explain how websites collect data (personal information)

Most modern websites collect data. Many clients will be shocked to find this out because it sounds dirtier than it is. It’s a completely normal (and sometimes necessary) way to run a website.

Much like “If You Give A Mouse A Cookie,” If you give a client a general claim, they’re going to want specific examples. So, there are two ways most websites collect data: 1) submitted by the user and 2) behind the scenes.

1) Information submitted by users via:

• Contact forms (name, email, phone number)
• Newsletter subscriptions (name, email)
• eCommerce (name, email, phone number, physical address, payment information)
• Job application forms (name, email, phone number, physical address)
• Registration forms (name, email)

2) Information collected behind the scenes via:

• Analytics tools like Google Analytics (IP Address, device information, operating system, browser information) 
• Security tools like ReCAPTCHA (IP Address, device information, operating system, browser information)
• Advertising pixels like Meta Pixels (IP Address, device information, operating system, browser information)

Step 2: Explain that this personal information is regulated

Now that a client knows they’re likely collecting data, the next step is to let them know privacy laws exist to protect that data. Privacy laws can start applying to a website the moment it collects any of the data listed above, meaning that data does not need to be sold, shared, or even used for privacy laws to apply.

Each privacy law that applies to a website will require the website to have a Privacy Policy. This Privacy Policy will need to have very specific disclosures that depend on which laws apply to the website.

And then there are upcoming laws (and step 3). 

Step 3: Understand Privacy Policies are not static

It would be nice if privacy laws would’ve taken a page out of the 10-commandments playbook and written themselves down in stone, but that’s not the case.

Dozens of privacy bills across the globe are currently working their way toward becoming laws. Even with existing privacy laws, things like rules, regulations, guidance, and interpretations of these laws are constantly changing and being released – each potentially impacting a website’s Privacy Policy.

It’s important to let clients know that they don’t just need a Privacy Policy, but they need a Privacy Policy strategy to ensure it’s frequently updated to address any changes that come along. 

Step 4: Point out the penalties and lawsuits

Start this step off by telling clients not to panic, but… penalties START at $2,500 per website visitor whose privacy rights have been breached by your website.

Upon breaking this news, be prepared for your client to follow up with, “but surely, they won’t come after little ol’ me.” While many privacy laws only apply to large businesses, there are plenty of laws that require small businesses to have a Privacy Policy, and you can find many examples of small businesses getting fined. 

But wait, there’s more! The number of lawsuits happening in America right now is on the rise thanks to everyone’s favorite assembly line of legislation: California. CIPA, an old California law, is clashing with CPRA, a newer California law, in a way that’s got certain lawyers foaming at the pen. This is causing major headaches for website owners of both small and large businesses across the country. You can read more about this via our previous blog, CIPA: The 30-Year-Old Privacy Law Getting Website Owners Sued.

Step 5: Share your good privacy practices with them

If a client has made it this far through the steps, the question becomes less about why privacy is important and more about what you, the designer, are doing to address privacy on your sites.

This is where it’s good to have a general idea of what makes for good privacy practices and implement them onto your own website as well. A good starting point is to ensure all your websites have:

• Visible link in the footer to your Privacy Policy, Terms and Conditions, Disclaimer, etc.)
• Checkboxes on all forms that require users to agree to your Privacy Policy
• A reason for any data it collects (not just collecting information ‘just in case you use it’ or ‘just because’)
• Third-party tools that prioritize privacy (i.e. Fathom Analytics over Google Analytics)
• A plan in place to ensure your policies stay up to date (Termageddon or a privacy attorney)

Step 6: Get this all in writing

As I mentioned earlier, it’s ultimately the client’s job to ensure their website complies with current and upcoming privacy laws. As the saying goes, “you can lead a horse to water, but you can’t make it update its Privacy Policy… or something.”

If a client chooses to ignore your recommendations, it’s good to have a document (like our free, Website Policies Waiver) on file that shows where you explained:

1. Why privacy laws exist
2. Why it’s important to comply with them
3. The penalties for failing to do so
4. How it’s ultimately the client’s responsibility
5. Options you recommend for clients to protect themselves

Having this in place will make it much easier to respond to any angry emails from a client who has received a lawsuit.

Step 7: Offer options 

So, let’s get this straight. Privacy is here to stay. It’s constantly changing. Privacy laws apply to most modern websites. Getting sued is bad news. It’s the client’s responsibility to not get sued. So… Now what? 

This isn’t the part where you run away and leave your client thinking they need to pass the BAR exam on the weekend. Instead, recommend these options:

1) First and foremost, to get a privacy attorney who can create and monitor their policies. It’s their bank account, so go big, right? But seriously, a privacy attorney is always the best option. As the web designer, offer to work with the attorney to provide any information they may need regarding the website and its features. 

2) Suggest a Privacy Policy Generator. After all, not everyone can afford an attorney. Just be careful as not every Privacy Policy Generator is legit. You’ll need one that’s comprehensive, auto-updates, has an attorney on staff, is affordable and has alarmingly attractive people working there *cough Termageddon *cough.

3) Offer the option to decline policies. My fingers bled a little just typing that sentence, but it really is their choice at the end of the day (just make sure you have that waiver signed). 

Conclusion

Thank you for reading this far! You’re clearly a web designer by day and a client-saving superhero by… well, probably also day. If you’re reading this in the middle of the night you may have insomnia. Not medical advice. Also, none of this is legal advice.

But, seriously. Privacy is not going anywhere. So you’re doing your clients a huge favor by learning the basics and doing what you can to protect their website and their business.

Well done and we’ll see you next time!