If you are a website designer, chances are that you did not get into this field because you are passionate about privacy law compliance. However, as you were keeping up with the latest website design trends, you may have also heard that an increasing number of website owners have been getting fined for failure to comply with privacy laws.
In fact, there are already multiple privacy laws that require websites that collect Personally Identifiable Information (PII) such as names, email addresses and IP addresses to have a comprehensive and compliant Privacy Policy. In addition, with countries such as the United Kingdom and Australia considering updates to their privacy laws and over a dozen privacy bills proposed in the United States, the Privacy Policy requirement is not going away.
Since fines for privacy law non-compliance start at $2,500 per website visitor, you may be wondering: are web designers responsible for their clients’ website policies? If that’s the case, then you may also be responsible for paying privacy law non-compliance fines, so it is imperative that you first protect yourself.
In this article, we will discuss how to tell whether you are responsible for your clients’ website policies and how you can protect yourself from liability.
Table of Contents
Step 1: Check your contract
If you have a client sign a contract prior to working with you, that contract will govern your relationship and your liability regarding the website, including website policies. To check whether you are responsible for your clients’ policies, either read or have your attorney read your contract, paying particular attention to the following sections:
- Compliance: certain contracts will have a section titled “Compliance.” If your contract has such a section and it states “website designer guarantees that the website will be compliant with all applicable laws, rules and regulations,” then you are responsible for the privacy law compliance of your clients’ websites, including their website policies.
- Warranty: most contracts will have a section titled “Warranty.” Usually, this section is in all caps and thus is very easy to find. If your warranty section states that you do not provide any warranties, then it is likely that you do not warrant compliance with privacy laws. However, if your contract states that you will “perform the work in a professional and workmanlike manner,” then you may be guaranteeing compliance, if guaranteeing compliance is considered “professional” in your industry and area. In addition, you should check whether the warranty section of your contract states anything regarding compliance.
- Damages: most contracts will have a section titled “Damages,” which specifies the total amount that you would be responsible for if your client sues you and they win. Keep in mind that privacy law non-compliance fines can be very high, so make sure that your damages section limits your damages to the least amount possible.
If you do have your clients sign a contract, you should first make sure that the contract does not guarantee compliance (including privacy and policy compliance), that the warranties that you provide do not open you up to liability, and that your damages are limited. In addition, you may want to consider having your clients sign a waiver that ensures that they are aware that you are not responsible for your clients’ policies. Termageddon provides such a waiver for you to use as part of our agency partnership program.
Step 2: Check the default rules of your jurisdiction
While it is certainly not the best, nor a recommended practice, many website designers perform work for their clients without a contract. If you and your attorney have determined that you do not need a contract, you should be aware that the default contract rules of your jurisdiction will then apply.
For example, in some jurisdictions, if there is no contract, then a default warranty will apply stating that “all work will be done in a professional and workmanlike manner” or that work will be performed in a similar manner as to other professionals in the same industry in your area. This type of default warranty can be very disadvantageous to website designers. For example, if other website designers in your area are guaranteeing compliance or are responsible for their clients’ website policies, then you may be too.
Step 3: Check your practices
Did you write a Privacy Policy for your client, provide them with a template or copy and paste someone else’s Privacy Policy for them? First, if you are copying and pasting Privacy Policies from other websites and providing them to your clients, you could be liable for copyright infringement, regardless of your contract with your client. Second, if you are writing Privacy Policies for your clients, or providing them with templates, then you could certainly be liable if those policies are not compliant with the privacy laws that apply to your clients as you are the one who provided that policy to the client in the first place.
If you are providing policies to your clients that you wrote yourself, copied and pasted or found on a free template website, your clients may believe that you are an expert in privacy and contract law and that you are guaranteeing that those policies are compliant. If this turns out to not be the case, then this may tarnish your relationship with your client or may even make you liable for fines that far exceed what you were paid to build the website. Thus, it is best to recommend that your client consult with a third party for their website policies, and not you.
Alternative solutions
As you can see from the above, there are multiple cases in which website designers may be held responsible for their clients’ policies. What is the best way to protect yourself?
- Have a contract with your clients that is written by a competent attorney that knows your industry and the risks that you face. Ensure that this contract adequately protects you from ensuring that the website is in compliance with privacy laws and policy requirements (you can use our free waiver);
- Do not copy and paste Privacy Policies, write policies, nor provide free templates to your clients;
Recommend that your clients reach out to an attorney with experience in privacy and contracts for drafting their website policies. If your clients cannot afford an attorney, recommend that they use a service such as Termageddon to create and automatically update their website policies. When your client signs up with Termageddon or when you share a license with a client, they will have to accept the Termageddon Terms of Service, stating that Termageddon is responsible for their website policies.
If this blog isn’t enough, we have several other tools web designers can use to help inform their clients on the importance of website policies, including: