Should web designers handle their clients’ Privacy Policies? 

Most web designers serve as a “go to” person for all of their clients’ questions regarding websites, from which colors look good to installing website analytics and similar tools. If you are a web designer, chances are that your clients have asked you what they should do for a Privacy Policy, whether you have a Privacy Policy template that they can use, or may have even asked you to copy and paste a competitor’s Privacy Policy. Thus, you may be asking yourself, “should web designers handle their clients’ Privacy Policies?”

The short and sweet answer to this question is that if you want to protect your web design business and avoid fines and even lawsuits, then you should not handle your clients’ Privacy Policy or any other documents and should instead refer your clients to someone who specializes in this type of work. In this article, we will discuss the risks that web designers face when handling website policies and alternatives so that you can better protect your web design business. 

What is the risk of web designers handling clients’ Privacy Policies? 

Web designers want to be helpful to clients and may be working with clients who are not very tech savvy or do not understand the importance of a proper Privacy Policy. While it may be tempting for a web designer to help their clients with a Privacy Policy, the fact is that doing so may not just put the web designer at risk of fines and lawsuits, but it may be doing a disservice to the clients as well. 

Privacy Policies are documents that explain a business’ privacy practices such as what Personally Identifiable Information (PII) is collected, what is done with that information, and who it is shared with. The disclosures within the Privacy Policy are dictated by the privacy laws that apply to that particular business. To be compliant, a Privacy Policy must meet the following factors: 

1. Include the specific disclosures required by the privacy laws that apply to the business; 
2. Accurately reflect business and privacy practices; and 
3. Be updated for new legislation, amendments in existing privacy laws, rules, regulations, and guidance issued by legislators.

Having a non-compliant Privacy Policy can be very costly, with privacy law violation fines starting at $2,500 per violation. In this case, “per violation” can mean per website visitor whose privacy rights were infringed upon. In addition, privacy violations can even cause lawsuits in certain cases. 

As you can see from the above, fines for failure to have a proper Privacy Policy can be extremely costly to a business. If a web designer provided the Privacy Policy to the client, the client could sue the web designer and even recover the costs of the fine or the costs of the lawsuit. Web design projects usually do not make enough profit to justify this high risk and high amount of damages, leaving web designers to cover these types of costs out of pocket. 

When can the handling of Privacy Policies by web designers cause risk? 

The following is a list of examples of actions where the handling of Privacy Policies by web designers can put the web designer at risk: 

1. Informing clients that they do not need to have a Privacy Policy or do not need to have additional privacy tools such as a cookie consent banner. The fact is that most websites that collect PII such as names, emails, phone numbers or IP addresses will need to have a Privacy Policy as this information is protected under a number of privacy laws. Many of these privacy laws will apply regardless of business size, revenue amount, employee count, or the amount of PII that is being collected;  
2. Providing clients with a template Privacy Policy. Privacy Policy templates are not good solutions for businesses as they:
   1. Are not based on the privacy laws that apply to the business; 
   2. Do not contain all of the required disclosures; 
   3. Do not accurately reflect business and privacy practices; 
   4. Do not update for changing legislation. 
3. Copying and pasting the Privacy Policy from a competitor’s website. First and foremost, the copying and pasting of Privacy Policies from other websites is copyright infringement. Second, the Privacy Policy will most likely not fit the clients’ needs as the competitor may need to comply with a completely different set of privacy laws, thus missing needed disclosures and would not fit the clients’ business and privacy practices. Lastly, the competitor may not update the policy as required by new legislation, leaving the client out of compliance; 
4. Editing an existing Privacy Policy. Sometimes, a client may have an existing Privacy Policy and may ask you to make changes to this policy or add any text. This may be an issue as well in case the edits that you perform make the policy non-compliant with privacy laws. 

The fact is that the handling of Privacy Policies by web designers can open the client up to the risk of fines and lawsuits. As a result of that, it also puts the web designer at risk as well as the client will place the blame on the web designer if the client is fined or sued due to a non-compliant Privacy Policy. 

How can web designers avoid Privacy Policy risks? 

Web designers can avoid the risks inherent in handling Privacy Policies for clients by either referring clients to a privacy attorney or to a tool such as Termageddon, which can create Privacy Policies for your clients. Doing so can reduce the risk of the web designer by placing the risk on another party to ensure that the policy is compliant and up to date. Web designers should consider taking the following additional steps to further protect themselves: 

1. Have your clients sign a contract that makes it clear that you (the web designer) are not responsible for the compliance of the website with privacy laws and other applicable laws. The contract should clearly state that it is the client’s responsibility to ensure the compliance of the website; 
2. Have your clients sign the Website Policies Waiver. The waiver explains to the client that it is their responsibility (and not the website designer’s) to ensure that the website has proper policies in place; 
3. Say “no” to clients when they ask you to perform any of the actions listed above that can increase the risk and liability of the web designer; 
4. Refer your client to a privacy attorney or to a reputable Privacy Policy generator such as Termageddon; 
5. If you purchase a license for a client through Termageddon, make sure to share that license with the client so that they can accept the Termageddon policies (stating that Termageddon, and not the web designer is responsible for the policies), receive privacy law and policy update emails, and can go in and change any answers to the policy questionnaire. 

Taking the steps above will not only ensure that you protect your web design business, but will also ensure that your clients have proper policies in place, helping protect them and their business as well.