Subscribe
Share
Share
Embed
For long-form interviews, news, and commentary about the WordPress ecosystem. This is the companion show to The WP Minute, your favorite 5-minutes of WordPress news every week.
Eric Karkovack (00:00)
Hi everyone and welcome to the WP Minute. I'm Eric Karkovack. Today we're talking about privacy and compliance. It's a subject that agencies and freelancers need to be aware of when dealing with clients. Thankfully we have Donata Stroink-Skillrud with us. As president of Termageddon, Donata has the expertise and experience to help us do right by our clients. Donata, welcome to the WP Minute.
Donata Stroink-Skillrud (00:26)
Thanks so much for having me.
Eric Karkovack (00:28)
I appreciate you coming on because I think this is one of those subjects that we in the web development, web design industry tend to get stuck in the middle of. So my first question is hopefully going to be a very easy one for you. Who needs a privacy policy on their website?
Donata Stroink-Skillrud (00:44)
Sure. So I guess to start us off, not legal advice. But, you know, when you think about websites, when it comes to privacy policies, what you should really be thinking about is, this website collecting personal information? So think about it. Does the website have a contact form, a newsletter subscription form? Does it have e-commerce? Can people create accounts? Or maybe there's some tools in the background like
Eric Karkovack (00:49)
Absolutely.
Donata Stroink-Skillrud (01:12)
Google Analytics, ⁓ the Facebook Pixel, Recaptcha, all of these things collect personal information. So kind of the general rule of thumb is if a website's collecting personal information like names, emails, phone numbers, addresses, IP addresses, things like that, then it needs to have a privacy policy. That's kind of the general rule of thumb.
Eric Karkovack (01:36)
So that pretty much includes everyone that it's just about, right?
Donata Stroink-Skillrud (01:39)
Yeah, it's basically every modern website collects personal information. And one of the items that people get really confused about is, ⁓ you know, people are providing this information voluntarily, like they're voluntarily filling out the contact form or subscribing to newsletters. ⁓ That's what we call a legal basis for processing personal information. But just because people submit their information voluntarily, that does not negate the requirements of having ⁓ website policies in place.
⁓ You know, a lot of people also say, well, we're not collecting social security numbers or we're not collecting passport numbers or not collecting like sensitive data. That really doesn't matter either. You know, any kind of personal information ⁓ can be protected by privacy laws. So just because it's a name and email address that they submit voluntarily, that doesn't mean that you're ⁓ off the hook.
Eric Karkovack (02:33)
Yeah, I guess the point is that, you know, we collect that data, but the user still has to know what we are going to do with it, right?
Donata Stroink-Skillrud (02:42)
Yeah, a lot of website visitors, when they're inputting their name and email in a contact form, they're realizing that they're inputting that in, but they don't necessarily know how you're going to use it, who you're going to share it with, how you're going to protect it, and things like that. And also a lot of website visitors, when they go to a site that has, for example, Google Analytics or the Facebook Pixel, they don't necessarily realize that these tools collect their information either.
what we need to have our policies in place that are comprehensive, that kind of outline ⁓ what information is being collected, what you're doing with that information, who you're sharing it with, ⁓ and other disclosures ⁓ that are required by the privacy laws that apply to you.
Eric Karkovack (03:27)
So what are the risks of not having this information on your website? what, I guess I would ask for like a worst case scenario.
Donata Stroink-Skillrud (03:37)
Yeah, so in terms of risks, we kind of look at it twofold. So the first is the regulatory risks. So that's fines and lawsuits. So fines start at $2,500 per website visitor, which can add up really quickly. So let's say you have 100 website visitors from California this month. You did not have an adequate privacy policy in place. That fine would be calculated as 2,500 times 100.
We've also seen businesses of any size being sued for privacy law violations as well, especially under the California Invasion of Privacy Act. ⁓ And that's for tracking website visitors from California without their consent. ⁓ And you know, in the news, you see like the big multimillion, billion dollar fines. ⁓ That doesn't mean that small businesses haven't been fined or sued because they have.
It's just that those fines don't necessarily make the news, but it can be, you know, tens of thousands of dollars or anything like that. And if you're ever interested, you can look up enforcementtracker.com, which for example, tracks all GDPR fines. And you'll see plenty of small businesses in the list there. It just doesn't make the news. ⁓ So that's kind of the first risk is the regulatory risk.
But we also think about the fact that, you know, if you've been building websites for a long time, or you've been using the internet for a long time, back in the day, people didn't really care too much about this. You know, you just went to the site, you uploaded your information, you gave them your credit card, and nobody really paid any attention to it. But what we're seeing now is that consumers are paying more more attention to their privacy, and they're willing to make purchasing decisions because of that. So...
People are increasingly looking for privacy-friendly websites ⁓ and privacy-friendly companies. And if they feel like the website or the company is not privacy-friendly, they will not submit their information. ⁓ So you might get less leads, you might get less contact inquiries, less newsletter subscriptions. People might just leave your site or people might not buy from you. So, you know, people are making purchasing decisions based on that. So...
know, privacy can actually be a competitive advantage as well for your company. So it can be a good thing to pay attention to this and demonstrate to your website visitors that you care about their privacy.
Eric Karkovack (06:03)
Yeah, it's almost like an expected thing these days, right? It's up there with accessibility. We need to make sure our sites are accessible, but we also need to make sure that we're letting people know how we're using their data and what data we collect. I think that's just kind of the expected way to do things now.
Donata Stroink-Skillrud (06:20)
Yeah,
absolutely. And offering them a choice. know, I think all of us can agree that it's very annoying to get endless spam emails or spam texts from companies that you've never heard of. Or maybe you buy one thing from them and all of a sudden you're getting ads all the time. You know, or maybe you're getting text messages at three in the morning about stuff that you're not interested in. ⁓ People really don't like that. ⁓ And
When determining the practices of a website, think about how you would feel if these things were happening to you. Are you getting annoyed by spam? Don't do that to other people because they're gonna unsubscribe and they're not gonna be interested in what you're selling.
Eric Karkovack (07:05)
So in my experience, I've worked with companies from just very small mom and pop type shops all the way up to larger enterprise type clients. And the one commonality I find is that they tend to just ignore this. ⁓ Even those that have legal teams, I found, are very slow to act with any sort of privacy policy, or they simply don't even bring it up. ⁓
And I know that we'll talk a little bit about what we can do as freelancers and agencies, but I just wanted to pick your brain. Why do you think that is? Why have we not educated the public very well on this, perhaps?
Donata Stroink-Skillrud (07:48)
Yeah, I think it's one of those things, right? If you think about, let's say you have a faucet that's slightly leaky, you're going to put that task off until the last possible minute. And I think compliance works that way too. ⁓ People don't fully understand it. They don't necessarily want to deal with it. They want to do the stuff that they're good at. So they want to make money in their business. They want to work on marketing or they want to work on their products.
⁓ Compliance tends to be one of those things that gets pushed to the bottom of the list, unfortunately. And I think, you know, a lot of us are like that. ⁓ Those tasks that you don't really like, you're going to push to the bottom of the list. But the unfortunate part of it is that ⁓ if you do continue on doing that, it's going to come back to bite you. And then it's going to become an emergency. You know, you don't want to wait until you have a demand letter.
until you have an inquiry from a regulator to deal with privacy or compliance issues, because then it's a lot harder to backpedal. If you fix it after the fact, you can still be responsible. ⁓ So unfortunately, we just can't put these tasks off. ⁓ We have to do them.
Eric Karkovack (09:01)
So what would your advice be for ⁓ people who are working in agencies or freelancers, working with clients about this? How should we approach them about this subject? Because as I said, so often nobody brings it up and it just kind of sits there until something happens.
Donata Stroink-Skillrud (09:18)
Yeah.
For sure. So I guess first of all, as a web designer, you should not take responsibility for this. ⁓ You know, no matter how much you're getting paid to build a website, you're not getting paid enough to assume compliance responsibilities. And there are a lot of agencies who have templated contracts, for example, that will state that we warrant and guarantee that this website will be compliant with all applicable laws, rules, and regulations.
remove that from your contract right now. ⁓ That is the worst thing that you can do for your agency is make yourself responsible for this. It should be the client that's responsible for compliance and not the agency. Now, in terms of how to bring this up to your clients, ⁓ I don't think this has to be really complicated. And I don't think you have to be an expert in privacy law to bring it up or an expert in compliance matters to bring it up. I think it can be as simple as
Look, I'm not a compliance professional, I'm not a lawyer, I'm not providing you with legal advice, but just so you know, your website is collecting personal information, it has these trackers on it, you should really think about privacy compliance. Now, whether that's getting a privacy policy in place, getting the proper consent in place, you should really figure out what the requirements are and implement those requirements on your website. ⁓ We also recommend, you know, ⁓
A lot of agencies as standard practice have been installing these tools on websites forever. So, you know, maybe you have a checklist where you install Google Analytics and you install the Metapixel and you install Recaption, you install all these different trackers, but you never tell the client that you've done that. ⁓ So my recommendation would be, you know, before launch ⁓ or if you haven't done this for websites that you've built in the past saying, look,
Eric Karkovack (10:52)
Yes.
Donata Stroink-Skillrud (11:13)
These tools have been installed on your site or will be installed on your site. Do you want all these? Are you okay with these? You know, let me know. So that the client's informed as to what's on their website.
Eric Karkovack (11:25)
Yeah, that's a big one. I mean, for so many years, know, clients leave the technical details to us, right? We're the ones who are building out the site and they're really responsible for, you know, okay, getting us the assets, you know, the logos, the content and things like that. And so, you know, we assume a lot of times that clients, well, they're going to want Google analytics and they're going to want this and that. But these days with the privacy laws that we have, it makes sense that, you know, we really should be informing.
every about every tool like that that we are adding and recaptcha is actually a good one because I hadn't thought of that.
Donata Stroink-Skillrud (12:02)
Yeah, so to unpack that, say Google Analytics is an example. A lot of agencies install it on client sites because they think a client might need it. ⁓ Google Analytics collects personal information like IP ⁓ address, device identifier, information as to how people interact with a website. And it can also subject ⁓
websites to certain privacy laws like GDPR because they're tracking the behavior of residents of the EU, for example, on the site. So it has a lot of privacy implications. It shares this data with Google. It collects a lot of data, some of which may not even be totally necessary. ⁓ And it subjects ⁓ websites to the consent requirement of having people agree to Google Analytics before that cookie fires. Now, let's say the client did not know that
that it was on their site. So they could never set up the right compliance because they didn't know that it was on their site. They didn't know it was collecting data. They didn't know sharing data. They didn't know it was subjecting them to certain privacy laws. So they might not have taken those proper compliance steps to make sure that they're ⁓ having Google Analytics set up correctly with the right compliance measures in place. And it's interesting, you know,
We do a lot of calls with clients helping set up their privacy policy and things like that. And before the call, we go to the website, we run a scan and we see what technologies are on the site because it affects how their privacy policy is created. And we'll say, you know, since your website has Google Analytics, you could be tracking residents of the EU or the UK. And we have so many calls where the client's like, I did not know that. I did not know I had this on the website.
And we're like, well, have you ever accessed the data? Have you ever done anything with it? No, I have no idea how to even do that because my agency set it up for me. So you're not just, you know, subjecting the client to all these compliance regulations. You're also having the website collect information for no reason, right? Because if the client never goes onto their Google Analytics dashboard, never sees the data, never does anything with the data.
They never needed Google Analytics in the first place, right? So I think it's a great practice to, you know, before the launch of the site to provide the client with a proposed list of technologies, explaining what these are and asking them, do you need this? Like, are you ever going to look at this? Are we ever going to do anything with this data? And if the answer is no, then don't install it because they don't need it.
Eric Karkovack (14:39)
That's a great point. Yeah, we have, you know, it just becomes second nature in this industry, I think, to just put these tools on, on, on the website and just forget about it. And then we're not necessarily using them. That's the funny part. I can't tell you how many times we've put Google analytics on the site and the client has no interest in it after a while. They may actually look at it a couple of times and then they're just sort of.
Donata Stroink-Skillrud (15:01)
Yeah. ⁓
Eric Karkovack (15:07)
You know, it just gets pushed to the back burner. So that's great advice. And I know, like you mentioned, the EU, I mean, sometimes, you know, this is a global industry. I'm in Pennsylvania right now, but I may I may work with someone in ⁓ in Europe or another jurisdiction where there are stricter laws. ⁓ You know, I guess that's something that we we still need to just have that conversation, right? Because it's again, it's not up to us necessarily to know the rules, but just to.
Donata Stroink-Skillrud (15:08)
Yeah.
Eric Karkovack (15:36)
Make them aware that, you need to be aware of the rules.
Donata Stroink-Skillrud (15:40)
Yeah, yeah, exactly. you know, websites are very different and small businesses are used to the idea of, I operate in this state, right? I live in Illinois, my business is in Illinois, my employees are in Illinois. I don't really need to worry about other states or countries, but websites are different. So when it comes to your website compliance, you really should be thinking not where am I located, but you should be thinking about from where people can visit your website.
So can people from other states or countries visit your site? Can they submit their personal information to you? Do you track them through different tools like analytics or advertising or anything like that? ⁓ Where are your customers located? Where do you ship? Where do you offer your services? Things like that. So those are really the things we should be thinking about when it comes to website compliance.
Eric Karkovack (16:31)
So I know a lot of people have put things in place over the years. It doesn't always work. It's not always what we would, I'm sure what you would consider to be the ideal implementation. So have you seen any sort of bad practices on both maybe the agency and the client side that stand out to you?
Donata Stroink-Skillrud (16:52)
my gosh, so many. So, you know, anywhere from the agency's contract saying we warrant that this website is going to be compliant to the agency adding a privacy policy where it says that if the there's any questions about privacy or any complaints, please contact the agency. They should be contacting the website owner, not the agency. You know, as the agency, you're not getting paid enough to deal with
legal questions from website visitors. ⁓ We've seen agencies that provide their own templates to clients. ⁓ So as the agency, if you're providing your own template to the client, you're saying that this template is correct, right? ⁓ Or the agency goes on and copies and pastes the competitor's privacy policy for their client. So you're committing copyright infringement on the behalf of your client.
All of these types of practices are really put the agency at a lot of risk. What we recommend is telling the client, this is your responsibility. Like you need to figure out compliance for your own website. I'm not a lawyer, I'm not providing you with legal advice, but you're collecting personal information and you need to address compliance on your site. And you can offer different recommendations for different tools, tell the client to go talk to a lawyer.
⁓ You know things like that ⁓ at Termageddon we offer a website policies waiver Which you don't have to use Termageddon to use that waiver, but it basically says that this is your responsibility client What do you want to do with this?
Eric Karkovack (18:27)
That makes sense. I mean, it's, you know, the best I think a lot of people, a lot of people in our industry can do is really just push the client in the right direction, at least to make them aware that there is a ⁓ responsibility there because again, we don't have that conversation nearly enough and it doesn't come up until, you know, something goes wrong or somebody asks about it. A user maybe asks about it. ⁓
So once you have a policy in place, ⁓ what kind of maintenance requirements are there and is that something? Again, I realize it's probably pushed to the client, but they're probably going to ask us about it too. So what kind of requirements are there once you have something?
Donata Stroink-Skillrud (19:07)
now.
Sure.
Yeah, so assuming that you have the correct privacy policy in place, that it accurately lists all the disclosures that are required by the laws that are applicable to you, it accurately describes your business and your privacy practices, you put that on your website and it's not over, right? So the first set of updates that you should be considering is changes to the website or changes to the privacy practices.
So let's say that I start off with a website with just a contact form, but now I add a form where people can apply for jobs. I need to update my privacy policy because I'm collecting additional information. I'm using it in different ways. Maybe I'm sharing it with different parties. So you need to make sure that those privacy practices are updated. And then the second set is legislative updates. So, you know, existing privacy laws change, right? So...
As technology evolves, privacy laws that were passed many years ago, maybe there's new privacy risks now, new privacy harms, there's new technologies that affect privacy. Those privacy laws change so they can change what your privacy policy might need to disclose. So let's say Connecticut as an example, they passed a privacy law. Previously it was not required to disclose whether or not you use personal information to train large language AI models. This summer,
Connecticut is updating its privacy law, so the effective date is this summer. And now your privacy policy needs to state that if you're training large language AI models and you're using personal information to train them, your privacy policy will need to disclose that, right? So existing privacy laws change. ⁓ In addition, new privacy laws are passed all the time. So let's ⁓ take the US as an example. We don't have a comprehensive federal privacy law that covers
regular personal information collected by websites. have laws for healthcare information or financial data or children's information, but not for like name, email and phone number collected through websites. So each state is passing and proposing its own laws. So right now we're tracking over a dozen privacy bills. This year there's five updates for new privacy laws going into effect. So you need to make sure that your privacy policy stays up to date for those changes too.
So it's not just that you need a privacy policy that complies with the laws of today. You also need to have a strategy to keep that policy up to date with future legislation as well.
Eric Karkovack (21:43)
That's the beauty of the US system. We have all these different states with all these different laws and we're gonna have a huge spaghetti mix of privacy laws.
Donata Stroink-Skillrud (21:50)
Yeah, I'm not sure if beauty
is the word I would use to describe that more like horror. It's terrible. It's a terrible, terrible system. And it makes compliance really hard and it makes it really complicated. And what's really unfortunate is that a lot of these laws don't overlap. Like some laws will say you have 30 days to respond to requests for deletion. Others give you 45. Some of them you can expand it to 60 days.
⁓ So it just creates this mishmash ⁓ nonsensical system that we have here.
Eric Karkovack (22:24)
I'm sure it keeps you quite busy.
Donata Stroink-Skillrud (22:26)
Yeah
does, that's for sure.
Eric Karkovack (22:28)
Well, you mentioned large language models that I did want to ask. I imagine there are people out there now trying to generate their privacy policies with AI, which is probably not the best idea at this point in time. do you see AI as something that could potentially help in this area? Maybe not right now, but in the future?
Donata Stroink-Skillrud (22:39)
Yeah.
So as a privacy lawyer, tried it and you know, I'm kind of lame. So it was fun for me to try it. But basically the only way that I could get a like chat to PT to generate a compliance privacy policy is if I told it the privacy laws that apply to me, I told it all the disclosures that my privacy policy needs to have based on those laws. And then I describe my business and privacy practices to match those disclosure requirements.
A lay person doesn't know that, right? Like if you're going to spend hours and hours and hours reading all these privacy laws and plugging in all these requirements to chat GPT, describing all the practices, like you've basically already wrote the privacy policy yourself. It's just kind of helped you phrase it in a nicer way. So, you know, to get it to write a compliant privacy policy, you have to put so much work into it to get an actual compliant product.
and it doesn't update it for you, right? So a lot of these LLMs, they're actually a couple years behind on the law, so it doesn't know the most recent laws. It doesn't tell you when the laws have been updated or how they've been updated, and it also makes stuff up. So there was recently a piece in the news where this ⁓ woman used chat GPT and it convinced her to fire her lawyer because it provided her with like a slew of fake cases to support her case, but
All of them were completely fake. it's like, unless you are an actual subject matter expert in it, you're not gonna know if it tells, if what it spits out to you is actually correct, right? Like you had to check every single claim that it makes, every single case that it cites and everything. So it really is just not worth your time because you don't know what's right or what's wrong. I think that in the future, a couple areas where it could be helpful,
is with rephrasing certain portions of privacy policy text to maybe make that portion a little bit more consumer friendly or a little bit easier to understand. Or maybe you bring down the reading level to like a certain reading level, things like that. But even there, I mean, it's kind of interesting. ⁓ I've had a project where I had to make something a certain reading level and I input a level of text.
to chat GPT and I say, hey, please make sure this passes the Flush KinKate test at eighth grade. And it's like, okay, here's the new test. It 100 % passes this level. But then I go to actual Flush KinKate website and I input the text and it's like, no, this is college level, right? So you just can't trust it, right? It tells you that it's correct. It tells you that it's done something. But then when you check it against a third source, it's not right.
Eric Karkovack (25:32)
Hahaha
Donata Stroink-Skillrud (25:43)
⁓ So I think a lot of it is just kind of a waste of time, in my opinion, at least the way it is right now.
Eric Karkovack (25:51)
Yeah, we find that with just about everything. mean, we work, you know, on this show, we talk a lot about generating code with it. And, you know, there are, it does some amazing things, but it also, you know, it's not perfect, but it's always confident. That's the one thing you can count on is that AI will be the most confident academic in the room, regardless of what it knows or doesn't know.
Donata Stroink-Skillrud (26:09)
Yes. Yeah.
Yeah. And it happens the same way with people as well. If you ever meet somebody who's like 100 % confident about something, that should be a red flag. I mean, I just watched a video of this guy who says, you know, I'm really busy right now. I need you AI to help me with this customer support ticket. The customer found hair in their food, you know, just placate them, tell them you're going to do better next time. And that's it. The AI gets on a
Eric Karkovack (26:20)
haha
Donata Stroink-Skillrud (26:39)
the call with a customer, it's like a fake customer, right? This guy is just testing this AI, gets on a call with this customer and says, you know, we're gonna offer you your money back. We're also gonna give you a $50 gift card. And the guy then talks to the AI and he's like, you didn't offer it any money or any gift cards, right? And the AI is like, no, I would never do that. Even though like 10 seconds ago, that's exactly what it did, right? So it's hard to trust something like that.
Eric Karkovack (26:59)
Hahaha
Donata Stroink-Skillrud (27:07)
In my mind, whenever you use AI, whether for development or policies or anything like that, you always have to have an expert person review that. You can't just let it go in the wild without an expert reviewing it. And I think web designers and developers know that when it comes to AI generated code. And it's the same way when it comes to AI generated policies.
Eric Karkovack (27:29)
Kids, do not let AI write your policies. Maybe rephrase a section here or there. But that's great advice. mean, there's always so much you can trust it. AI could be your best intern or your worst nightmare, I guess, is kind of the point.
Donata Stroink-Skillrud (27:45)
Right.
Yeah, have a person review stuff with code, with policies, with chat bots, all of that, because it can lead to some really negative consequences for you down the road. And you just want to make sure a person checks it.
Eric Karkovack (28:02)
Exactly. You may save a few minutes or a few bucks in the beginning, but it's probably going to cost you in the end. ⁓ Are there any other items that we should be considering? know accessibility statements, ⁓ cookie consent banners are all part of this now too.
Donata Stroink-Skillrud (28:23)
Yeah, I think it's good that you bring up consent banners because there's so many bad ones out there. ⁓ So, you know, by default, you know, it really depends on which privacy laws apply to you, how the consent banner is configured. But I'll talk about kind of the baseline requirement ⁓ is it needs to have an accept and a decline button and they need to be the same size, the same color.
So if you have a giant accept button that's in green and a tiny little decline link that's in red, that's going to be non-compliant. ⁓ It also needs to obtain actual consent. So if you have a banner that says, by visiting this website, we're assuming that you're okay with cookies and it just says, okay, that's not compliant either, right? Because you need to have accept and decline. It also needs to stop all non-essential scripts from firing until the user provides their consent.
So if you go onto the website and there's a bunch of cookies firing and the consent ban or you haven't interacted with it even yet, that would be non-compliant as well. A lot of businesses have misconceptions as to what essential means. So essential means that it's essential for the operation of the site. So without this script, the website would not even load. So Google Analytics is not an essential script, even though you might think it's essential for you to get analytics on your website, ⁓ it's really not.
So make sure that those scripts are adequately being controlled and that you're allowing people to change their settings. So if I go to a site and I accept Google Analytics today, I need to be able to go back to the site tomorrow and say that I decline it. And it must be as easy to provide consent as it is to withdraw it. ⁓ So you shouldn't be hiding the consent banner on second appearance.
between like 30,000 different links or 30,000 different pages, it should be easy to bring it up again and decline consent too.
Eric Karkovack (30:21)
Well, that's good advice. Yeah. The cookie consent banners, it comes into a few different things. Like sometimes we see them and they don't actually do anything. You can click either one and it just says, okay, you know, and then
Donata Stroink-Skillrud (30:31)
Yeah, the placebo. Yeah, yeah, the placebo
banner. Yeah, that's what we call that.
Eric Karkovack (30:39)
Yeah, it's just like it's there, but you're not actually complying with anything because you're not doing anything. I guess that's good advice. Make sure that whatever you implement actually does what it says it does. There are tools to test that. As for accessibility, what sort of things, and I don't want to take up too much of your time, but what sort of things basically should we be doing there?
Donata Stroink-Skillrud (31:03)
Yeah, so I'm really not an accessibility expert. That's not my area of expertise. But we recently actually went through an accessibility audit. And it's interesting to see how many things between accessibility and privacy overlap. ⁓ So for example, one of the things that we say in privacy is that your policy links need to be easy to find. And that comes into play with accessibility. So if you have a footer,
Eric Karkovack (31:17)
Yeah.
Donata Stroink-Skillrud (31:28)
and your link to your privacy policy is light gray and your background is a little bit darker gray and you can barely see it, ⁓ that's both a privacy and an accessibility concern. We also wanna think about training our support staff ⁓ about accessibility because they run into accessibility issues all the time. How should those be handled? What is the procedure for when somebody needs information in a different way maybe?
or can we do a call instead of ⁓ a written communication or vice versa? So thinking about those kinds of standards as well, and also thinking about WCHE standards, potentially getting an accessibility policy in place, ⁓ what we want that to say. ⁓ We don't want to just have policies in place saying that we don't meet any accessibility standards. You know what I mean? And we also wanna have things that...
backup our claims as well. So if we're saying that something is WCAG AAA compliant, we want to make sure that we have a third party audit that can actually verify that. So we don't want to make false claims. ⁓ Same thing in privacy. know, a lot of websites will say, we don't share your personal information with third parties. Well, let me tell you, it's almost impossible to have a modern website without sharing personal information. If you have an email newsletter list that you upload into MailChimp,
you're sharing that information with Mailchimp. So we want to make sure that we have verifiable, true claims on our policies and on our website, whether it comes to accessibility or privacy.
Eric Karkovack (33:04)
Well, awesome. Thank you so much for your time, Donata. I appreciate all your expertise here. ⁓ So where can folks connect with you online and learn more?
Donata Stroink-Skillrud (33:10)
Yeah, happy to be here.
Sure, so me personally, you can find me on LinkedIn, Donata Stroink-Skillrud You can also take a look at our company at termageddon.com ⁓ or really any social media platform ⁓ at Termageddon.
Eric Karkovack (33:33)
Awesome. Well, I want to thank you for your time and I want to thank everybody for watching and listening to the WP Minute today. Go and visit us at the WPminute.com slash subscribe. You can get our newsletter and find out everything that's happening. Also become a member and support the work we do here at the WP Minute. Thanks and we'll see you again next time.