How to Protect Your eLearning Business from Fines and Lawsuits

In this LMScast episode, Donata and Hans share insights about privacy and legal issues that need addressing in website policies, particularly in relation to an eLearning business. They discuss how to protect an eLearning business from fines and provide valuable guidance.

They highlighted a few key points about the privacy and policy such as Updating Policies, Legal Disclaimer, Accuracy and Customization and Understanding Applicable Laws.

The discussion focuses on the necessity for organizations to develop policies in accordance with the privacy regulations that apply to them, avoiding the risks of adopting templates. To ensure that rules accurately represent a company’s particular practices, accurate customization is essential.

Here’s Where To Go Next…

Get the Course Creator Starter Kit to help you (or your client) create, launch, and scale a high-value online learning website.

Also visit the creators of the LMScast podcast over at LifterLMS, the world’s leading most customizable learning management system software for WordPress. Create courses, coaching programs, online schools, and more with LifterLMS.

Browse more recent episodes of the LMScast podcast here or explore the entire back catalog since 2014.

And be sure to subscribe to get new podcast episodes delivered to your inbox every week.

Episode Transcript

Chris Badgett: You’ve come to the right place if you’re looking to create, launch, and scale a high value online training program. I’m your guide, Chris Badgett. I’m the co-founder of LifterLMS, the most powerful learning management system for WordPress. State of the end, I’ve got something special for you. Enjoy the show.

Hello, and welcome back to another episode of LMS Cast. I’m joined by two very special guests. We’ve got Hans and Don. They’re from Termageddon. That’s T E R M A G E D D O n.com, which helps you stay compliant. With your terms and conditions and privacy policy, super important. Whether you’re building a website for yourself or you’re, you’re a WordPress professional, that creates websites for clients.

We’re gonna geek out on some legal, some privacy, some terms issues, and demystify and help, help find a way forward. Welcome back to LMScast U two.

Donata Skillrud: Thank you Chris. Glad to be here.

Hans Skillrud: Yeah, I had imagine everyone listening couldn’t be more excited to learn about website policies today.

Chris Badgett: So I think, I think you guys make it fun and it is actually super important.

I remember the first time I had to create a privacy policy or terms and conditions. I, I went to a famous internet person that, that I was sure followed, had a lawyer and just kind of modeled theirs or whatever. But that’s not the way to do it. I guess before we dig into the, the details, what is term mageddon and and we’ll, we’ll kind of tour around these, is these issues of legality and, and privacy.

Hans Skillrud: Yeah, absolutely. And it’s probably good being the husband to an attorney. I will do wanna note, please note nothing in this podcast will be for. Legal purposes. It’s not legal advice. Always speak to your attorney before you make any legal decisions. So Termageddon is a website policies generator.

So what’s special about our tool is kinda like two things in my opinion. Number one, it’s a, it’s a series of questions that help you identify the laws. That apply to you specifically. And then the questionnaire adapts to provide the disclosures you specifically are required to make under your own policies.

You then, after you generate your codes with termageddon, you copy and paste our codes into your website, and that’s what allows us to push updates whenever new disclosures become required. A lot of people are surprised to hear that additional updates need to be made to a privacy policy. But that’s simply the world we live in.

Three days ago at the time of this recording, yet another state passed a US privacy law that could require website owners to make new disclosures in their privacy policy. So I like to think of term, again as a, a strategy to keeping your policies up to date over time with newly required disclosures, helping you avoid fines or lawsuits.

Chris Badgett: So if somebody’s a, a course creator or coach, or we’re building a site for a client like that, and let’s say they’re teaching online yoga, what? And they’re not a law, they’re not a lawyer. They know they need to have this on the bottom of their website. What’s the most important things for them to know about, to do it successfully?

Donata Skillrud: Sure. So the first thing that’s really important to know, and Hans kind of alluded to this a little bit, is that your policy needs to be based on the privacy laws that apply to you. And that’s because each privacy law has its own set of disclosures that re it requires privacy policies to make. Are usually different from other privacy laws.

So if you’re buying a template or something like that, it’s not gonna be compliant because it’s not based on those laws. And also don’t assume that, you know, if you get a template that’s G D P R compliant, that you’re automatically compliant with other privacy laws because those disclosures are different.

For example one of California’s privacy laws koppa requires you to disclose how your website responds to do not track signals. And G D P R doesn’t require that disclosure. So your G D P R template won’t comply with other laws. And then second you wanna make sure that your privacy policy is accurate to your actual business and privacy practices.

Chris, like you said, like the first time that you had to create a privacy policy, you went on somebody else’s website and kind of copied and pasted it and adjusted it. If you do that copy and paste method, that policy will be based on their privacy practices, which means that it won’t be accurate to yours, which means that it won’t be compliant and you’re not alone.

Hans Skillrud: Chris, for the record, prior to marrying Donata, I used to copy and paste privacy policies whenever my clients would ask. So you are not alone. I assure you. This is a global. Trend. And it’s a trend that I think is decreasing over time because people are seeing changes in privacy and I think it’s good to, you know, take that yoga example and kind of share some insights, which is that.

People’s personal information is what’s being regulated under these privacy laws. So what it means is governments all over the world are regulating data like this to protect their people’s data. What that means is there are certain people around this world who have a right to owning their name, their email address, their phone number, that is their property, and business owners have to respect that.

So if you have a website offering virtual yoga classes, I would imagine they would welcome business across state lines. Not all, every, not everyone in those examples, but I’d imagine a lot do. And therefore since you’re collecting personal information from across state lines, either when people register or make a purchase or just submit an inquiry or just if you’re collecting IP address behind the scenes for analytics or security purposes, you need to find out if those.

People have privacy rights and if those laws apply to you because only then can you find out what disclosures you are required by law to make in your policy.

Donata Skillrud: Yeah and you don’t have to be located in those states or those countries for those laws to apply to you. So for example, we’re located in Chicago, right?

We’re not in Canada. But because we collect the personal information of residents of Canada, Canada’s privacy law, Pipee still applies to us even if we were not located there. And we never actually set foot in Canada.

Chris Badgett: So can you speak a little more to the whole jurisdiction or location thing? If let’s say we’re in the United States.

Mm-hmm. There’s the states of the United States and then there’s other countries. How do we think about being and we wanna sell our, our courses and coaching programs and, and online learning all over the world. How do we think about it? Seems a little overwhelming to be compliant everywhere. What do we need to actually worry about the most?

Or do we need to be compliant in every country in the world?

Donata Skillrud: So no one is compliant with every country in the world. Even companies that have billions and billions of dollars in resources are not compliant with every privacy law that’s ever been passed. So I don’t think we need to think about it that way.

I think we really need to think about whose information are we collecting. So who’s submitting forms on the website, who’s being tracked through analytics or similar services? And where we’re doing business. So again, going back to the yoga studio, let’s say I have Stripe and I can see that 50% of my customers come from the United States, 25% come from Australia, and 25% come from the uk.

I can clearly know that I’m doing business. In those areas because I’m receiving transactions from there. So I should make sure that I’m compliant with those laws, at least to begin with. And I think when it comes with jurisdiction, a lot of people are confused about that because they think I’ve never been to California, let’s.

Say, why would their privacy law apply to me? Or how could they get to me if I’m located in Chicago and not in California? When you’re doing business in state, certain states, so for example, I have transactions with consumers from California, or I’m targeting those residents, or I’m. Keeping their personal information, things like that.

I’m actually interacting with that state, and that’s sufficient to provide jurisdiction because if you have revenue from that state or you have visitors from that state, that’s sufficient to establish a connection usually.

Chris Badgett: That’s awesome. Let’s talk technic technicality. So if somebody fills out the form so that term can figure out the right.

Policy to generate. How does it actually end up on the WordPress website? Does it create a short code, a block or something? Like how do they get it on there and then, and then, and you’re saying it stays up to date as, as you update the underlying data set.

Hans Skillrud: Yeah, so after you go through the questionnaires each policy has its own JavaScript embed code.

That’s a lot of fancy talk for something. You just simply copy and paste into the body of your policy pages, and that is what allows your website visitors to visit your privacy policy page on your own website. And sure enough, the privacy policy will populate. But behind the scenes, that data, that, that content is coming from Edin.

So we control what that content says. And I don’t mean to sound like a control freak. You have all, you can fully customize it however you wish. But why that’s important is so that when new laws go into effect, like the four new laws going into effect in 46 days, at the time of this recording, we are able to notify our customers of the changes, ask any new questions that need to be answered, and then push the updated.

Disclosures directly to the client sites. Just in time for when governments can start enforcing the law.

Chris Badgett: That’s awesome. Let’s, let’s talk financials in a little bit in the sense that like we’re we’re, I know ’cause I’ve hired lawyers one-on-one before, they can be very, very expensive. I. You know, many hundreds of dollars an hour and, and even more sometimes.

How were you guys able to come up with this concept of taking almost democratizing access to quality legal help, guidance documents?

Donata Skillrud: Sure. So we’re not a law firm, so we don’t actually provide like legal advice or anything like that, which helps us keep costs down significantly. And at least. My reason for starting term EdDin is before term EdDin, I was in private practice.

I. So I had some clients and they would get, you know, new websites being built or whatever, and they would ask me, Hey, do I need a privacy policy or do I need a terms of service? And I really noticed that at that time, you know, before these new privacy laws passed, I was kind of asking them very similar questions what data do you collect, where you do business?

You know, who do you share it with? Things like that. And I thought to myself, Hey, there’s gotta be a way to automate this because I noticed that a lot of these people that were coming to me could not afford. The cost of having an attorney create their policies in the first place, much less continuously monitor privacy laws for them and keep them up to date.

And I really thought it was one of those things that could be automated. So that was my thought behind try mcg getin. Yeah.

Hans Skillrud: And and, and I’ll note, you know, for anyone listening that has the funds to. Hire an attorney and have them monitor privacy laws on your behalf and provide you with legal advice.

Nothing beats that. Like of course, if that’s in your budget and, and you can afford that with your business, go that route. Nothing beats having that. But, but I would like to think of term again as an excellent cost effective alternative if that’s not. Possible. Because, you know, that’s our job.

Monitor privacy laws, notify customers of changes and keep policies up to date over time. And, you know, we started the business seven years ago, but fast forward to today, I still remember the very first time an attorney was interested in using our service and I was so scared. I’m like, oh my gosh. I felt like term attorneys were gonna hate us.

Turns out the vast, vast majority of attorneys also don’t like creating privacy policies because of how complicated it is. We’ve had people come to us that were quoted $60,000 to comply with 12 international privacy laws, something that they can do in term again in 45 minutes. And and the attorney set a six month turnaround.

So they went with term McDon, they got their policies drafted, and they even shared access. With their attorney who reviewed it and had zero edits. I think like one thing that we’ve really appreciate I’ve, I’ve enjoyed is that we are attorney friendly. To be honest, I thought people were gonna, I thought attorneys were gonna hate us, but yeah, they, they like us too.

So that, that’s been nice.

Donata Skillrud: Yeah, we have a lot of law firms using our service, which has been great. And you know, if you still wanna use term andin and a lawyer, you can do that. You can create your policies with term andin, share the license with your lawyer, have them review it. Which is significantly cheaper than drafting something from scratch, too.

Chris Badgett: That’s awesome. Let’s, let’s assume somebody’s watching or listening to this that is newer to online business WordPress. Maybe they missed the big G D P R wave that came maybe four years ago or so. Can you kind of set the stage of what that was, why it’s still important? And I just wanna note like with a learning management system, You’re definitely collecting user information.

There’s all kinds of their data on your website, and I just want to state that WordPress and LifterLMS is G D P R compliant. People can disappear in the correct ways if they want to. Request to be removed from your platform, which is a really cool innovation. And I actually really value the the intent behind privacy laws, even though they can be a pain to deal with.

But what was the whole G D P R thing and how is it still relevant today for those that have. Never heard of it or kind of forgot about it.

Hans Skillrud: Yeah. And, and Chris, you shared a whole bunch there that I couldn’t agree more with you on and, and for anyone listening that’s concerned, oh, LifterLMS collects data or, or my system, my LifterLMS system collects data.

Collecting data is a totally normal thing that. Any business, I, I can’t think of an example where a business can run a business without collecting people’s data. Like you gotta get paid somehow. You know? So there’s nothing wrong with collecting data. What’s happening is people are getting privacy rights, where we as business owners have a responsibility, a legal obligation to make specific disclosures within our policies to respect their privacy.

Comply with applicable laws and although there’s been privacy laws for decades now what really got people kind of turned up a little bit was G D P R, the General Data Protection Regulation, which protects the personal information of residents of the European Union or European economic area. And I think the reason why this caught people’s attention was for number one, they enforce it quite regularly.

A lot of people think it’s just Facebook getting fined. One, what was it last week? 1.3. 1.3 billion. Yeah, 1.3 billion last week. But actually there’s one person companies being fined, five figures, six figures for, for non-compliance too. So I think the fact that they are enforcing it at an increasing rate caught people’s attention, but also the broad reaching nature of, of Europe’s privacy law.

That privacy law, if you’re, I mean, obviously if you’re located in Europe and offering goods and services to people in Europe, you obviously have to comply with the law. But for people outside of that country, Or outside of that continent. They need to, that law can apply to you the moment you start tracking or monitoring the behavior of a resident of the EU or

Donata Skillrud: offering goods or of services

Hans Skillrud: in the eu.

Yeah, that’s true. But the monitoring or tracking in particular, I think has really caught people’s attention. ’cause everyone’s all of a sudden I have a website, like in theory someone from Europe could come there. Do I have to comply with the law? It’s if you’re tracking them. Yeah.

And that broad reaching nature is really what I think caught people’s attention. And the fact that people are getting privacy rights and. Now we as website owners have to deal with it. And you know, I personally think regulations, I, I don’t, I’m not a huge fan of regulations, but privacy rights are something I’m a big fan of.

I do believe people deserve privacy rights. I certainly wish it was being done differently, but the reality is we as business owners just have a responsibility to respecting our website visitors’ privacy rights.

Donata Skillrud: Yeah, and I think, if I can clarify one thing about G D P R, just because your website could accidentally, you know, through no fault of your own be accessed by someone in Europe, that doesn’t mean that G D P R applies to you.

So it’s only if you offer goods or services there. So let’s say you offered lead website in French or. France is one of the dropdowns on your address menu when people are entering payments or, you know, you offer a tourism service in the eu or you have a special phone number that people from the EU could call or if you’re tracking the behavior residents of the eu.

And that applies with services like Google Analytics services like heat map tracking things like that. So if you are using those services, G D P R can apply to you as well.

Chris Badgett: What’s a simple explanation of the difference between what a privacy policy is? We’ve been talking about that a lot, but we haven’t talked as much about terms and conditions.

What are, how are, what are these two, what are the two jobs to be done here?

Hans Skillrud: Absolutely. Yeah. Yeah. Good one. A privacy policy explains to your website visitors what personal information you collect, who you share that data with, if you sell that data and of various other Details regarding your privacy practices of your business.

So in other words, a privacy policy helps you comply with privacy laws, a terms of service, otherwise known as terms and conditions terms. I know there’s another one in there. T N C. Yeah. T o Ss. Yeah. But terms in general, explain to users the rules of using the website. So unlike privacy laws that have you disclose exactly what they tell you to disclose, a terms is more so a means to limit your liability as a website owner.

So terms I like for virtually any website because you can have little statements in there Hey, we offer links to third party sites. We’re not responsible when you click on one of those links. So if you click on that link and that site gets hacked and you get hacked, You can’t come back and sue us.

That one little statement is a good example of the countless statements you can add into a terms. But the reason why it’s extra important for l m s systems is because terms can also explain your refund policy, your cancellation policy, if you do happen to ship anything, your shipping policy. It explains the e-commerce relationship you have with the buyers and explain and explains to them.

How you run your business and what to expect if you are happy with the service or if you’re not happy with the service.

Donata Skillrud: It also explains subscriptions. Yes, so there’s some laws out there like California’s Automatic Renewal Law. The Federal Trade Commission’s negative options offers guidance, which basically say that unless you provide certain information to a user before they sign off for a subscription, That subscription will actually be considered a gift to the user, and you’ll have to refund them whatever they paid you.

So if your course is something where somebody pays you once a week to get the course, or once a month or whatever to get the course, you wanna make sure that you have those disclosures within your terms of service regarding subscriptions. Or it could be considered a, a violation of those particular laws and then could be considered a gift to the consumer.

So you’d have to refund them and they still get the course.

Hans Skillrud: So just to summarize that as simply as I can, privacy policies are to comply with privacy laws, terms of service are to comply with consumer protection laws and to help avoid you from getting sued from your website.

Chris Badgett: In terms of, that’s a really good explanation in terms of pricing.

I see people get hung up on that a little bit. Oh, what if I’m offering a subscription, I wanna reserve the right to change my prices even on existing customers. What, what can, how do we think about pricing in terms of terms and conditions? ’cause most. People change their prices over time and they, they’re allowed to do that.

But, but yeah. What, what, what would you say to that?

Donata Skillrud: Terms of service can say that you reserved the ability to change your prices or to correct incorrect prices. So let’s say you were putting a price on a course and you forgot to add a zero. You know, you have the right to correct that price to the right price if you make a mistake or to change your prices over time.

That’s not something that’s unnatural or not normal. In a course of business businesses always change their pricing or change their pricing models or different packages that they offer. That’s totally normal, you know, just make sure to notify people before you do it.

Chris Badgett: Can you speak to, I see you have automatic updates and email notifications.

As a as a, as a type of document. But I think people get hung up a little bit around email itself you know, the unsubscribe laws, but what about transactional email, like a receipt email, and when do I have the right to email somebody or put them on an email list and all this kind of stuff? How does it, how does email fit into all this?

Donata Skillrud: So it really depends on the privacy laws that apply to you. So each law has different criteria for what you can email and what you can’t, but generally speaking, so you have two types of emails. The first type of email is the transactional email, right? So if I. Create an account with someone and I want to reset my password.

They have to send me an email to reset that password, or I have a payment that’s coming up, you know, they have to be able to send me my invoice, right? Those types of emails are, should be separated from all other kinds of emails. And the other kinds of emails, what we would consider marketing emails, right?

So those are the ones where usually you would have to get consent. So under most privacy laws, you have to get consent to send email marketing to people. And what that means is, You know, having people agree to your privacy policy or having people and or having people select and agree to receive promotional emails, right?

And those two choices are usually separated and the user can click to agree. Don’t do opt out. So if the box is pre-checked, that’s a problem because the user never actually consented. You just precheck the box for them. So make sure that the boxes are unchecked by default. And make sure that you are actually respecting their choice.

So if they didn’t opt into receiving emails, Don’t send them the emails if they opted out or unsubscribed, you know, don’t send them emails. And all emails at the bottom should have an unsubscribe button. And that button should not be hidden, so don’t hide it behind a background that looks the same as the font for the unsubscribe.

A lot of companies do that. Please don’t do that. You know, and then when somebody clicks, unsubscribe. They need to be actually unsubscribed or taken to a page that allows ’em to unsubscribe. Describe and make sure that those options are very clear and easy to understand.

Hans Skillrud: We were we were at Disney World because we, we went down there for an event and it included tickets to Disney World.

So we went there. First off, they, they take your fingerprint id, which I, I find very concerning to enter a theme park. I don’t feel like I need to provide my fingerprint identification. But aside from that fact, once we got done, I started receiving emails from Disney World. And I unsubscribed, and then I unsubscribed again and again and again.

And eventually I filed a complaint with them. I was like, look like please stop. I, I don’t, I’m, I’m not, I’m not your demographic. Like I, I, I just happened to go there ’cause of an event. And they, and I think it was like seven days after I submitted that request, I stopped receiving the emails. But that’s the type of annoyances.

That we’re talking about here. You know, that’s the type of stuff that no one likes. I don’t think anyone loves spam emails. I, have yet to meet anyone except those YouTubers who like stalk spam. And I don’t know if you’ve ever, those are, can I

Donata Skillrud: go on a tangent real quick? Sorry. So this makes me think of something.

Google was recently fined they settled a case for $39.9 million with the state of Washington. And this wasn’t under any privacy law. This was under Washington’s Consumer Protection Act, which is a consumer protection statute. And what happened was that Google. Continue to track people’s location even after people said no.

So I guess in Google accounts, and I recently read this lawsuit, which was just fascinating in Google accounts, if you wanna opt out of location tracking, there’s three different places to do it. And if you turn off location history in one place. You’re still being tracked on your device. Even though you’re not tracked on your account, which consumers did not understand.

So basically they got fined for violating the consumer protection statute for continuing to track people even after they said they don’t wanna be tracked. And I think the same thing can be applied to email marketing. You know, if people want to unsubscribe, they shouldn’t have to go to three different places to unsubscribe.

It should just be one place. And then once you unsubscribe, you don’t get the emails

Hans Skillrud: anymore. Yeah. And there’s nothing wrong. For the record, everyone, there’s nothing wrong with sending emails, sending relevant emails are great and valuable. You know what we’re talking about here is just making sure you send emails to people who’ve opted in and asked to receive emails.

I mean, not to mention, those are probably your higher caliber customers or leads in the first place. Yeah, so some to take into consideration.

Chris Badgett: There’s a funny thing that I see happen in the, the subject matter expert industry, particularly in certain niches like finance, health and fitness type stuff.

Where like at the beginning of this show we gave a legal disclaimer none of this is legal advice. There’s a lot of like health coaching on the internet now, but a health coach, my understanding of it is, They can offer advice and experience, but they can’t prescribe anything. There’s like certain nuances to like what constitutes you know. What’s governed by the medical laws or whatever.

And the same like in finance, like if you wanna learn about investing, you watch investing YouTube channels, they’re constantly saying, this is not financial advice. Consult your financial advisor. The funny thing about it is some of the best people. Are the most concerned with that stuff. The people that are the really good, you know, finance wizards or health advocates that just don’t want to end up in a illegal mess or whatever.

Yeah. Do you have any general advice here? Yeah.

Donata Skillrud: Yeah. The, the Federal Trade Commission is increasingly cracking down on this type of stuff. Because there’s been a lot of consumers that have been harmed by. Wrong or, or incorrect advice or you know, things that people told them to do that didn’t work for their situation.

So I think they’re trying to avoid that Federal trade commission enforcement, but I think they’re also trying to avoid, I. Being mistrusted by their audience because when they provide that disclaimer to me that says. Hey, this is a person that has thought about this. Yep. This is a person that knows that not all advice is applicable to all people.

Yep, exactly. And this is a person that that takes this seriously. And I think that helps establish trust with their audience as well. At least for me, maybe I’m different ’cause I’m a lawyer and Hans, you have a different opinion on this. No,

Hans Skillrud: I. I completely agree. When I see someone give a disclaimer, I actually am already off to okay, I, this person’s.

At some level of professionalism already. And then, you know, I, I hear them out. But the reality is we, you know, things it, especially with like live. Live podcasts, something could be shared that was not a hundred percent like the most accurate statement and people could misinterpret it. Then go do something that harms themselves or their business and, and that’s the type of stuff I think experts try to avoid.

From misconstruing, like having people think, oh, I now understand everything about every privacy law under the sun, for example. That’s impossible to do in one hour.

Donata Skillrud: Yeah, because every single piece of advice doesn’t work for every single person. If we say, Hey, you need to be compliant with G D P R.

Yeah. That applies to mostly everyone. But what if you don’t need to comply with gdp d r, like the law doesn’t apply to you. Then that doesn’t apply to you. So I think the fact that

Hans Skillrud: C P R A under certain circumstances require you to have a toll free telephone number to opt out of the sale of information like that one little detail. It’s super required for the people who are required to disclose it.

But if it doesn’t apply to you, why stress the person out and having to go get a retail phone number? Yeah, exactly.

Chris Badgett: For somebody who’s just starting out, let’s say the financial resources are tight or we’re just. They’re trying to side hustle an online course or coaching program. It’s not really proven yet. So they don’t wanna hire a big lawyer or anything.

But they do want to be compliant from day one. So they give, go to term mcg, giddon, they get their privacy policy and their terms and conditions up. Where, where else can they go to to get just a general. To level up their understanding of the legal stuff. ’cause it feels like it’s all over the place.

Like the FTCs over here, the state laws are over here. I just see it a lot where let’s say I’m a yoga expert or I’m a math teacher and I have no background in business or law or whatever. But I, but I’m concerned. Yeah. So not like where, where do I start? Just to make sure I can launch and not be worried like I’m making some huge legal problem.

Hans Skillrud: Yeah. So if you’ve decided that, look, I can’t, I, I want an attorney, but I can’t afford ’em right now. I’m just too early. And you’ve decided, okay, I’m gonna sacrifice legal advice and use a tool like term again. I would make sure you’re selecting a privacy policy generator that’s Very focused. I guess, on, on providing comprehensive policies you know, look up the background, who’s behind the company.

Do they often talk about what’s happening in changes in privacy law? Are they active on social? Are they providing free assets and free material to, to review? So our blog, for example, is a great resource. I think I mentioned it earlier in this call, but Montana passed their privacy law three days ago.

We had the compliance guide up. That day because we’ve been monitoring it since its beginnings.

Donata Skillrud: Yeah, we have a lot of compliance guides that kind of break down the basics of each law, which can be very helpful. And then we also dive deeper into some other kind of more nuanced topics within the blog as well.

Yeah. I think if you’re you know, that’d be a great place to start term getin.com on our blog. Another great resource is the International Association of Privacy Professionals ipp.org. So they have a lot of white papers trackers, as well as a news source. So they collate all of the privacy news and there’s a lot of them, which can be pretty overwhelming.

Yeah, it’s, but I would recommend heading to their resources tab where they have a lot of these types of resources, which can be very helpful as well. That’s a good one.

Hans Skillrud: Yeah. Good recommendation.

Chris Badgett: How do you guys at term McGinn stay up to date? Because it seems like it’s hard to have 50 states and other countries, all this stuff.

Like how do you do it?

Hans Skillrud: It’s me the whole time. It’s just me doing it.

Donata Skillrud: You do Literally none of it. So a couple different places. So we use a service called LexiNexis Statement. Which is kind of like Google alerts for bills. So we can set our topics. Like for example, one of ’em is privacy policy. So whenever a bill is proposed that has that text it sends me alert. Then I can track it throughout the legislative cycle.

That’s a really great resource. I also use the I P P as well as legis scan, which is another bill tracker. And then also I keep track of bills through help with my colleagues at the American Bar Association and the Chicago Bar Association as well, where you frequently talk about privacy laws.

So it comes from a lot of different sources, but the main source of alerts is LexisNexis statement. Yep.

Hans Skillrud: And Donato will never share it, but she’s the chair of the American Bar Association’s EPR committee, so 500 privacy attorneys report to her.

Donata Skillrud: So it’s a, a great time. So we try to work together to stay up to date with all of this stuff because it is a lot to stay up to date with.

Chris Badgett: Yeah, it’s wild. Could you touch on that 0.1 more time that you made earlier about how to think about location or Nexus? If you know we live here, but our customers here, how do we know, like they can view our, if they’re viewing our website, we don’t necessarily need to comply, but if we’re actively doing business, what’s, can you just explain that?

Donata Skillrud: Yeah, so it’s called availing yourself of the privilege of doing of doing business or having a connection with a particular state. So if you have a connection to a state, so let’s say you have customers that are located there. Or people from there have submitted their personal information to you.

So let’s say they submitted their email to an email marketing list and you’re actively trying to sell things to them, or you’re tracking them on your website, so you’re collecting their data to track them. That would be sufficient. Usually would be considered sufficient connection to a particular state.

So most privacy laws will apply when you do business in a particular state. That means you’re taking advantage of their infrastructure, their customers, their residents, to make money from that, right? So that’s usually a sufficient connection to established jurisdiction, which means that you could get fined for those particular laws.

Hans Skillrud: I think a lot of people are like, I’m, you know, I don’t care if Europe tries to find me to find me or something like that. And I’m like, why do you wanna live your life where, you know, you can’t travel to a certain part of this world because there’s a fine out for your business. Like why? Like I think a lot of people try to avoid privacy rights ’cause it’s stressful and I get that.

But I think there has to be some kind of acceptance eventually. Where people understand that like these regulations are here, if anything, there is a lot more coming. And it’s like for those who embrace it, like what you’re gonna be doing as a result is respecting your website visitors’ privacy rights, demonstrating professionalism.

Continuing to offer the same type of marketing and lead generation that you currently have in place. You’re just doing it with best practices in mind.

Donata Skillrud: Actually if I can add a couple things there. So fines are not the only tool that regulators have at their disposal. They can also make you delete the data and anything that you’ve derived from that data.

So let’s say I have an email marketing list of a hundred thousand people and 90,000 of those were obtained. In violation of certain privacy laws they can ask me to delete that 90,000 and I would have to delete it. And then two as well. I think it goes into the idea that If you were to sell your business, right?

So a lot of people start a business with the idea that eventually they would sell it and not, you know, work there till their dying day. I know there’s some of us that are like that, but others aren’t. But you know, one of the things that the company buying you will do. As part of their due diligence is say, Hey, were these emails, were these customers obtained legitimately?

And if you can’t prove that they consented to that, then the value of your business goes down as well. Because if they’re buying a list of 10,000 customers, but they can’t email any of them, you know that value goes down. There are no customers. So that’s something to think about as

Hans Skillrud: well. That’s a good call.

Chris Badgett: This is great for those out there listening, if you’re thinking, I want to protect my business from fines and lawsuits in 30 minutes with mcg. What should they do next?

Hans Skillrud: Yes, I guess as a salesperson, I’d love to put in a delicious plug to the business. But yeah, so term again is $99 a year and includes a full set of policies, a cookie policy too, a cookie consent solution, and an end user license agreement.

But that tends to not be needed for the typical l m s user $99 a year. I do want to note we exercised our own terms. Rights and our our pricing is changing to $119 a year starting July 1st. Look if you’re meaning to get around policies and you are wanting to get set up with term, again. I then I would recommend checking us out before July 1st before our price goes up 20 bucks a year.

At least your first year will be discounted. Yeah, that’s how it works.

Chris Badgett: Thank you so much. I just wanna say thank you, this is so needed. You know, any serious lms site needs to have a privacy policy in terms and conditions. It’s not really negotiable. I, the worst thing that I see sometimes I go to what somebody’s website and those pages have Lauren Ipsum text on there.

Oh boy. Yeah. And that, and that might be a business that’s been going for a while. So this is something to not ignore. Go to term mcginn.com. Check it out. Hans and Don, thank you for coming on the show. I appreciate what you’ve built here. This adds a great service and a great value to the experts and WordPress professionals out there.

We’ll have to do this again sometime and keep doing what you do and helping us all stay safe from fines and lawsuits. We really appreciate it.

Hans Skillrud: Absolutely, Chris. Yeah, thank you for having us. Thanks so much and thanks for the boat of confidence. Yeah. There’s many o other solutions out there, but yes, we’d love for you to consider Turin.

Thank you.

Chris Badgett: That’s a wrap for this episode of LMScast. Did you enjoy that episode? Tell your friends and be sure to subscribe so you don’t miss the next episode. And I’ve got a gift for you [email protected] slash gift. Go to LifterLMS.com/gift. Keep learning. Keep taking action, and I’ll see you In the next episode.