How To Honor Data Privacy On Your Website
What is Data Privacy?
Honoring data privacy on your website refers to having a website that meets the new laws that have gone into effect to protect consumers’ contact information. Laws like the European Union’s GDPR (General Data Protection Regulation) that went into effect on May 25, 2018; and the CCPA (California Consumer Privacy Act) that went into effect January 1, 2020. Both of these laws have changed the way that companies can handle the data that is collected by their business website. These laws are intended to help protect the individual using the internet by strictly regulating how a business handles its customer’s personal data. Both the CCPA and the GDPR give regulators the power to impose fines on companies who fail to meet these requirements.
What is Data Privacy Compliant Design?
Why is Being Data Privacy Compliant Important for Your Business?
The way the data privacy laws are currently written, the responsibility for such data collected is that of the company or brand that owns the website. Many small business owners believe that because they use such seemingly popular web design programs or a skilled developer, these liabilities are managed for them through these other parties. Unfortunately, that is a misconception. If data is collected on your company website, your company is responsible for maintaining and managing the data collected. Your developer or the third-party programs are only liable to a commitment with you, not each of your website visitors or customers. If data is lost or stolen, it is your company that your customers will hold responsible for the state and federal fees charged for identity theft protection. Additionally, if a data breach is tracked to your website, you will be fined not only for the one customer but for every customer record in your database. So think about it. On average, fees start around $200 per record. In doing quick math using the data records hackers may have had access to on your website … well, it can get costly for some small businesses. The more you are prepared in your design, the less risk you have down the road.
How to Protect Your Company
Follow the Data
The best way to protect your company is to simply follow the data and question everything. Even if your business is located within the American borders, if there is a potential your website is visited by members of the European Union, then I recommend you be precautious and make sure you comply with the GDPR. Each form created, or plugin used – identify who has access to your company and visitor information – even if its for technical support purposes. You have the right to question your developers and the tools they use since your business holds the greatest risk.
Minimize Form Entry Where Possible
While we are in a time of automation, and collecting data digitally may sound like a good idea – think this through. One of our clients worked with children and wanted to have all of their event registration forms online. While it sounds logical and a huge time-saving venture – especially for a small organization, the fact that personal information about minors was being digitally collected, had two things working against them. 1) We were talking minors – a big legal no-no. 2) It was cost-prohibitive for them to invest in a cyber-insurance policy to mitigate the potential risks. Instead, we recommended making accessible a PDF version of their form and gave parents a central location to easily access this form that they could download, complete and bring with them when their child first visited their location. This strategy provided the same end result for functionality – just much less risky.
Consider Consulting With A Professional
Many smaller businesses take the inexpensive route when it comes to their online presence. In today’s market, the stakes are much higher, so I do recommend working with a professional web developer or someone with technical experience who can evaluate your site for the functionality it has and determine if there are hidden security liabilities for your business. I say this for two reasons:
1) The Web Development World Is Like The Wild-West. Unlike other professions, there are zero validations, licenses, or State Board tests that web developers have to pass on a regular basis to validate that they are staying up-to-par with their industry and meeting security standards to protect the customers they serve. In fact, there are many agencies/designers who simply hand over their design to third-parties to code, trusting that they are doing things right because it looks good and works for the right budget – but this is risky. We have been called upon to rebuild a large number of websites because they experienced perpetual errors on their website. Turns out, these errors happened because a back-door in the code was left open primarily due to custom settings in the design code to accommodate the layout or the functionality of the design. In other cases, basic security measures were simply never taken, validating that someone either failed to do quality control, failed to keep up with industry standards, or purposely intended to create an environment they could access later for maybe share with their hacker friends. While I enjoy consulting with people about their web presence, it really disappoints me whenever I encounter such inconsistencies in skills and security measures. I can tell you from experience, that it is almost always better to start over with a new design. Again – I said “almost” – but depending on the situation, I feel is the safest route to take to ensure you eliminate all of the errors and get a clean, more secure foundation.
2) Ultimately, Your Company Website Is Your Responsibility. No matter who you hire to create your website, or what third-party tools they use or add to your web page if their program or code experiences a breach – your company is now responsible to your customers or web visitors if their data is stolen. As we mentioned earlier, this can get costly if you are left unprotected. While there may be a chain of finger-pointing that can happen here, the one that matters most to your business is going to come from your customers and what you are doing to honor your customers and their data. It is in your best interest to work with a professional who is knowledgable about data privacy standards and is discussing with you the best options to minimize your overall risk.
I hope you found this information helpful and will consider sharing it with your contacts. The more that we work together as a community to bring awareness to such important topics, and identify strategies on how to reduce risks, the more we support the small business community and contribute to a safer internet environment.
Until next time, “…watch your data!”