The heady, anything-goes days of the early internet are gone, and company websites are now legally and ethically required to meet compliance standards. As the business owner, you are responsible for ensuring the privacy of your web visitors is protected and that your website is accessible to everyone.
Fines for non-compliance can reach millions of dollars
For websites found to be non-compliant with privacy and accessibility standards, there are fines, sometimes as large as $170 million. Yes, really. Ignoring compliance standards is a risk your business can’t afford. Here’s what you need to know to meet privacy and accessibility standards and ensure your website operates legally and ethically.
The world’s privacy laws affect your website
Governments of large and influential countries worldwide have enacted strict privacy laws, including Australia, the European Union, the United Kingdom, and Canada. Your business may be located in the US, but if you have even one website visitor from any of these countries, your website is still legally responsible for meeting that country’s privacy standards.
The landscape is changing in the US, too. Three US states (California, Colorado, and Virginia) have adopted internet privacy laws for their citizens, and almost every other state in the country is considering the implementation of similar laws. Each internet privacy law is bespoke to that state, and each one will require you to meet different compliance standards for any website visitors from that location.
If you’re not actively pursuing privacy compliance, you’re probably in violation of at least one regulation.
If you’re not actively pursuing privacy compliance, you’re probably in violation of at least one regulation. Penalties vary for each law, but if, for instance, you’re found to be in breach of the EU’s GDPR, you could be subject to a fine of 4% of your annual revenue. GDPR penalties have increased sevenfold in the past year.
Your website must be accessible to visitors with disabilities
Part of the Americans with Disabilities Act (ADA) prohibits discrimination in the accessibility of businesses. Though originally intended to ensure all citizens could access a company’s physical location, the law is now being applied to websites as well.
Any public-facing business needs to ensure its website is accessible to people with a disability.
This means that websites that are not accessible to all visitors could be required to redesign, pay fines, and pay legal fees to the complainants. Any public-facing business needs to ensure its website is accessible to people with a disability.
Because the ADA has not been updated to explicitly address website access, meeting accessibility compliance standards can be hazy. This ambiguity leaves businesses wide open to lawsuits claiming that their website isn’t accessible, but courts seem to favor companies attempting to follow recommended standards.
However, I think it’s important to think about accessibility beyond compliance. Around 57 million Americans (or around 18% of the entire population) have impairments that impact their ability to use websites. Not only should you want to help them get around your website, but you also don’t want to lose their business to a competitor who has made accessibility a priority.
It’s in your interest legally, financially, and ethically to make a website as compliant as possible.
What you need to comply
Overwhelmed yet? Don’t panic. You can do these three things to ensure your website meets every type of compliance. We’ll start with accessibility.
1. Accessibility
Meeting accessibility standards is a bit of a minefield. Guidelines outlined here by the Web Accessibility Initiative while well intentioned are hard to understand, and even harder to implement with confidence (especially for someone who’s not trained). These guidelines essentially require that your website design strives to be:
- Clearly seen and read by all visitors, including those with impaired vision
- Responsive and operable for all users, across most browsers and mobile devices
- Intuitively organized and written in easy-to-understand language
- Able to integrate with “assistive technology” tools that help visitors with disabilities use your site
Meeting accessibility standards can be tricky, as the goalposts always seem to be moving. But starting with a full audit and complete remediation is a good place to start and show that you are making effort to make your website accessible.
2. Privacy policy
Compliance with worldwide privacy regulations, including California’s privacy laws, compels websites to provide a privacy policy on their website. A privacy policy explains to users:
- What data you collect
- Where it’s stored
- What you intend to do with the data
- What third-party apps are also collecting data (if you’re using Google Analytics, you should consider switching to a privacy-compliant option)
- How you share data with your third-party apps
- Links to the third-party apps’ privacy policies
It should also provide a way to reliably contact your company, such as an email address, mailing address, and phone number. And critically, a privacy policy should include a way for visitors to opt out of data collection.
A link to your privacy policy should be easy to find on every page. Placing a link to the privacy policy in the footer of each web page meets this requirement.
It’s also important to note that it’s not enough to create a privacy policy, plaster it across your homepage, and forget about it. Privacy laws are changing rapidly. If you’re not constantly monitoring the shifting regulations, you’re likely to fall into noncompliance.
3. Cookie consent
“Cookies” are small files that provide servers with information about each user that visits your website. They gather information such as username and password, physical location (based on a user’s IP address), and items a user may have put in the shopping cart to make using your website more convenient.
But cookies collect lots of data, and concerns have grown over the amount and use of that data. Privacy laws now require that each visitor explicitly consents to the cookies used on your website. Passive consent – the once-popular disclaimer stating that a user agreed to data collection just by being on the site – is no longer considered legal.
Cookie consent is usually obtained by a popup box that appears when a user first visits your website. In this, you must list each type of cookie that your website uses and require express permission for each kind. Users must physically click their agreement to each type of cookie, and having their acceptance “pre-checked” so that they have to uncheck each box to opt-out is not legal.
Privacy and accessibility protect you and your visitors
Rapidly-changing attitudes to online privacy mean that new laws are being signed on a rolling basis, and each includes unique requirements for businesses to meet compliance standards. It is almost impossible to keep up with the pace for a small to medium-sized business without a legal and IT team dedicated to meeting all those requirements.
But I can help. I design each website with accessibility standards in mind, and I make it my business to keep atop the shifting online privacy sands. I can help you build a web presence that is inclusive and safe for your visitors, protecting your business while safeguarding and respecting your customers.
If you’re ready to create a website that’s beautifully and responsibly designed, you can get started by filling out my project inquiry form here. We’ll schedule a call to discuss your needs and see if I’m a good fit for your project – no strings attached.