Substance and Style

If you’re running a website, the last thing you need is a legal issue to shut you down or break your bank. The issues are complicated, and rules vary from industry to industry, as well as by company size and location. In the United States, rules even vary from state to state, with California enforcing a wide range of privacy laws not just for websites based there, but websites being accessed from there. Many laws don’t apply to companies of 25 or fewer people; however, being small generally does not preclude civil litigation, future consequences, or industry-specific issues. It’s best to be as compliant as you can be. Here are five common mistakes you need to avoid (this list is by no means comprehensive, and does not constitute legal advice <- see what I did there?):

1. Using content that isn’t yours. This can get you into trouble and have you paying hefty fines no matter who you are. Regardless of the size of your business and whether you’re profiting from it, plagiarism is no joke.
   If you’re using stock photos, artwork, licensed music or video, or any other content you purchased for use, make sure you have thoroughly read your contract or agreement, that you’re giving proper attribution when needed, and you’re not using the content for anything beyond the scope outlined in your agreement. This means if you purchased a photo to use on your website, you cannot post it on social media without further permission, etc.
   If you hired a designer or writer for your site or any other project, make sure you fully understand that contract as well. You may have to pay extra to license the works you’re using on your site. Many people are surprised to find that they don’t own the rights to their own logo, for example. Unless it is explicitly stated in writing that the rights have transferred to you or that your website is an allowable use, you must negotiate with the designer for additional rights or pay a licensing fee to use the artwork. If you hired a writer to post on your blog, do not share that post on social media without checking your contract. If you hired a writer to write a case study, do not post that study on your site without permission. And so on.
   
2. Violating privacy. Privacy is a huge concern, and the rules are only getting stricter. You probably don’t read every set of terms and conditions you agree to before using apps or every privacy policy you agree to by using a website, but if you’re using cookies or collecting or keeping data for any reason, you certainly need to provide those documents.
   If you’re selling data, you need to be especially transparent. If you’re using cookies in conjunction with google analytics or a similar service to improve marketing, you must disclose that information. If you’re using cookies to customize user experience with targeted content or even the option to be remembered on a device so additional logins aren’t required, it all needs to be spelled out. If users submit a form on your site to subscribe to a newsletter, you need to let them know how you will use that information. And so on.
   It’s best to expressly state what data you’re collecting, whether you’re using cookies and for what purpose, how you’re storing and protecting information, how and when users will be notified in the event of a data breach (usually, the requirement is within 72 hours), and how users can opt out of data collection and storage. If your privacy policy is a section in your terms and conditions, which people must accept by checking a box, that box may not be checked as the default state. While a terms and conditions page is not mandatory in every situation, you can use one to limit your liability, state allowed uses of your site, and specify how problems will be handled if and when they arise. If you don’t have expertise or experience in these issues, it’s best to get a professional opinion.
   
3. Not considering accessibility. Websites run by US governments, large companies, and businesses operating in certain industries must comply with the Americans with Disabilities  Act. Chances are, you probably aren’t legally required (yet) to meet accessibility standards. That said, you almost definitely will have to in the future. Additionally, not doing so can alienate your customers, and making your site accessible is just the right thing to do. If your site needs a complete overhaul to be accessible, start with high impact actions that don’t take a lot of time or resources: make sure your text has good contrast with the background, add alt text to images, make sure to include captions or a transcript of videos, and make sure your site can be navigated using the keyboard. Read this post for simple ways to make your site more accessible, and visit this site for more accessibility resources.
   
4. Improperly handling sales. Failing to properly handle and secure financial data is one of the worst things you can do. It violates the trust of your customers (oftentimes leaving them with long-term consequences of identity theft) and leaves you open to major financial liabilities. At a minimum, you need to provide basic precautions like limiting any pages used for commerce to those using https (the secure version of http), and keeping current SSL certificates. Additionally, your transactions must meet the Payment Card Industry Data Security Standards (learn more here).
   The bottom line is that most companies should be using a third party payment gateway so that they aren’t personally securing financial data. Services like Stripe and PayPal handle the encryption of financial data for you for a small per-transaction fee that is very much worth it.

5. Not following industry standards. Many industries are governed by their own set of rules, and it’s important to follow them. Some are fairly obvious (anything medical, legal, or financial in nature must follow strict rules about privacy, wording, etc.), and some are less so (in some states, nonprofit organizations must provide certain disclosures, contractors must provide their license numbers, etc.). It’s important that you check into industry-specific requirements. While everything in this article can be damaging, failing to follow industry standards can result in additional repercussions to licensure or ability to practice one’s chosen profession.