We users of websites, social media, apps, financial portals, ecommerce websites and blog articles – pretty much all things internet – must deal with growing waves of policy statements, permissions and consent forms in order to proceed to the content.
Site owners are inconsistent on these policies. At Northwoods, we’ve created, developed and updated many websites over the years, and found that some clients post policies and some don’t. We’ve seen policies that are out of date.
So what policies should a site owner post? Let’s focus on the policy pillars – the bare minimums:
- An Accessibility Statement
Here we’ll clarify these policies and try to explain the intent behind them.
What’s wrong with this practice?
Site owners must consider the following basic questions and disclosures:
- Who owns the website? The business name, address, etc. Basic contact information.
- What data does the site collect? How is it collected?
- What is the legal basis for the collection of data? Cookie consent, for example, might relate to data necessary for your service offering, for legal obligations, etc. This is more related to the GDPR and EU Law. But even if you fall outside GDPR obligations, under many other jurisdictions, you’ll probably need to say why you’re processing the personal data of users.
- What is the purpose of the data collection? Are you collecting data in Google Analytics or other tracking services to improve the user experience? Are you collecting data for a marketing automation campaign?
- From what category of sources do you collect consumers’ personal information? This, too, relates especially to the California Consumer Privacy Act, or CCPA.
- Which third parties will have access to information? Will any third parties collect data through widgets and/or integrations? Think social media, Facebook Connect, etc.
- Will there be data transfer? Where applicable, details of cross-border/overseas data transfer and measures to facilitate this in a safe and compliant way should be transparent. EU and Australian laws explicitly require this disclosure. Additional requirements apply to cross-border transfers in the EU’s GDPR and Australia’s Privacy Principles, or APPs.
- What rights do users have? Can users request to inspect the data you have collected from them? Can they request to rectify, erase, or block their data? Under European regulations most of this is mandatory.
- What is the effective date of the policy? When was the policy published or updated?
All who offer goods and services online should have a Terms and Conditions agreement on their website. Terms and Conditions agreements set out exactly what you'll offer your customers and what you expect from them in return.
Some basic functions of a Terms and Conditions policy:
- Limit your liability. Especially important if you offer warranties, returns, exchanges, etc.
- Regulate user behavior. Example: prohibition of user reuse of imagery, content, etc., without express written permission of your organization.
- T&C agreements make it easier to prove deliberate copyright or trademark infringement and easier to favorably resolve intellectual property disputes.
- Termination of a user’s account for abuse. No one likes to cut off a customer, but bad actors are out there.
- The right to withhold service. Again, bad actors.
- User trust factors. If you were buying at a site without Terms and Conditions, would you trust the site? User perception matters.
If you want to protect your brand assets and your content, explore a Terms and Conditions policy. Again, though, check with your legal department. Visit this site to see how to write terms and conditions.
One in five Americans live with a disability, according to a variety of published reports, including the Centers for Disease Control and the U.S. Census. Why is this important in our field?
Those with disabilities often rely on assistive technologies to fully access the internet. These technologies include mouse alternatives, screen readers and unique browser preferences. Organizations that receive any federal funding, including public schools, must have accessible assistive technologies and meet other criteria, such as proper color contrast between text and background colors. International websites that target Canadians and Europeans, among other nationalities, typically must be built with accessibility in mind. Such countries often require websites to pass accessibility audits.
Recently, internet trolls have started searching for websites that are not fully compliant with WCAG 2.1 Level AA guidelines. Targeted businesses have faced lawsuits; settlements have ensued, even for entities that receive no federal funding.
The lack of a prominent Accessibility Statement attracts these trolls. Regardless of legal ramifications, it’s just good practice to make your website content accessible for all users to the best of your ability.
A challenge here is the many levels of compliance within the Website Content Accessibility Guidelines. Some of them demand significant computing power, and thus are more difficult and expensive to achieve. Furthermore, many of the guidelines have more to do with how content is maintained. Still, accessibility statements are worth it. Such a statement on your site implies good intent. It demonstrates a commitment to providing accessible content for all.
Let’s assume you have at least tried to make your website accessible. (If you’re not sure, you can always contact us for a free evaluation.)
Your accessibility statement should be prominently displayed – perhaps in the footer of your website so it can be easily seen across your site. Even if you are unsure about your current level of compliance, this statement tells users that if they can’t access or consume content for any reason, they can easily contact you for assistance. It’s a good idea to at least provide users with a dedicated email address, such as firstname.lastname@example.org, as well as a phone number.
A public policy on your website shows your company’s commitment to universal access. This simple statement creates confidence with users. It tells them that they are an important part of your target audience.
Reference the W3C Web Accessibility Initiative website for more information on developing organizational policies on web accessibility.
Many policies beyond the three policy pillars discussed here matter to site owners and users. But this basic knowledge will go a long way to ensure protection of both your organization and your users. If both parties understand their rights and responsibilities, both can enjoy peace of digital mind.