Photo I Matt Wright
Julia Becker Collins is the chief operating officer at Northborough marketing agency Vision Advertising. She can be reached at julia@vision-advertising.com.
Updated: 8 hours ago
Advice
Small business websites and data protection: What you need to know
By Julia Becker Collins
Twenty years ago, having a website was the gold standard of a successful business. Today, it’s the price of entry.
Whether you’ve had a website for years or just started, many business owners have the same blind spot when it comes to their website: not keeping up with regulations, protections, and trends. One of the big ones today is consumer data, and I’ve seen clients with dated websites that are being penalized or even blacklisted due to simple website changes they’ve failed to introduce.
From tracking cookies to filled-out forms, your website collects customer data. You might be ignorant of what your website’s pages, plugins, apps, and forms collect, but that doesn’t make you immune to regulations. You’ve seen the trends on other websites: pop-ups about tracking cookies, opt-ins on email signups, and additional data-related agreements on forms. You need to have them on your website as well.
While Massachusetts has some specific laws concerning standards for data security and announcing data breaches, Europe’s General Data Protection Regulations and California’s Consumer Privacy Act have significantly stronger protections for data. If your business collects data from EU or California residents – even if you’re based in Massachusetts – you need to comply. That means clear privacy policies, consent for data collection, and an easy way for consumers to opt out.
Under the above laws, customers can ask for a copy of the data you store or even for it to be deleted. Businesses that share customer data must offer an opt-out, and under CCPA, minors require explicit opt-in before their data can be shared. Failure to comply with consumer data requests or official GDPR & CCPA notices within 30 to 45 days can lead to steep penalties, starting at $2,500 per violation all the way up to percentages of annual business income.
What you do with this data is also important: selling data comes with its own issues, including the need to ask consumers to do so and provide opt-outs explicitly, and if you collect emails and then use them for email marketing, you’ll need to follow CAN-SPAM Act regulations to avoid the possibility of penalties when you hit send.
Old websites haven’t kept up with the risks posed here. Do you use tracking cookies without explicit consent? Allow form submissions without a privacy disclaimer? Do you have a privacy police on your site? Do you know if any of the plugins or apps on your website do? If you’ve answered no to any of these questions (or don’t know), you’re at risk, even if you’re a small business. These are common issues I see when consulting with potential clients about the shortcomings of their current website.
Good data protection is also good marketing. Making sure your customer’s data is sent and secured isn’t just important for regulations, it’s also for search engine optimization. Google and many browsers restrict or even blacklist websites without HTTPS. As these practices become the norm, having these is a green flag to people who want to do business with you, especially when it comes to providing private information. It’s an easy way to build trust with consumers.
WBJ Web Partners
Most Recent
Most Recent
0 Comments