Why Website Compliance Can Easily Unlock Guaranteed Growth

Group of confident businesspeople working together in a modern office on website compliance

How Website Accessibility and New Privacy Laws Are Actually a Competitive Advantage

As an existing business or new startup, the first thing that comes to mind when you consider your small business website design is probably not website compliance.  Rather, your mind is probably racing through a myriad of thoughts, such as:

  • We want a great website design, something that makes our company look modern.
  • The website must work on mobile devices as so many people do research on smart phones today.
  • What should be on the website?  Do we just copy the content from our PowerPoint pitch deck?

And so on.  The furthest thing from your mind is website accessibility, website privacy policies, cookie consent, and website security.  However, the past several years have been a turning point for these topics, making them far more critical to your entrepreneurial growth from a legal perspective, a website user experience, and even how you rank in major search engines like Google, Bing, and DuckDuckGo.

Table of Contents

Disclaimer: TriValley Internet, Inc. DBA Terzetto Digital does not provide legal services or advice.  The content on the Terzetto Digital website is for informational purposes only. It is not intended to substitute for advice from qualified legal counsel, nor is it to assist you or help you be compliant as you assume 100% responsibility in all legal matters.

What is Website Compliance?

To comply generally means to meet a specified standard.  When we talk about Web Compliance, it is in reference to any Internet based activity that your company participates in or makes available to your prospects and customers.  The most obvious of these would be your company website but can also mean your email communication or social media presence.  But wait, in all the blogs you’ve read about starting or running a successful business, no one has ever mentioned website standards? That’s because it’s a moving target, which is why website compliance is so complicated. In the United States, there is not a central government entity that regulates websites.  Instead, there are multiple federal and state agencies that create laws to protect consumers depending on the agency’s jurisdiction.  For example:

Hands holding a chalkboard with compliance words like website policies, rules, regulations, and laws
  • California Consumer Privacy Act (CCPA) – Regulated by the State of California Department of Justice, this law became effective on January 1, 2020. While much more complex a topic than can be covered in this article, the basic idea behind CCPA is that it gives residents of California the following rights with regard to their personal information:

    1. The right to access the personal information that has been collected about you.
    2. The right to know whether your personal information is sold or disclosed and to whom.
    3. The right to say no to the sale of your personal information.
    4. The right to request deletion of the personal information that has been collected about you.
    5. The right to equal service and price, even if you exercise your privacy rights (a business can’t charge you more just because you asked them to delete your personal information).
Close-up of justice mallet and block letters CCPA the acronym for California Consumer Protection Act
  • Americans with Disabilities Act (ADA) – Established in 1990, it’s both a civil rights law that protects against discrimination of Americans with disabilities, plus imposes physical accessibility requirements in the workplace and for accommodations in public transit or buildings. Because of ADA’s broad nature, Drawing on chalkboard of balanced scale with person standing on one end and wheelchair at other end there are multiple government agencies that enforce ADA laws. While the ADA does not directly govern website accessibility, the principle behind the law still applies. In other words, reasonable accommodation in website design can level the playing field to give people with disabilities the same rights and opportunities to use your website as their non-disabled peers.
  • California Unruh Civil Rights Act (Unruh Act – Originally established in 1959, it protects consumers from discrimination by all business establishments in California. Because any violation of ADA constitutes a violation of the Unruh Act, it has been referenced in modern website accessibility lawsuits.
  • Section 508 Compliance – A section of the Rehabilitation Act of 1973, the US Congress amended Section 508 in 1998 to require that Federal agencies make their information technology accessible to people with disabilities. It is both a law and a standard, so it does provide for a legal mechanism to enforce website accessibility compliance, although only for government entities, not private businesses. It is managed by the U.S. General Services Administration (GSA) Office of Government-wide Policy (OGP).
  • Website Content Accessibility Guidelines (WCAG) – As the name implies, these are guidelines created to help web developers make website content more accessible for people with disabilities. The WCAG technical documents are developed by groups belonging to the World Wide Web Consortium (W3C) Web Accessibility Initiative (WAI).
  •   Side view of laptop on desk with graphic of emails flying out of screen to represent can spam act  
  • Email Marketing – The CAN-SPAM Act was established in 2003 and is enforced by the Federal Trade Commission (FTC). It sets the rules for commercial email marketing to protect consumers.
  • Telephone and SMS Marketing – The Telephone Consumer Protection Act (TCPA), a law enacted in 1991, prohibits text messages to a cell phone without prior consent. It falls under the Federal Communications Commission (FCC) and would apply if your business sends SMS (text) messages to a consumer’s smartphone.
  • Healthcare Information – The Health Insurance Portability and Accountability Act (HIPAA), signed into US federal law in 1996, covers healthcare data privacy and protection. This is a niche requirement that only applies if you store or transmit Personally Identifiable Information (PII) related to a person’s heath. HIPAA is regulated by the Department of Health and Human Services’ Office for Civil Rights (OCR).
  • Domain Name Registration – The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for accrediting registrars. There are over a thousand registrars, such as Godaddy or Network Solutions, who are the only legal entities where you can purchase a domain name. Technically, ICANN is an international entity because the Internet is global, but even in the US, you must comply with ICANN rules relative to using a domain name.
  • Certificate Authority (CA) – Since anyone can register a domain name without providing legal proof of who they are, the Internet needed another mechanism to create a trust chain. This comes in the form of encrypted public keys, where a trusted third-party, the CA, validates the domain name ownership through a private key. Thereafter, these signed certificates can be used in the secure browsing protocol for websites.

As you might gather from the above list, with so many different laws and agencies, website compliance gets more complex every year. In essence, for your company to comply with website compliance, you must monitor these laws for changes, enact whatever they require, train your staff on these standards, and respond to consumers requests.  While this may seem overwhelming for your small business, continue reading below as we break down each area to explain ways that outsourcing these tasks to a digital marketing agency can help make web compliance easy and inexpensive.

Website Accessibility Design Provides Equal Access for All

If your small business or startup has approached your digital marketing from a strategy-first angle, then you’ll be well on your way to success.  In fact, the group that you consider your target market may include a person with disabilities, because that person also fits within a generic demographic, such as their age, race, gender, or income. Although 61 million adults in the United States live with a disability, most businesses never consider the impact that their website design has on 26% of the US adult population. That is one in 4 people that may be your ideal audience and you are essentially leaving them out in the cold, unable to browse your website to purchase your products or services.

The word accessible between code brackets above keyboard and smart phone for website accessibility

When it comes to accessible website design, there are many technical considerations that a graphics designer may not be trained to understand.  Sure, they can make a beautiful website for a sighted person, but do they know how to make the website operate without a mouse?  Or how to describe images in enough detail that a screen reader can help a blind person visualize that image?  The bottom line is that making a website accessible for all takes time.  It’s the time required to code it correctly, test it under many different scenarios, and maintain it long-term so that it continues to be accessible as you add more content every month.

This is where hiring an accessible website designer and the Website Content Accessibility Guidelines (WCAG) come into play.  There are currently three technical standards for visual, auditory, physical, speech, cognitive, language, learning, and neurological disabilities:

  • WCAG 2.0 was published on December 11, 2008.
  • WCAG 2.1 was published on June 5, 2018.
  • WCAG 2.2 is scheduled to be published in June 2022.

Within each standard, there are three levels of conformance that were adopted to meet the needs of different groups and different situations:

  • A (lowest difficulty to achieve)
  • AA (mid-range difficulty to achieve)
  • AAA (highest difficulty to achieve)
Circle graphic with sections that explain the WCAG 2 standards courtesy of University of Pittsburgh
Courtesy of University of Pittsburgh
The legal requirements for which technical standard and level your business website should attain are beyond the scope of this article.  Suffice to say, the WCAG standards are recognized worldwide as providing reasonable accessibility. A good place to start is to contact a reputable digital marketing agency to get an accessibility audit of your website.  This will provide you with a better understanding of where you are in terms of website compliance in California and the next steps for full compliance. Maybe you’ve heard that making a website accessible is easy with a free or low-cost overlay.  There could be nothing further from the truth, so please don’t get fooled by this technology. If you don’t believe me, please read Overlay Fact Sheet, which has been signed by over 650 people who are industry experts and have dedicated their professional careers to the improvement of accessibility or are end-users with disabilities (or both).  Karl Groves, a respected website accessibility expert, has taken this a step further by documenting many of the overlay vendors false claims, with examples of why what they say is not true.
Overlays are available in a couple of different formats:Example of a website overlay that claims to help people with disabilities when in fact it does not

  1. A control panel is activated on the website that allows users to adjust things such as color contrast, font-size, and to highlight links. Most modern Internet browsers already offer such settings, giving people with disabilities the ability to better control all websites.  On the other hand, there are approximately 20 different overlay vendors, meaning that a person with disabilities would need to learn how each one operates, then take the time to adjust the unique overlays presented by each website.

  2. A behind-the-scenes patch for your website that uses Javascript code to fix accessible website design issues. Yes, this can help, but it’s licensed as a paid service that ranges from $49 to $349 per month depending on the number of pages you have on your website.  If you decide you no longer want to pay those monthly fees, the tool ceases to work and your entire website would instantly become inaccessible to people with disabilities.

Beyond being the right thing to do from a moral perspective, making your website accessible for all through proper design could protect you from a legal perspective.  In fact, between 2018 and 2021, lawsuits against inaccessible websites increased by 75.2%.  That means with over 4,000 lawsuits in 2021, there were 11 filings per day.  These span many different industries, but ecommerce websites are the most common. Depending on the circumstances, such as nexus (a business with a connected physical location), the lawsuits can be filed in a federal court or state court, with California being heavily targeted due to the Unruh Act as a direct reference to violation of the ADA.

Bar chart of ADA digital lawsuits from 2018 to 2021 which accessible website design could eliminate
Statistics courtesy of UsableNet

The Importance of Website Privacy Policies

Privacy laws are not new.  What is new is the definition of what constitutes personal data, where that data is stored, and the rights that consumers have relative to eliminating that data. I’m sure you’ve received a thick envelope in the US mail from your credit card or mortgage company that explains your rights relative to the privacy of the data those companies collect.  They usually include an opt-out form where you can check a box that says, “don’t sell my personal information to any third-parties”.  The problem is that you’ve got to fill-out this form and mail it back to the company.  I’m sure that most of us just throw that directly into the recycle bin and never give it another thought. 

Women in background holding hand to partially block camera in foreground as gesture for her privacy

The big change you need to be aware of is that privacy laws can now extend to your website.  We’ve already alluded to how much commerce is being transacted online verse in-person or by mail.  Because of this, you may be required to provide website visitors more control over the personal information that your business collects about them.  The first step in this process is to explain your privacy practices in what is called your website privacy policy. This is a page on your website that describes what you collect, how it’s used, and how the consumer can opt-out.  You can review the Terzetto Digital Privacy Policy to read how we comply with the CCPA as a business in California.

The first state in the nation to enforce a website privacy law was California in 2020.  Next will be Virginia as of January 1, 2023, and thereafter Colorado as of July 1, 2023.  There are now so many states considering privacy legislation that The International Association of Privacy Professionals (IAPP) has created the US State Privacy Legislation Tracker.  What does all this mean for your small business website? Maybe nothing at all, or maybe thousands of dollars in fines.  But you won’t know until you review the legal requirements of each law in all the areas where you transact business online.

Color coded map of the US showing states that passed or are planning to pass website privacy laws
As a website design company, during our first project kick-off meeting, we ask clients to provide us with a privacy policy. Because we are not attorneys and cannot give legal advice, it’s the responsibility of the client to produce the written privacy policy. However, in our experience, even after the website project has been completed and launched live to the public, we still have not received any privacy policy content from the client.  Or worse, they provide us with what is blatantly a privacy policy that has been copied from another website or from a free privacy policy generator online.  Because all these shortcuts are dangerous for your business, we generally suggest the following ways clients can create a privacy policy:

  1. If you have the budget, we recommend hiring a lawyer that focuses on privacy law to write your website policies, monitor privacy laws, and update your policies when the laws change or when new laws go into effect.

  2. If you do not have the budget to hire a privacy lawyer for your website policies, we recommend using Termageddon, a comprehensive website policies generator. It will update your policies when privacy laws change or new privacy laws go into effect, helping you stay compliant and avoid privacy-related fines. And they do it at a fraction of the cost of a lawyer. Although Termageddon is a technology company (not a legal services provider), it was founded by a privacy and contracts lawyer.

Increase Website Trust with Proper Cookie Consent

While most of us like eating cookies, we may not like the cookies that websites make.  Wait what?  Yes, you read that correctly, websites make cookies to track user activity.  Okay, so it’s not a real cookie, just a term used to describe the code that is saved to your local computer by websites that you visit.  Browser cookies started innocently during the early days of the Internet as a helpful way to keep a log of what you had done on a particular website. It’s the reason you can place an item in a shopping cart, then change your mind and close the browser without making a purchase.  Yet when you return to that same ecommerce website days later, they still remember what you had in the cart by referencing the cookie they stored on your computer.

A hand holds bitten cookie next to laptop to indicate real cookies are better than website cookies

From inception, the risk of cookies on a website that had been visited, known as first-party cookies, was thought to be so minor that Internet browsers just enabled them by default. After all, the end-user made a choice to visit that website, so why not let the website keep an activity log.  It didn’t take long for advertisers to recognize the power that these little bytes (bites for those non-techies) of information contained. After a couple of years, so-called third-party cookies came into existence through banner ads, threatening a website visitor’s privacy. Now third parties could place a cookie on your local computer, allowing them access to your browser history and thus empowering them to better target advertisements to you in the future.  Of course, privacy rights groups called foul and soon Internet browsers such as Firefox and Internet Explorer had added privacy settings that allowed the website visitor to control these cookies.

Throughout the evolution of browser cookies, there has been an undertone of deception.  But the tide is changing, with more awareness of cookies and pressure from consumer advocates for better transparency.  The outcome has resulted in Cookie Consent Pop-ups on many of the most popular websites. While not specifically required by privacy laws such as the CCPA, a cookie consent pop-up banner allows consumers to decide in advance what cookies they will accept from each website. This works in conjunction with the CCPA’s “right to access personal information that has been collected” since a website visitor can opt-out of all cookies except those that are necessary to operate the website (first-party cookies).  In essence, they can limit the collection of personal information (third-party cookies) before they start browsing the website. 

Screenshot of Docusign website with cookie consent form at bottom so it does not interrupt users
Screenshot of Salesforce website with cookie consent form taking entire screen to interrupt users

We certainly applaud this effort but wonder about end user fatigue, which is why it’s important to properly configure your cookie consent form. Compared to blocking cookies globally for all websites from within your browser settings, a cookie consent needs to be set on every website you visit. If you’ve seen any of these pop-ups, some operate at the top or bottom of the screen and allow you to continue browsing without taking any action. They are simply notifying you that cookies are being collected and that you have the right to turn on or off which cookies are collected. Others are more intrusive, essentially filling the entire screen where you can’t do anything without either accepting all cookies or taking the time to review the cookie settings to turn them on or off. I have found myself never answering the easy pop-ups and sometimes just leaving websites that have the more difficult pop-ups.

How to Improve Website Security with HTTPS Encryption

In July 2018, the Google Chrome web browser began marking websites as “not secure” if they did not have a security lock.  This is also called HTTPS encryption, where your local computer connects to the website you are viewing through a Secure Socket Layer (SSL) Certificate.  All this mumbo jumbo means is that if you see the secure padlock, you can be assured your personal data (credit cards, social security numbers, etc.) is safely being transmitted between your computer and the website you are visiting.
Close-up of hands typing on a laptop with graphic of a secure encrypted lock floating above hands

In the early days of the Internet, these certificates were typically only used by large corporations, banks, or ecommerce websites.  They wereLet’s Encrypt logo with a banner under it showing a lock and the words free SSL for all with https expensive, took days to order, and were complicated to install.  Today, SSL Certificates are free, can be ordered in minutes, and are automatically installed by your website hosting company.  Much of this was made possible by a nonprofit Certificate Authority called Let’s Encrypt, which is sponsored by over 100 major companies such as Cisco, Amazon, and WordPress.

You can easily determine if your website is using a secure certificate.  Simply type your company domain name in any website browser, then look for the secure padlock.  You can also copy the website address from the browser and paste it into any document, where you should see it start with “https://”.  For example, this is how our website address or Universal Resource Locator (URL) appears “https://terzettodigital.com/“. In terms of the “www” in a URL, that is an acronym for World Wide Web, which was historically entered before the domain name like this “https://www.terzettodigital.com/“.  Having a shorter URL for advertising purposes is preferred, but it’s okay if “www” is there.  The important thing is to see a single “s” which indicates it’s secure:

  • https:// – this is secure
  • http:// – this is not secure
Screenshot of Terzetto Digital website showing the SSL lock which indicates secure https encryption

Why does any of this HTTPS encryption stuff matter?  In a word, trust.  If you want your small business to be looked at as a reputable source online for information, products, or services, then it all starts with trust. Think about how much time and money you put into your website design, search engine optimization (SEO), or paid advertising just to have a prospect leave because your site is not secure. So much of today’s commerce is transacted online that you must make website security a top priority when it comes to staying one step ahead of your competition. 

Let’s look at an example.  If I Google “bay area pool supplies”, I see a list of seven results without scrolling.  The fifth result in the list is a company called The Pool Guys, who service pools in the Silicon Valley California communities of Saratoga, Los Gatos, and Cupertino.  I’m sure they are a fine company, and this isn’t meant to be a derogatory statement about them, just an example of the importance of using a secure certificate relative to your competition.  They have excellent search results on Google, but when I click to their website, I see the “not secure” message.  I quickly click the back button in the browser and decide to click the number four Google result, Lucky’s Pool Center in Hayward, California as they have a secure website.

Google search engine results page after searching “bay area pool supplies” shows seven results
Google Chrome browser indicates “Not Secure” on a bay area pool supply website without SSL

What’s Next for Website Compliance?

As the Internet continues to mature, so too does the number of ways that website visitors and smartphone users can take back control of their privacy.  Some of the most recent trends in website compliance are:

Notepad on desk with ripped out piece of paper on top of notepad with words what’s next
Scroll to Top