Website compliance mistake #1 - You’re focused on avoiding penalties — not on enhancing your digital presence
Major fines and penalties regarding noncompliance have been issued to websites and big tech platforms over the past few years. These penalties range from inaccessible websites to improper data collection practices. And though many organizations have found themselves scrambling to meet these requirements, legislation doesn’t always provide clarity on what to do.
In the US, the applicability of Title III of the ADA for all websites as places of public accommodation is still under dispute given the circuit split among US courts. The Supreme Court has yet to issue its final ruling, meaning at least until that decision is made, the precedent of web accessibility lawsuits will continue to cause confusion. Despite the circuit split regarding Title III’s applicability, the California Consumer Privacy Act (CCPA) does provide guidance in this respect.
According to the CCPA, businesses subject to the legislation are expected to adhere to WCAG 2.1 standards and ensure notices are “reasonably accessible” for consumers. With more legislation expected to emerge regarding digital interactions with organizations, ingraining organizational resilience principles into your digital processes will help you prepare for the changes that will inevitably impact your web compliance efforts.
What’s more, while avoiding fines is certainly a benefit of having a compliant website — it isn’t the main reason you should focus on web compliance. Your website is meant as a place to welcome your audience to your organization, so you want to attract more visitors to ensure your message reaches its intended target. Compliance with relevant legislation as well as digital best practices can help you with this goal.
In fact, Google’s Search Central has been describing SEO as Searcher Experience Optimization for some time, which includes making sites more accessible. So, even if you’re uncertain of legislative requirements, adhering to web accessibility standards is a tangible benefit that will improve your overall digital presence. Your visitors want to feel like they can trust your site. That’s why creating a compliant digital presence by ensuring your site is accessible and meets all data privacy compliance requirements will benefit both you and your visitors.
In terms of data privacy, some measures you should include on your website are an accessible cookie consent banner and a clear data privacy statement. Steer clear of dark patterns on your consent banner, as this can frustrate users and make your site appear less trustworthy. This can also put your site at risk of noncompliance with the CCPA, and will likely draw the attention of the European Data Protection Board’s recently established taskforce.
Website compliance mistake #2 - You’re not approaching web accessibility holistically
As discussed above, adhering to WCAG 2.1 web accessibility standards is advantageous both from a compliance and UX perspective. While some sites are opting to just use overlays that promise to achieve an AA level of compliance in a few simple steps, it’s becoming increasingly obvious that web accessibility is not properly addressed without a comprehensive plan. This plan should ideally include auditing software, manual audits, and accessibility training for content creators and web developers.
Accessibility overlays which promise to create a fully compliant website that is automated with a simple snippet of code fail to address the underlying reason to adopt web accessibility standards in the first place — to ensure equal access to all visitors and make everyone’s experience better. Because these “quick fixes” don’t actually help create awareness of accessibility best practices within organizations, they may hinder the ability to perform necessary ongoing manual audits by employees or help them understand WCAG principles.
If you want your website to be fully accessible, take the time to train your team or hire an expert to help you achieve WCAG compliance. Then, invest in software that will help you review your site for accessibility errors. Once you have web accessibility as part of your website development process, you’ll be able to adapt to new best practices as they become the standard.
Website compliance mistake #3 - You’re not preparing for changes in data collection
Recently, Google announced that it will be phasing out third-party cookies by 2022 on Chrome. This has led to an uproar within the marketing community regarding the expected increase in spending to track user data, and more investment in email marketing (which requires multiple compliance considerations). And though Chrome isn’t the first web browser to block third-party cookies, it’s the most used.
To prepare your site for what’s been dubbed “the death of third-party cookies”, consider how you can adjust your user tracking and data collection practices. Some ways you can get ready for what’s ahead are:
- Consider doing an audit of your existing cookies and what you use them for.
- Review your first-party cookies and see what they can tell you about user behavior on your site.
- Speak with a service designer or UX specialist to get an overview of your current user journey.
- Ensure your first-party cookies are compliant with the GDPR and CCPA, and that the data you’re collecting benefits you and your customers.
- Implement an accessible consent banner on your site to make it easy for your users to opt-in to existing cookies.
- Keep up with Google’s Privacy Sandbox updates to review their standards as they roll out.
- Adjust your KPIs and reporting metrics to reflect the upcoming changes.
Website compliance mistake #4 - Your site doesn’t fully comply with industry requirements
Aside from general legislation that applies to most websites, you’ll want to consider the specific requirements for your industry. Certain regulations call for even more stringent requirements for organizations in certain industries given the nature of their activity. Two of the industries that serve as notable examples are healthcare and hospitality.
In the US, the Health Insurance Portability and Accountability Act (HIPAA) sets national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The HIPAA’s Privacy Rule requires that any entities subject to it ensure individuals understand and can control how their health information is used. A website needs to comply with HIPAA if it collects, displays, stores, processes, or transmits any protected health information (as covered in the Act). Additionally, this extends to websites which have protected health information stored on a server that is connected to them.
In Europe, the GDPR considers any data concerning health as a special “sensitive data” category and provides specific guidelines for health data protection. Article 9 of the GDPR addresses the grounds for which sensitive health and generic data can be used, and the European Patients Forum provides a comprehensive overview for patient organizations which explains how to treat health data.
The hospitality industry relies on digital strategies more than ever before, so it needs to meet multiple web compliance requirements. Almost 60% of hotel bookings are made online, making web accessibility a must-have for the hospitality sector. In the US, restaurants and hotels websites are two of the categories that have the highest amount of web accessibility lawsuits filed against them. These sites, and others in the hospitality sector should work on ensuring their sites meet WCAG standards, so their accessibility efforts mirror their offline presence. Hotel and restaurant websites should ensure they include accessibility information, such as whether the venue is wheelchair accessible, to cater to their users’ needs.
Regarding data privacy hotels, in particular, need to consider how they protect user data. Hotels tend to hold a large amount of guests’ personal data, making them vulnerable to breaches. And since the GDPR applies to businesses processing the data of European citizens, hotels worldwide are required to comply with the regulations and ensure they review how they collect data on their websites.
Website compliance mistake #5 - You’re not currently documenting your compliance efforts
Website compliance is an ongoing process, which requires clear goals and audits. Yet a key step in the process that sometimes goes overlooked is the need for documentation. A successful web compliance strategy hinges on the ability to report on changes and improvements made since embarking on the journey that is making your website compliant. Make sure your team tracks which areas of your website have been updated since the start of your audits, including any accessibility errors that have been remedied and any changes in data collection.
Though multiple members of your team may be involved in this process, ideally, there is someone tasked with overseeing your digital compliance efforts so that the responsibility doesn’t fall through the cracks. While not having someone focused on documentation isn’t a mistake per se, it’s certainly something to consider in order to stay on top of your compliance efforts. Hiring a Compliance Officer to be the go-to person to handle the various aspects covered in this article is something that your organization may want to add to its resource budget, if it’s not already in the works.
And to help your organization get a clearer understanding of how to create a more compliant website in 2022, we’ve put together a guide. In it, you’ll find an overview of legislation, useful checklists, and more to enhance your web compliance efforts.
Download the "2022 Essential Website Compliance Handbook" to kickstart 2022 with a more compliant website.