When designing a law firm website, the term “compliance” is thrown around quite a bit. “Is my website compliant?” is shaping up to be the question of the year from both new clients and law firms we have worked with for years.
Website compliance is interpreted through adherence to the guidelines outlined in the following policies and regulations:
• Americans with Disabilities Act (ADA)
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
Legal compliance depends on a variety of factors — everything from your business location to the customers you service.
The Americans With Disabilities Act (ADA)
The provisions outlined by the Americans with Disabilities Act now apply to businesses with websites. Title III of the ADA states that business owners are required to make accommodations for those who have disabilities that affect their hearing, vision or physical capacities.
The same accommodations you made in your physical office now apply to your firm’s website. The ADA provides a toolkit with examples of how to make your site more accessible, including:
• Provide alternate text and captions for multimedia
• Include the option to skip navigation
• Create an intuitive site structure
The guidelines supplied by the ADA are just that — guidelines. Only a human can determine if your website is accessible. If you have your website audited by a professional who specializes in ADA site design, the good news is that these features benefit all your customers and your SEO.
General Data Protection Regulation (GDPR)
Most U.S.-based law firms aren’t required to comply with the General Data Protection Regulation (GDPR) issued by the European Union. Companies that are based in the EU or serve residents of the EU are required to handle personal data collected in a specific way.
Only a lawyer can tell you if your firm is required to follow GDPR data collection, storage and usage standards. If you are needing to be compliant, you should conduct an information audit, have legal justification for your data activities and provide clear info about your activities. For data security, you need to protect the data, encrypt/anonymize the data and designate someone responsible for your data compliance. Most importantly, allow customers to receive their data, update their data and give them the option to stop processing their data. You can see a full checklist here.
GDPR applies to any professional or commercial activity. Any organization that processes the personal data of people in the EU must comply with the GDPR. It can apply to companies outside Europe, but not for occasional instances. If you are required to follow GDPR, non-compliance is met with hefty fines: €20 million (or 4% of revenue, whichever is greater). To comply with the law, you need to include certain notifications online on your website — most of the time popups allowing users to opt-out or opt-in to various data (and instructing them on how you process the data).
California Consumer Privacy Act (CCPA)
Designed to protect the privacy of the residents of California, the CCPA ensures consumers know exactly why their data is being collected and how it will be used at the point of collection. After collection, consumers have additional permissions and they can ask how their data is being used and delete their personal information at any time.
While CCPA outlines some substantial regulations, they are fairly generous with small- to medium-sized businesses on who needs to actually implement them. If you are doing business in California, below are the criteria that determine if you need to comply with the CCPA:
• Have $25 million or more in annual revenue
• Use personal data of 50,000+ “consumers, households or devices”
• Earn more than half of annual revenue selling consumers’ personal data
So most law firms will probably not need to comply with the CCPA until they hit a certain size. If you are in doubt, then a “Privacy Notification” banner is one way that many law firms are ensuring compliance. These banners are only required to load 1x per session and won’t significantly impact the user experience. It remains to be seen if more states will begin to adopt laws like the CCPA, and several states have pending legislation of special task forces assigned to the topic.
Getting Started With Legal Compliance For Your Law Firm’s Website
Website compliance isn’t as black and white as many assume it will be. While erring on the side of caution and updating your site to comply with everything has its benefits, make sure that you prioritize the ones that actually apply to your firm.
To get started with website compliance for your law firm website:
1. Determine which regulations apply to your website.
2. Review your current site as well as data storage.
3. Address non-compliance.
Compliance should be an ongoing conversation, as many of these guidelines are frequently updated and who they apply to is constantly evolving. As legislation catches up to the challenges of the digital world, the only certainty is that compliance will continue to change.