Digital Compliance in 2020
Published on 06 Mar by Melissa Itwar
What is Digital Compliance
Digital compliance refers to the various legal regulations surrounding online business operations, and they are numerous. Compliance regulations can be provincial or state-regulated, federally regulated, and in some cases, continentally regulated.
From collecting and handling personal information, to user accessibility, digital compliance not only provides comfort and transparency to your customers, but can also help you avoid hefty implications. Failing to comply can lead to complications with executing your digital business initiatives including stopped ads, Google penalties, or have your website shut down altogether. Your business could also face large fines, or even lawsuits.
What you Need to Know
In 2020, there are new compliance policies, and updates to existing ones that you may not yet be aware of, but are important to implement in order to avoid costly effects to your online entity.
Website accessibility refers to optimizing a website so that users with disabilities are able to fully access the information as a person without disabilities would be able to. In Ontario, website accessibility is regulated by the Accessibility for Ontarians with Disabilities Act (AODA), and requires accessibility compliance for websites of private and non-profit organizations with more than 50 employees, or public sector organizations.
To be AODA compliant, these organizations face requirements regarding content, function, and navigation optimization for users with visual, hearing, and cognitive impairments, and must do so by the end of December 2020. Websites that fail to comply going into 2021 face multiple fines, including up to $50,000 per day for directors of the company, in addition to $100,000 per day for the corporation as a whole.
In the US, the Americans with Disabilities Act poses similar stipulations on websites. While there is no explicit mention of website compliance in the ADA, it does govern “public accommodations”. There have been cases of organizations being sued, and facing charges related to lack of website accessibility, citing websites as public accommodations, although enforcement and penalties are often at the discretion of the judge handling the case.
From Facebook, to Yahoo, to Marriott, we’ve heard about major data breaches, and how they can compromise the personal information of millions of users. Websites of all kinds collect personal information, such as names, addresses, age, gender, race, and secret questions for account security; if this type of information is obtained by the wrong people, it can allow them to access other, even more personal items, like emails and bank accounts, having devastating consequences for the person whose data has been breached, as well as for the reputation of the organization that was breached.
Europe’s General Data Privacy Regulation (GDPR) requires compliance from all websites that handle user data. How a business or organization plans to collect, handle, store and share users’ personal information must be disclosed, and they must make it possible for users to decline consent. In addition, users must be able to request the organization’s records of their personal information as far back as 12 months prior, and as often as twice each year. Failure to comply can result in fines on 2 levels: smaller offences face a fine of €10 million, or 2% of the company’s annual global revenue, whichever is higher. Larger penalties include a fine of €20 million, or 4% of the company’s annual global revenue, whichever is larger.
As of January 1, 2020, the California Consumer Privacy Act posed similar regulations, but on a smaller scale. Rather than requiring compliance from all websites handling user data, the CCPA requires compliance only from businesses under the following conditions:
- A customer base of 50,000+
- Gross revenue of $25M+
- 50%+ of revenue is generated based on user data collection
Additionally, under the CCPA, users must have the option to request that the personal information collected from them not be sold by the organization collecting the data.
Applicable websites must be CCPA compliant by July 1, 2020, and could face fines ranging from $2,500 to $7,500 per violation depending on severity, and whether or not the violation was deemed intentional.
Both regulations stipulate that websites must undertake measures to ensure the anonymity of users whose data has been collected, so that their personal information remains protected even in the even of a data breach.
Where do you start?
Something to consider when trying to understand whether these compliance standards apply to you is the idea of public accommodation. As mentioned previously, the term public accommodation can be applied to websites since anyone in the world can access them; as such, these various compliance regulations can apply to your business's website, even if your physical location is outside of that regulation’s geographic location.
For example, just because your business exists in Canada, does not mean that someone from Europe won’t see or visit it. Since these compliance regulations are focused on protecting the user, it is your job, even as a Canadian business owner, to protect the rights of that European user under GDPR. While this may sound like a stretch, fines of up to tens of thousands of Euros simply aren’t worth it.
WCAG 2.1 Compliance
The Web Content Accessibility Guidelines or (WCAG) are considered the international standard for website accessibility compliance. Originally published in 2008, the WCAG were developed by the Web Accessibility Initiative of the World Wide Web Consortium, and has been revised several times to become an extensive series of protocols to ensure users with disabilities face no barriers to a website’s usability. The WCAG 2.1 revision forms the basis of AODA and ADA regulation, and govern:
This not only pertains to obvious accessibility items, like alt-tagging and video transcripts, but also more complex items like auditory transcripts, dynamic font size, and the ability to provide accessible content offline for items that cannot be made accessible online.
You can run a Google search for WCAG compliance checklists and scanners, which can help you identify whether or not your website is on the right track to becoming compliant, and what items might be missing. However, it’s worth noting, WCAG 2.1 is extensive, and could require a lot of time to manually create and implement alternative ways of accessing your website’s information, as well as financial investment to redesign your website accordingly.
Cookies consent has become unavoidable as of late 2019. Almost all websites display a pop-up upon arrival disclosing that user behaviour tracking is in place with Cookies, and requests the user to consent or decline. If your website isn’t already doing this, you’re now the anomaly, and could raise user concern about whether you have any data privacy policies in place at all.
We can help!
Call us today to analyze the current status of your website compliance, or to get started on building a dynamic, privacy and accessibility compliant marketing asset!