Important Update on Laws that Impact Client Websites
New laws surrounding data privacy and accessibility are on the rise. Skipjack Web Services wants to make sure you are aware of those that may apply to your organization and its website.
*Please read the following information and sign the page as confirmation that you have read it and agree with the statement at the bottom. Even if you decide to take no action, please indicate by completing the form below that you have read this information.
PRIVACY LAWS
GDPR – The European Union passed privacy requirements of all websites EU residents visit under its General Data Protection Regulation (GDPR), which became effective in 2018. In short, the GDPR requires privacy statements on websites that outline how users’ personal data may be gathered on the site, a cookie-use statement and the ability of a user to request that their personal data be deleted. The GDPR applies even if you don’t target EU residents or have a business in the EU. You are liable if an EU resident visits your website and you would be surprised how many EU residents visit your website. GDPR penalties can be stiff for violations. See fine information at https://gdpr.eu/fines/.
Virginia VCDPA – Last year, the Virginia Consumer Data Protection Act (VCDPA) was signed into law and is now effective, giving consumers the right to access their personal data and request that it be deleted by businesses. It also requires companies to conduct data protection assessments related to processing personal data for targeted advertising and sales purposes.
Entities conducting business in Virginia must satisfy one of two thresholds to fall within the statute’s scope, and both thresholds address a minimum number of affected consumers. Entities must control or process (i) the personal data of at least 100,000 consumers in a calendar year, or (ii) the personal data of at least 25,000 consumers, while deriving over 50 percent of gross revenue from the sale of that data.
California (CalOPPA) – The California Online Privacy Protection Act, now in effect, requires operators of commercial web sites or online services that collect personal information on California residents through a website to conspicuously post a privacy policy on the site and to comply with its policy. The privacy policy must, among other things, identify the categories of personally identifiable information collected about site visitors and the categories of third parties with whom the operator may share the information.
Examples of Personal Data:
• name and surname
• home address
• email address such as name.surname@company.com
• identification card number
• location data (for example the location data function on a mobile phone)
• Internet Protocol (IP) address
• cookie ID
• advertising identifier of your phone
Most of Skipjack’s clients do not fall under the requirements of the Virginia law nor have consumers in California. However, it is on the agenda of many other states to enact similar laws. Privacy concerns are on the rise and taking some basic steps to be in compliance is necessary.
Even if you don’t think that you are collecting personal data on your website, the use of certain services, such as Google Analytics, may be pulling IP addresses and/lor location information for use of website traffic monitoring. Another example would be the use of a Contact Form through which users can email your organization.
Email addresses are considered Personal Data if they identify someone. For example, if I send an email from info @skipjackweb.com, it is not considered personally identifiable, but if I send an email from kristinbowl @gmail.com, then it is considered personal data.
ACCOMMODATIONS FOR USERS WITH DISABILITIES
Title III of the Americans with Disabilities Act requires that every owner, lessor, or operator of a “place of public accommodation” provide equal access to users who meet ADA standards for disability. Inaccessible web content means that people with disabilities are denied equal access to information. A website with inaccessible features can limit the ability of people with disabilities to access a public accommodation’s goods, services, and privileges available through that website—for example, a veterans’ service organization event registration form.
Various courts around the U.S. have ruled that websites are places of public accommodation and thus subject to ADA rules. For example, the Winn-Dixie supermarket chain was penalized for not making its site accessible to users with low vision. Website accessibility lawsuits filed in federal courts are on the rise. In 2021, the number of lawsuits more than tripled from 2017 (source).
Regardless of legal action, it is in the best interest of all small businesses and nonprofits to make sure they are serving their costumers and audiences by making their websites accessible.
Please see guidance from the U.S. Dept of Justice on website accommodations- https://www.ada.gov/resources/web-guidance/
Limitations of Skipjack Web Services
As outlined in provision #10 of our customer agreements, Skipjack Web Services is not liable for client compliance of electronic commerce laws. Skipjack makes no representations toward the accuracy of any legal information and encourages clients to research and become familiar with the requirements of all laws and regulations concerning their businesses or organizations. Kristin Bowl, nor Skipjack, provides legal advice, nor acts as a Privacy Officer on behalf of any client.
Although Skipjack Web Services gives no legal advice, we feel it is important to bring these matters to your attention. We understand that for many, the requirements may be difficult to navigate and understand. Upon request, Skipjack can help take some basic steps to make your website more compliant.
WHAT SKIPJACK OFFERS:
Basic Privacy Update
One Time Fee- Conduct an evaluation of your website and based on common sense standards and suggested guidelines from expert sources, Skipjack will create a Privacy Policy for your website based on the plugins and services (such as email and Google Analytics) that it may be using which may collect data from users.
- Install a pop-up cookie and privacy statement when a user goes to your site. Visitors will agree to your cookie and privacy policies. Skipjack will utilize a plugin, such as Complianz, to help in this regard. It will remember the user for a 1-month period and not display the pop-up again during that time unless the user clears their cookies/browser history.
- If your organization is contacted by a user with a request to delete any data, Skipjack will delete any personal data that is held in email or the site.
- *Please note that Skipjack is not legal counsel and does not represent this statement as a legal document.
Accommodations for Visual Impairment
Starting at- Implement plugin. Skipjack has identified a plugin that works well to enable a variety of accommodations for those with visual impairments including the ability to make text larger/smaller, increase/decrease contrast, highlight links and more. We will implement the plugin and customize the settings for your website.
- Run your website through an accommodation grading application which will highlight weak spots such as color and font choices, elements on the site that are too close together for users to “tab” through them effectively, and others. We will then tweak your site to follow the recommendations of the grading app.
- Ensure ALT tags are included on all the images in your image library. ALT tags are imperative for those with visual impairments as this is the information that is read by the software they use to navigate your site. The appearance of ALT tags are also a factor search engines such as Google uses to determine your ranking in search results.
- Ensure any forms have descriptive HTML tags for each field
- Add descriptive anchor text to hyperlinks
- *Please note that we believe that approximately 2.5 hours should be enough time to implement these changes, however, some websites have more elements and images than others. Skipjack’s hourly rate is $50. Skipjack will track time while working and only charge for the actual time involved.
ACKNOWLEDGEMENT
Please sign below.