Perspective: The Case for Privacy-by-Design Website Development

The Founding Fathers of the United States may have taken a dim view of the right to privacy, but in 1965 the Supreme Court disagreed, finding that privacy was constitutionally protected by the Bill of Rights.

Since then, privacy has grown ever more important in our political discourse, and that trend has only been heightened by the growth of the Internet and further magnified by social media and the heyday of user-contributed content.

Governments around the world are introducing new and more stringent policies and regulations protecting user privacy on the Internet, and law firms must lead the way in implementing these changes. The first step is to embrace privacy by design.

First conceived in Canada by Dr. Ann Cavoukian in the 1990s, privacy by design has since 2010 been considered the gold standard for international privacy. The Federal Trade Commission now recommendsthat the U.S. adopt the approach’s principles, too.

The central tenet of this approach is to embed privacy into the design of a corporation’s practice, physical infrastructure, and, its website. So why must law firms, specifically, adopt privacy by design?

The Consequences of Ignoring Privacy by Design

Privacy by design is a no-brainer for firms with strong emphases on data privacy practices, but it’s also important for other firms.

Any law firm operating a website that tracks users via personalization, customer relationship management, or other analytics systems could already be in violation of European Union, U.K., and U.S. regulations. As government scrutiny over international privacy compliance intensifies, the number of major legal and public relations nightmares will increase as well. The enormous movement toward personalization and marketing automation in the digital marketing landscape is threatened by these pending regulations.

Firms that have failed to comply with these regulatory efforts will face heavy pecuniary penalties. In the EU, regulators have the power to impose fines of up to 4 percent of a company’s gross annual revenue, and the ensuing reputational damage could be even more costly — particularly for firms that preach data privacy best practices to their clients.

Even firms that do not operate within the EU must take heed of these consequences because as soon as an EU citizen opens a website, it becomes subject to these legal requirements.

Privacy by Design Web Development

Sites that weren’t initially developed with these privacy principles in mind will incur costly retrofit projects. They could also experience diminished functionality when best practices are standardized and more commonplace.

By designing websites and online user experiences with embedded privacy considerations now, firms will avoid potential legal or public relations disasters and ensure that key functionality and user benefits are maintained for the optimal dissemination of content.

It is no longer acceptable for websites and business intelligence systems to operate on the assumption that users will be tracked. New regulations don’t just require full and accurate disclosure of any tracking being performed; they also demand informed consent from users before such technology can be used to collect either volunteered or automated personal data.

Clearly, then, law firms must engage web developers and development firms knowledgeable about privacy by design from the start. But how should a firm go about finding the right development partners?

Finding Privacy by Design Development Partners

Although most firms will want their specific policies, procedures, and processes to be documented and reviewed by in-house data privacy legal counsel, some might also opt to consult with outside experts. A major problem facing those firms at present, however, is the lack of any specific verification or registration system for privacy by design at this time.

The FTC is aware of this problem and is looking to take steps forward, but firms should try to stay ahead of the curve by partnering with development firms that possess:

  • Strong knowledge of underlying privacy-related technologies.
  • Demonstrable understanding of the specific issues and problems that may arise as a result of the new regulations.
  • Sufficient sophistication to engage in appropriate conversations with in-house IT, marketing, and data-privacy experts to obtain the best possible outcome for all project stakeholders.

The best developers will offer all these qualities, proving themselves capable of incorporating best practices into web development while keeping the firm’s own compliance and IT teams within the loop.

By embracing privacy by design now, law firms can avoid future financial and reputational penalties and effectively position their practices to meet the demands of privacy-conscious clients.

This article originally appeared in Bloomberg Law.