Is Your Firm Respectful of Visitor Privacy?
Over the past five years, web technology has become more sophisticated, making it possible to track visitor movements, to store that information, and to use it for future purposes—whether it’s to display content based on past experiences or explicit preferences. While the merits are obvious, i.e., publishers can serve highly-personalized, curated experiences, so are the flaws, i.e., without protection, visitors can be personally violated.
In an effort to minimize the latter, two primary regulations exist to govern web and content management practices pertaining to data privacy and compliance: GDPR and CCPA.
The GDPR (or General Data Protection Regulation) is a regulatory directive established in 2018 to protect all EU citizens from privacy and data breaches. The CCPA (or California Consumer Privacy Act) is a California (state) law that compels companies that have personal information about users to provide more details on how they obtain and use that information. The goal of CCPA is to protect all California citizens from privacy and data breaches.
These regulations are important because they dictate how firms request, manage, track, and store visitor information, while enforcing compliance to ensure the safeguarding of visitor privacy.
Challenges abound for law firms, and they include:
—How to adhere to compliance regulations, how to demonstrate that compliance, how to ensure accountability, and how to design experiences that take privacy protocols into consideration
—How to overcome the limitations of GDPR and CCPA, such that visitors can enjoy a fruitful, productive web experience without being violated
Firms that are successful in addressing these challenges avoid fines, maintain the trust of their visitors, find ways to serve relevant content without breaching that trust, and benefit from repeat visits and engagement.
At RubyLaw, there are a number of recommendations that we provide clients, as well as services we deliver to heighten privacy compliance. As part of your existing RubyShield packages we provide quarterly security audits. Additionally, we can:
—Advise on cookie banner options. A cookie banner is a consent interface on a website where end-users, i.e., website visitors, can decide which cookies and trackers they will allow to be activated during their visit. Cookie banners help to keep your firm in compliance with GDPR and CCPA, and RubyLaw can either install one for your firm or assist in setting up a third-party banner.
—Conduct a website cookie audit, and assess your firm’s use and storage of Personally Identifiable Information (PII).
—Provide privacy-compliant data analytics via RubyLaw Analytics. These are more accurate and comprehensive than Google Analytics, with the benefit being that your firm keeps and owns the data (instead of Google).
—Perform a front-end/WCAG compliance review.
—Discuss your firm’s overall privacy concerns, whether around data storage, risks associated with third-party custom fonts, or form usage.
If you’d like to learn more about how RubyLaw can support your firm to implement and ensure data privacy and compliance, please contact your RubyLaw representative. You can also attend an upcoming session of RubyLaw Live.