More Rules and Regulations for Content Marketers

So, content marketers, let’s talk about the regulatory environment more broadly, because one thing is for certain: the web, as wild and woolly as online discourse may be, is no longer the Wild West. Online marketing is now being held to a much higher standard.

Privacy protection, accessibility, and copyright —  oh, my!

Last time around, we talked about data privacy regulations as they apply to non-transactional sites. As confusing a landscape as those regulations currently present, they’re not the only regulations with which you need to be aware and compliant.

So, let’s talk about the regulatory environment more broadly, because one thing is for certain: the web, as wild and woolly as online discourse may be, is no longer the Wild West. Online marketing is now being held to a much higher standard than it has been, so you’ll want to be sure you have a plan in place to build your site by the book and to remain compliant. Otherwise, you risk spending more time talking to lawyers than to prospects.

Accessibility

If you built your website without accessibility in mind, chances are you’re not going to be happy when your website developers tell you what it’s going to cost to make it compliant. In many cases, it can make more sense to start from scratch, given the investment involved.

On the plus side, the cost to design and build a new website with compliance in mind is only incrementally greater than building that same site without WCAG Level AA compliance as your goal.

There is some extra work to be done, but for the most part, compliance requires a change in mindset for designers and some slightly different coding tactics for the dev team. Once that’s in place, it’s really only a matter of making sure new content additions are made in a compliant manner. (Image alt tags must be included, for example.)

You’ll want to include an accessibility statement on your site that includes a way for visitors who are having trouble consuming your content to contact you and seek remediation.

Privacy and Data Protection

As we’ve discussed, you need a privacy policy and you need to abide by it. If you haven’t told people that you’re planning on selling their email addresses to the highest bidder, you probably can’t. (Regulations differ by jurisdiction and industry; check with a lawyer.)

Once you have a collection of data, you need to take steps to keep that data safe, both in storage and in any transmittal or other use. Again, your industry may have specific compliance standards that you have to meet, and you may need to document the protections you’ve put in place.

Copyright

If you don’t own it, don’t publish it. This should be obvious, but often marketers make mistakes that can be costly.

Images are the most common area where errors occur. Doing a web search and then publishing any old image you find is a recipe for disaster. Going through a respected stock image library and paying for the images you use is the safest approach.

If you’d prefer not to go that route, you can use the Google Advanced Image Search tool. It is an excellent way to search for images to use in your digital marketing if you filter to include only those that are “free to use, share, or modify, even commercially.”

Don’t even think about trying to use an image from a stock image library without licensing it. They can and will find you. They can and will demand payment, usually well beyond what the initial license would have cost. (Also worth noting is that technically, for most stock image libraries, any image you use should be licensed under your firm’s name rather than by your design agency. That approach is also just smart business, because you may not always be working with that design team.)

When copy is purloined, it’s even easier to track down. Even if you get away with it, the search engines may very well penalize you for publishing duplicate content. There are other ways to get on the search engines’ bad sides, so be careful if you’re republishing content from other sources, even if it’s content that you have the right to republish.

Finally, think twice before stealing code. It’s an open source world, but that doesn’t mean you’re free to take and use anything you find in your travels. At the very least, attribution may be required. Most code libraries, snippets, etc., may require license fees — regardless of how they’re used. Some require payment only if you want updates or support. This can be harder for marketers to police, so be sure to have a regularly scheduled review with your dev team.

Spend Time on This

These regulations — and whatever may be coming down the pike in the future — make investing in digital expertise ever more important. Your team needs the time and mandate to stay on top of what regulations apply to your business and best practices for remaining compliant.

How New Data Protection Laws Affect Your Non-Transactional Website

Good news! Regulatory agencies are taking privacy policies and data protection more seriously than ever. Bad news! Regulatory agencies are taking privacy policies and data protection more seriously than ever.

Good news! Regulatory agencies are taking privacy policies and data protection more seriously than ever.

Bad news! Regulatory agencies are taking privacy policies and data protection more seriously than ever.

The increased regulatory activity is certainly good news for all of us as consumers. As marketers, that silver lining can be overshadowed by the cloud of fear, uncertainty, and doubt — to say nothing of the potentially enormous fines — attached to these new regulations. Let’s take a look at what your responsibilities are (or are likely to become) as privacy regulations become more widely adopted.

Before we begin: I’m not a lawyer. You should absolutely consult one, as there are so many ways the various regulations may or may not apply to your firm. Many of the regulations are regional in nature — GDPR applies to the EU, CCPA to California residents, the SHIELD Act to New York State — but the “placelessness” of the Internet means those regulations may still apply to you, if you do business with residents of those jurisdictions (even though you’re located elsewhere).

Beyond Credit Cards and Social Security Numbers

With the latest round of rules, regulators are taking a broader view of what constitutes personally identifiable information or “PII.” This is why regulations are now applicable for a non-transactional website.

We are clearly beyond the era when the only data that needed to be safeguarded was banking information and social security numbers. Now, even a site visitor’s IP address may be considered PII. In short, you are now responsible for data and privacy protection on your website, regardless of that website’s purpose.

Though a burden for site owners, it’s not hard to understand why this change is a good thing. With so much data living online now, the danger isn’t necessarily in exposing any particular data point, but in being able to piece so many of them together.

Fortunately, the underlying principles are nearly as simple as the regulations themselves are confusing.

SSL Certificates

Perhaps the most basic element of data protection is an SSL certificate. Though it isn’t directly related to the new regulatory environment it’s a basic foundational component of solid data handling. You probably already have an SSL certificate in place; if not, that should be your first order of business. They’re inexpensive — there are even free versions available — and they have the added benefit of improving search engine performance.

Get Consent

Second on your list of good data-handling practices is getting visitor consent before gathering information. Yes, opt-in policies are a pain. Yes, double opt-in policies are even more of a pain — and can drive down engagement rates. Both are necessary to adhere to some of the new regulations.

This includes not only information you gather actively — like email addresses for gated content — but also more passive information, like the use of cookies on your website.

Give Options

Perhaps the biggest shift we’re seeing is toward giving site visitors more options over how their PII is being used. For example, the ability to turn cookies off when visiting a site.

You should also provide a way for consumers to see what information you have gathered and associated with their name, account, or email address.

Including the Option to Be Forgotten

Even after giving consent, consumers should have the right to change their minds. As marketers, that means giving them the ability to delete the information we’ve gathered.

Planning Ad Responsibilities For Data Breaches

Accidents happen, new vulnerabilities emerge, and you can’t control every aspect of your data handling as completely as you’d like. Being prepared for the possibility of a data breach is as important as doing everything you can to prevent them in the first place.

What happens when user information is exposed will depend on the data involved, your location, and what your privacy and data retention policies have promised, as well as which regulations you are subject to.

Be prepared with a plan of action for addressing all foreseeable data breaches. In most cases, you’ll need to alert those who have been or may have been affected. There may also be timeframes in which you must send alerts and possibly remediation in the form of credit or other monitoring.

A Small Investment Pays Off

As a final note, I’ll circle back to the “I’m not a lawyer” meme. A lawyer with expertise in this area is going to be an important part of your team. So, too, will a technology lead who is open to changing how he or she has thought about data privacy in the past. For those who haven’t dealt with transactional requirements in the past, this can be brand new territory which may require new tools and even new vendors.

All of this comes at a price, of course, but given the stakes — not just the fines, but the reputational losses, hits to employee morale, and lost productivity — it’s a small investment for doing right by your prospects and customers.

DMA International E-mail Guide Available

Did you know that “forward-to-a-friend” or “member-get-member” marketing techniques in e-mail are currently permitted in Argentina, Hong Kong and Israel, but not in Hungary or Poland? Or that while Canada does not have legislation specifically addressing the issue of e-mail marketing, key legislation for e-mail marketers is the federal privacy law, or PIPEDA. Or that in China there is no legal definition or best practice that specifically defines “opt-in?”

Did you know that “forward-to-a-friend” or “member-get-member” marketing techniques in e-mail are currently permitted in Argentina, Hong Kong and Israel, but not in Hungary or Poland? Or that while Canada does not have legislation specifically addressing the issue of e-mail marketing, key legislation for e-mail marketers is the federal privacy law, or PIPEDA. Or that in China there is no legal definition or best practice that specifically defines “opt-in?”

These were just a few of the facts I learned thumbing through the Direct Marketing Association’s very useful International Email Compliance Resource Guide. The book is a compendium of e-mail marketing regulations and practices for individual countries.

The report is valuable for two reasons:

  • International e-mail marketing is growing. Many companies today are looking for new opportunities to market their products and services abroad while the economy here is in the doldrums.
  • To my knowledge, there really isn’t easily accessible information of this nature available on the subject of international e-mail laws.

Here are some of the topics the DMA touches on in the guide:

  • affirmative consent;
  • legal definition of opt-in;
  • forward-to-a-friend;
  • privacy policy in e-mails; and
  • other best practices.

For the guide, the DMA developed a questionnaire targeting key areas of legislation regarding e-mail regulations and data protection. The questionnaire was then administered to preselected respondents who were knowledgeable about their country’s e-mail laws.

Responses varied from country to country based on the questions they answered. In cases where no questionnaire was submitted, a link to the relevant law is provided as well as contact information for local DMAs and/or departments of data protection.

I strongly suggest you check it out. To do so, click here.