Policies are a two-pronged opportunity for layers: Protecting clients from dangers and generating revenue in the process.
Experienced lawyers know that, sometimes, the legal issues that get the least attention carry the greatest risk. One such area is digital policies. Sure, you hear a lot about data security, but that’s just one part of it. There are plenty of legal issues involved in maintaining an online presence that your clients — especially smaller businesses — probably haven’t given much thought. The catch, however, is that they’re still responsible for following those laws — even if they don’t know they exist.
That’s a two-pronged opportunity for you: Protecting your clients from dangers they might not even be aware of while finding new ways of generating revenue for your own business.
The question is, how? How do you get your clients to take digital policies seriously enough to dedicate resources to them?
The answer is to make the threat real and the solution easy. Talk to your clients about why they need a digital policy and how you can help them get there. Here are some things to focus on:
Were you aware that the Americans with Disabilities Act of 1990 applies to digital spaces as well as to physical spaces? Do you think your clients are aware of that? Many would probably be surprised to find out that the ADA stipulates that web sites, apps, etc., must be accessible to people with disabilities. Even if your clients are passionate about accessibility overall, it may have never occurred to them to think of it in terms of how a person with hearing or vision challenges would use their website.
Protection of customers’ personally identifiable information
Data breaches get plenty of headlines, but smaller businesses may not realize that the problem isn’t limited to big organizations. In fact, more than 70% of cyberattacks target small businesses. So, no matter how small a business is, it has to follow the rules for processing and storing payment information. The Payment Card Industry Data Security Standards (PCI-DSS) Council, in conjunction with major card brands, has put forth a set of requirements regarding all aspects of what businesses do with their customers’ payment information. If it’s determined that a business failed to adhere to PCI-DSS requirements, the price tag can be overwhelming. In fact, more than 60% of small businesses shut their doors within six months of a data breach. Your clients could fall victim to a risk they don’t even know is out there.
Data transfer and storage protections
If you have clients that do business in multiple jurisdictions, they may not realize that those local laws apply to them regardless of where they’re based. Some countries, for example, require their citizens’ personal data to be stored on servers within their own national borders. In November of 2016, LinkedIn’s failure to comply with this law led to access being blocked within Russia. Other countries, including China, Australia (medical information) and Canada (Nova Scotia and British Columbia) have similar requirements.
The same is true of privacy legislation. The EU, for example, passed a law requiring businesses to get express user consent before using most types of cookies. Starting in 2012, the U.S. also introduced privacy legislation. More recently, the EU passed the General Data Protection Regulation (GDPR) that goes into effect in May of 2018 and not only addresses protection of citizen data, but also where the data must be stored and where it can and cannot be transferred. Many states also have their own unique requirements. And a lot of small businesses are completely unaware.
Other areas of concern
The extent of legislation regarding digital integrity is seemingly endless.Other basic considerations include things like:
● Children’s’ online protection
● Language and content localization
● Anti-spam laws, including those for email marketing
● Appropriate and prohibited content
● Digital records management
● Domain names, email addresses, and social media accounts
● Online advertising and promotion
● Social media (personal and corporate)
One of the most valuable things you can do as a lawyer is to bring legal and regulatory issues to your clients’ attention ahead of time rather than just helping them sort through the consequences when something goes wrong. The digital world has exploded at such a rapid pace that a lot of businesses are just trying to keep up with the changing technology; the surrounding legal issues haven’t made it on their radar yet. It’s a rare opportunity to grow your business while helping your clients protect theirs.
Want to find out more about digital policies and what your clients need to know? Check out my recommended considerations. And feel free to get in touch — I’d love to talk to you about what I’ve learned through my work with businesses and legal counsel.
Photo by Philippe Gras