🎧 Real entrepreneurs. Real stories.

Subscribe to The Hurdle podcast today!

5 Legal Requirements to Keep in Mind for Your Small Business Website

Author: Mikel Bruce

Mikel Bruce

Mikel Bruce

9 min. read

Updated February 8, 2024

From GDPR to ADA compliance, there are more and more regulations than ever that apply to business websites. While the details of the regulations might feel a bit overwhelming to manage, we’ve assembled a list of 5 legal requirements that help to protect your customers and web visitors.

These legal requirements go well beyond diminishing any legal risk and avoiding liability for the site owner — they create goodwill with your customers and are symbols of respect for web visitors. Essentially, you’re establishing or furthering the trust your customers have in your business by adhering to these requirements. By having these elements in place, you’re not only enforcing a safe online environment but improving the overall customer experience.  

1. ADA compliance & web accessibility 

Today, every business website should consider accessibility best practices in the design and content of the site. Web accessibility means providing all visitors with equal access to the information on your site.

If you feel uncertain about these best practices, you’re not alone — the legal landscape is a bit confusing at the moment. When the American Disabilities Act was passed in 1990, there were no websites and so the original legislature did not include clear guidelines on how to apply ADA compliance to websites.

However, through several legal proceedings, it has been determined that websites can be considered as “places of public accommodation.”

In the latest court proceedings, such as the lawsuit filed against Dominos in 2016, the rulings have recommended the Web Content Accessibility Guidelines 2.1 (WCAG) as the best standard for online accessibility.

Each year, the number of lawsuits filed against businesses for inaccessible websites continues to rise. You can reduce your risk of this by implementing the WCAG standards on your own website. Some of the most important aspects of the WCAG include:

  • Alternative text for certain imagery 
  • Captions for video content 
  • Adequate color contrast ratios  
  • Accessible forms with clear labels and error messaging 
  • Keyboard navigation throughout the site

These are just a few of the items and you’ll want to review the entire WCAG 2.1 guidelines with any legal counsel and a web agency familiar with accessibility. 

In addition, consider creating an Accessibility Statement or feedback page on your website where you provide information to users on how to contact your team about accessibility issues. This can be a recourse for visitors who are having issues using your site and need to share feedback on accessibility problems. Since content often changes on every site, keep in mind that accessibility is an ongoing practice and not a one-time project.

2. Data privacy & collection 

Data privacy has become a contentious topic in the last few years with the passing of regulations like the General Data Protection Regulation (GDPR) in the E.U. and similar policies in the U.S. There are also state-level laws such as the California Online Privacy Protection Act and the latest California Consumer Privacy Act (CCPA), which was passed in 2019. 

One of the fundamental requirements of all these regulations is that you have a privacy policy on your website if you are collecting any personal information from users. The term “personal information” means different things based on each specific law, but it can include name, email address, phone numbers, addresses, and even IP addresses in some cases. 

Whether or not you are collecting data, it’s safer to add a privacy policy and place a link to it in a visible spot on the site. This is why most businesses will place a link to the privacy policy page in the footer of the site.  

Legislature like the GDPR and CCPA goes a step further than a privacy policy and requires businesses to make sure users have the option to request a copy of (or deletion of) their collected data. 

To meet this requirement, it’s helpful to have a Personal Data Request form on your site. If you are utilizing WordPress as a CMS, there are also features in the WordPress core for processing a data request in the website dashboard. In your website privacy policy, you can state how a customer can contact your team and request a copy or deletion of their data. 

Besides the legal regulations for privacy, consumers are more vigilant of these data regulations and things like privacy policies and cookie notifications have become trust symbols on business websites. 

Brought to you by

Create a professional business plan

Using AI and step-by-step instructions

Create Your Plan

Secure funding

Validate ideas

Build a strategy

Copyright and protecting your intellectual property is another important consideration for every business website. To protect your business against copyright infringement in which someone else copies and reuses your site content, you’ll want to add a copyright notice to the footer of the site.

Most web designers will automatically place this in the footer of the site during the build or redesign project. In order for the copyright notice to be valid, it needs to include the copyright symbol or the words “copyright” or “copr.”, the year the website was published, and the name of the owner, which would be the business name. 

In addition to protecting your own intellectual property, you also need to make sure you don’t violate copyright laws in the design of your site

Improper image use is a common legal problem. It may sound obvious, but you should never download an image from Google and place it on your site. These images may be owned by other sites or may be stock images that are licensed to other businesses. By placing them on your own website, you could be violating copyright laws. 

You also need to be careful with stock imagery when finding and purchasing stock images for your site. While there are free stock image sites out there, high-quality sites do better with imagery purchased from a site like Getty Images or Shutterstock. 

Make sure that you are using purchased and properly licensed images from these sites. These companies are able to track down misused images through the metadata and take legal action for misuse. 

If you are working with a web design team, make sure that you are aware of where they are finding their images and what type of licensing each image has. For instance, certain Getty images are licensed for use on a website, but an additional license is required to use the image in printed marketing or advertising. You’ll need to make sure you aren’t unknowingly violating those terms by taking images from your site and placing them in marketing materials. 

4. Data security measures 

Protecting and securing collected data is a whole other legal sector beyond data privacy. In all 50 states in the US, there is state legislation requiring that a business notify customers of any security breach that may involve customers’ personal information.

In the GDPR and CCPA, there are also reporting requirements and penalties for companies that expose consumer data to security breaches. Similar to the privacy laws, the term personal data can refer to a broad range of consumer information from email addresses and phone numbers to more confidential items.

Keep in mind, even if you aren’t processing payments and collecting what you may deem as confidential information, you can still be liable for security issues on your site and in your business processes.

One of the best ways to reduce your liability is to implement security protocols on your website. Investing in a secure hosting platform and an SSL certificate is just the starting point.

If your site is built on a content management system, such as WordPress, you also need to stay on top of plugin and software updates, which often include security patches for the site. With more and more transactions and activity occurring online, there is an increased threat of having your site hacked or security issues occurring. Many businesses also invest in a 24/7 security monitoring system for the site.

Web security in general, as well as all of the legal ramifications that may come from a hacked site, makes it all the more important to evaluate what data is being collected and stored on your site.

Lastly, web security is a factor in building trust and credibility with visitors. If visitors don’t feel safe to navigate and submit information on your site, then you won’t be able to get far in converting them

5. eCommerce transactions & compliance

Data security is even more critical on eCommerce sites; eCommerce fraud has risen nearly twice as fast as eCommerce sales.

In addition to more liability for data security and privacy, you must follow the Payment Card Industry Data Security Standards (PCI-DSS) if you are processing any payments on the site.  These global standards were created by PCI Security Standards Council, which was formed by the major credit card companies. Regardless of the volume of transactions, all businesses that accept credit card payments online must follow these standards.

The guidelines are extensive for PCI compliance, but the essence is that you are properly storing and protecting cardholder information.

As a general practice, avoid storing credit card information on your site. Instead, utilize a third-party payment gateway, which securely takes the credit card information from customers and authorizes the payment. PayPal, Stripe, and Authorize.net are the most popular payment gateways, and all of these can help reduce your liability for PCI compliance by managing credit card processing.  

All three of these payment gateways are widely used, integrate seamlessly with most eCommerce platforms, and can be set up so that users remain on your website throughout the checkout process. Given PCI Compliance and the web security risks with eCommerce, it’s important to understand all of these regulations before setting up an online store or adding a paid subscription site.

For an eCommerce site, you’ll also want to set up a Terms & Conditions page, in addition to your Privacy Policy page.

You can configure the checkout process so that visitors must check off and accept these terms & conditions before completing a transaction. It’s probably wise to work with your legal counsel to put together the terms & conditions — when they’re properly worded, they may give your business some legal coverage if customer disputes arise.

Editor’s note: This article is not legal advice, and the author is not providing any legal recommendations on these items nor legal interpretations. If you have concerns about complying with official regulations or about legal ramifications for your business & website, we’d recommend contacting an attorney. 

Brought to you by

Create a professional business plan

Using AI and step-by-step instructions

Create Your Plan

Secure funding

Validate ideas

Build a strategy

Content Author: Mikel Bruce

Mikel Bruce is the CEO of TinyFrog Technologies, a San Diego web design agency specializing in WordPress web design & development and secured hosting & maintenance. Founded in 2003, TinyFrog Technologies offers a conversion-based approach to web design and has built over 1,100 websites.