Does Your Website Meet These Common Compliance Requirements?

October 12, 2015 - WRITTEN BY GEORGE WANG

One of the most overlooked aspects of a website is the area of legal and technical compliance. Below are 3 common types of compliance that websites need to meet. Does your website meet them?

Privacy Compliance

Privacy requirements can vary state by state, industry by industry. In California, as of 2014, all business websites are required to post a privacy policy if any personally identifiable information about the user is collected.

This means that is you use Google Analytics or have an online contact form, you need to make sure your Privacy Policy is up to date. Since this is a legal document, we generally recommend that website operators consult a lawyer to have the document drawn up. However, since Kaidoora websites are build on the same technical infrastructure, our client sites are generally covered up our standard Privacy Policy.

PCI Compliance

If your business collects credit card information for any reason, you need to be compliant with PCI rules, or you could be subject to significant penalties. We generally recommend using a fully compliant service such as Stripe, Braintree, Paypal, or your merchant gateway.

Avoid sending or receiving credit card numbers through email, as the information can be intercepted by third-parties en route, or by anyone who can crack your email password. Instead, consider using a more secure method like phone, which does not store the information permanently, leaving you at risk for a breach.

Industry-Specific Compliance

Depending on your industry, you may have additional compliance requirements, such as HIPAA (for health care professionals), FINRA (for financial professionals), or state bar compliance rules (for legal professionals).

For example, the California State Bar considers attorney websites to be a form of advertising, so lawyer websites need (among other things):

  • 1) Copies of each change made to the website for at least 2 years, in case of auditing
  • 2) Disclaimers mentioning what locations the attorney is allowed to practice in, and what constitute the establishment of an attorney-client relationship.
  • 3) Paid actor notices (if stock photography to represent clients) or disclaimers about future performance (client testimonials are used)

FINRA and HIPAA typically have similar (but oftentimes more stringent rules).

Have a question about website compliance? Contact us at for a free, no-obligation review of your website today.

Sign up for our email newsletter so we can keep you informed about the latest web tips!