October 12, 2015 - WRITTEN BY GEORGE WANG
One of the most overlooked aspects of a website is the area of legal and technical compliance. Below are 3 common types of compliance that websites need to meet. Does your website meet them?
If your business collects credit card information for any reason, you need to be compliant with PCI rules, or you could be subject to significant penalties. We generally recommend using a fully compliant service such as Stripe, Braintree, Paypal, or your merchant gateway.
Avoid sending or receiving credit card numbers through email, as the information can be intercepted by third-parties en route, or by anyone who can crack your email password. Instead, consider using a more secure method like phone, which does not store the information permanently, leaving you at risk for a breach.
Depending on your industry, you may have additional compliance requirements, such as HIPAA (for health care professionals), FINRA (for financial professionals), or state bar compliance rules (for legal professionals).
For example, the California State Bar considers attorney websites to be a form of advertising, so lawyer websites need (among other things):
FINRA and HIPAA typically have similar (but oftentimes more stringent rules).
Have a question about website compliance? Contact us at firstname.lastname@example.org for a free, no-obligation review of your website today.