Whether you’ve had a website for years or just started, many business owners have the same blind spot when it comes to their website: not keeping up with regulations, protections, and trends.
Get Instant Access to This Article
Subscribe to Worcester Business Journal and get immediate access to all of our subscriber-only content and much more.
- Critical Central Massachusetts business news updated daily.
- Immediate access to all subscriber-only content on our website.
- Bi-weekly print or digital editions of our award-winning publication.
- Special bonus issues like the WBJ Book of Lists.
- Exclusive ticket prize draws for our in-person events.
Click here to purchase a paywall bypass link for this article.
Twenty years ago, having a website was the gold standard of a successful business. Today, it’s the price of entry.

Whether you’ve had a website for years or just started, many business owners have the same blind spot when it comes to their website: not keeping up with regulations, protections, and trends. One of the big ones today is consumer data, and I’ve seen clients with dated websites that are being penalized or even blacklisted due to simple website changes they’ve failed to introduce.
From tracking cookies to filled-out forms, your website collects customer data. You might be ignorant of what your website’s pages, plugins, apps, and forms collect, but that doesn’t make you immune to regulations. You’ve seen the trends on other websites: pop-ups about tracking cookies, opt-ins on email signups, and additional data-related agreements on forms. You need to have them on your website as well.
While Massachusetts has some specific laws concerning standards for data security and announcing data breaches, Europe’s General Data Protection Regulations and California’s Consumer Privacy Act have significantly stronger protections for data. If your business collects data from EU or California residents – even if you’re based in Massachusetts – you need to comply. That means clear privacy policies, consent for data collection, and an easy way for consumers to opt out.
Under the above laws, customers can ask for a copy of the data you store or even for it to be deleted. Businesses that share customer data must offer an opt-out, and under CCPA, minors require explicit opt-in before their data can be shared. Failure to comply with consumer data requests or official GDPR & CCPA notices within 30 to 45 days can lead to steep penalties, starting at $2,500 per violation all the way up to percentages of annual business income.
What you do with this data is also important: selling data comes with its own issues, including the need to ask consumers to do so and provide opt-outs explicitly, and if you collect emails and then use them for email marketing, you’ll need to follow CAN-SPAM Act regulations to avoid the possibility of penalties when you hit send.
Old websites haven’t kept up with the risks posed here. Do you use tracking cookies without explicit consent? Allow form submissions without a privacy disclaimer? Do you have a privacy police on your site? Do you know if any of the plugins or apps on your website do? If you’ve answered no to any of these questions (or don’t know), you’re at risk, even if you’re a small business. These are common issues I see when consulting with potential clients about the shortcomings of their current website.
Good data protection is also good marketing. Making sure your customer’s data is sent and secured isn’t just important for regulations, it’s also for search engine optimization. Google and many browsers restrict or even blacklist websites without HTTPS. As these practices become the norm, having these is a green flag to people who want to do business with you, especially when it comes to providing private information. It’s an easy way to build trust with consumers.