Virginia Consumer Data Protection Act (CDPA)

December 31, 2022 is When Virginia's Privacy Law Takes Effect.

Second in the nation behind California to enact online privacy regulation, Virginia’s new law takes effect on January 1, 2023.

Similar to the law in California that is again similar in itself to the more stringent privacy regulations in the European Union, Virginia has new privacy rules now too.

What does this mean for US and Virginia-based businesses and those selling in Virginia?

First and foremost, if you do not have cookie notifications on your website, now is the time to implement this scripting. There are many online services that provide the scripts to meet the European Unions’ strict rules and can be used to meet both California and Virginia’s regulations. We use cookie-script.com for our privacy adherence needs.

For Virginia businesses and those that do business in Virginia, here’s what you need to know about this recently passed act.

First you must be in compliance by January 1, 2023.

“Virginia’s legislation has a carve-out for information collected in the employment context, whereas California’s law applies to some employment data.” Read the full article.

The CDPA applies to the following business types:

• Those that control or process the personal data of at least 100,000 consumers.

• Those that process the personal data of at least 25,000 consumers and derive more than 50 percent of their gross revenue from selling personal data.

Make sure to check this article for a number of exemptions. Virginia has made its law less stringent than California’s privacy law, but make sure you know what is covered and not covered.

What Are Your Rights in this New Law?

“Virginia’s law was modeled after California’s laws and the European Union General Data Protection Regulation. Virginia’s law provides expansive consumer privacy rights, such as the right to access, right of rectification, right to delete, right to opt out, right of portability and right against automatic decision-making. The act includes a broad definition of “personal information,” a “sensitive data” category, and data-protection assessment requirements for businesses that control the data.”

“Consumers don’t have the right to bring a private lawsuit for violations of the act. Instead, the Virginia attorney general’s office will enforce the law. Entities will have the opportunity to cure violations or face a fine of $7,500 per violation.” Read more.

Most people expect other states to follow with restrictions similar to Virginia’s or California’s.

Our Recommendation

With privacy being in the forefront of everyone’s mind right now, it is time to look at adding a privacy statement and cookie setting acknowledgement script on your website.

When the EU rolled out it’s privacy regulation several years ago, many businesses opted to not update their site for cookie approval as they felt they were exempt (erroneously) by not selling services or products in the European Union. Now with expansion of similar regulations to California and Virginia, it is time to implement technology to be in compliance this year and at the minimum by December 31, 2022.

 

 

Share

How to Move Your Website to SSL

Be in the Know

Many website owners are getting approached by their hosts to move from http to https. What is important to know is that there is an easy way to do this and a hard way.

Here are my tips to easily move from http to https

Typically I will recommend that you buy your SSL certificate through your web host. Although it may be slightly more expensive, when you use your host’s provider your host is eager to help you set up your SSL cert correctly.

I paid $199 for my SSL certificate which is renewable each year through my web host. Once you have purchase the certificate, your host take over the installation on your server. For most clients this is all that needs to be done. Everything should work yet be under the green padlock and your site should start with https.

I do recommend that if you do move to SSL that you have your webmaster review your website files to assure that there are no hard coded in page links within your website referencing http. If there are, you will want them to change them to https.

Also if you are running WordPress in a directory on your site, you will want to update your logins and locations so that your blog and the blog access control panel are now all https.

Last of all do not forget to update the links in Google Ads. Change your site links and ad URLs to https to complete the project.

One tip, I typically recommend moving to https before you do a website redesign. There is nothing worse than having to troubleshoot server issues for https while you are troubleshooting a new site launch. Don’t do these updates at the same time.

Share

Contact Form Solutions

What to Do With a Contact Form?
What to Do With a Contact Form?

Occasionally we have a client who is using a low-end web host or who is self-hosting and does not have a cgi-bin or scripting enabled in order for us to install a contact form processing script. Sometimes this has lead to expensive programming charges. We do not offer programming and so we have to contract out this portion of a project adding to expenses.

We have found a service that will process the script for you on their servers and so far it looks like a clean and elegant solution to a thorny problem for some clients. You will want to click our post title to review the site MyContactForm.com. With a premium account for $24.99 per year, now any client can have a professional seamless contact form installed on their site without complex programming initiatives. I think that it is a very smart solution.

Share

An Update on the EU’s GDPR for Privacy

An Update on the EU’s GDPR for Privacy
An Update on the EU’s GDPR for Privacy

Since I last wrote about the privacy updates that are mandated by the EU to cover website traffic on American websites by EU nationals, much has happened.

First, clients who thought that they did not want to update their privacy policy or implement cookie approval for website statistic tracking have changed their minds.

Our team has been very busy updating websites to beef up the transparency of the privacy policy, reveal clearly what is being tracked on websites, offering ways to opt out of tracking, and installing cookie approval scripts on websites.

Several clients have shared their thoughts with us on why the sudden change. Some are listed below.

“I do feel lucky about not getting caught, but also want to be safe.”

“I’ve just had a lawyer call me and I feel like I need immediate action on the privacy updates as I don’t want to end up in court on a new matter.”

“I think it is stupid to do, but I am getting inundated with privacy policy updates from everyone that I do business with, that maybe I do need to do something to my website.”

As for me, my perspective is that it is not expensive or hard to do the implementation to be in compliance with the GDPR. I am risk adverse and feel that eventually the US will institute some controls so we will be ahead of the game by changing our own websites now.

Share

Not All Errors Are Real Errors

What to Know About Site Errors
What to Know About Site Errors

Errors, they may your heart beat faster and stomach clench especially when they impact your website. But, not all errors that are reported in plugins such as Yoast or even WordFence are real errors.

For example, today the Yoast SEO plugin flagged my site as not having a home page that was visible to search engines. But on additional testing and review of files; both the robots.txt and .htaccess file there was not issue. Additionally, on testing in the Google fetch feature in the Google Search Console – no errors were triggered. The Google bot was fully allowed even though Yoast said it was not.

Sometimes errors you see are false positives. But, that does not mean you can simply mark them as ignored or disregard them all together.

All website errors should be reviewed and corrected if found to be true. Don’t guess make sure that you do not have a problem each time one is brought to your attention.

 

Share

Hackers: How Do They Get In?

Hackers How Do They Get In?
Hackers How Do They Get In?

Hackers, how do they get in to  your website and hosting account? In today’s wild web, it just seems like sometimes you can’t keep hackers out!

Here’s what happened recently to me. I set up a new hosting account at a quality hosting service (not GoDaddy). The same day I loaded the site files, the site was hacked. Files were loaded and links to malware installed in newly created pages that mirrored my own site pages but with a .shtml instead of .html.

The host told me that all was secure and although the site was in a shared hosting environment that their network was not where the hack came in.

The only thing that I can possibly think of that caused the problem for this non-WordPress site is I emailed the passwords to the client. What the client did with the logins, I do not know. I am not sure if he even tried to login, but doubt it.

The host said that possibly a hacker got into the site via a field in the contact form, but there is a Captcha and tests for validity of information and on top of that no database connection for the form. I am mystified!

What I do know is that sometimes you just do not know how hackers get in, could they tunnel in from the host? Could they intercept logins by email? Could they be trawling the web for new hosting set ups and attack them? Your guess is as good as mine.

One thing I do know is that there is a new hack for WordPress websites that targets new hosting accounts where WordPress installation has not been completed. There are bots that are scanning the web for these new sites and coming in via WordPress setup files and taking control of hosting. Could this type of attack possibly be what I experienced? It is possible.

What I do know if that prompt action to clean up, wipe the server, and change all passwords for hosting and FTP and also no longer emailing logins is our newest protocol.

 

Share