Putting users first: data privacy and transparency

How new data privacy and security laws are shaping the senior living landscape.

by Patrick A. Carrell, Director of Interactive

Data privacy and security have been a big deal ever since commerce found its way to the Internet. But while it used to be that only sites that collected financial data or significant personal data needed to worry about data security, the rise of consumer privacy as a social and legal concept means every website that collects any data of any type must practice good security. That includes virtually any senior living website.

The basics: data security 101

Websites collect data both actively and passively. Direct data collection includes form fills or anytime the user directly submits information to the website. Passive data collection includes tracking software that analyzes user activity on the site (and enables remarketing advertising). Both forms of data are important, and both require proper data handling and disclosures.

Let’s start with a few fundamental data privacy practices your website should have in place today. The first is the SSL (Secure Sockets Layer) certificate. Mostly mandatory these days, this is what adds the “S” in “HTTPS”, and sites with an SSL encrypt data as it’s sent to/from the server.

Avoid vulnerabilities—always keep site plugins updated.

Another common area of vulnerability is the use of plugins in your site. Plugins and other scripts from third-party sources typically offer additional functionality that’s quick and easy and are a great tool for website developers. But it is vitally important that you use reputable plugins from sources you trust, and that you keep those plugins up to date. Failure to do so can provide openings to hackers and bad actors to access data flowing into your website.

Cookies and other tracking technology

Beyond data security, newer user privacy laws focus on giving users more control over the data they share with a website and how it’s used. This includes both user data entered into a form, and user activity data that can be tracked with a bit of technology called a cookie. Cookies are small files that get stored on a visitor’s device by the sites they visit. And there are two main categories of cookies: third-party and first-party.

Third-party cookies are loaded by a different domain than the one the user is actively on. For example, Meta’s Pixel, Google Ads, and LinkedIn Insights tags are all enabled by third parties (Meta, Google, and LinkedIn respectively)—NOT your community website. If you’ve ever shopped for shoes online and then started seeing ads for shoes on other websites, it was one of these cookies that made that possible. This process is called remarketing—and it’s a great tactic often to target ads at visitors who have been on your website.

First-party cookies are created and used by your website directly. These are primarily used to save preferences (if you have them) on your site, and to tie user activity to actions taken on the site. For example, if a user clicked on a digital ad, came to your site, and eventually filled out a form, you could attribute that form fill to that ad campaign thanks to the tracking data associated with the ad.

Data consent: transparency and control for users

While it’s always been a good practice to have a privacy policy on your website notifying users what data is being collected, who is collecting it, and how it’s being used, these pages have traditionally been nearly hidden in small footer links that virtually no one accesses. Newer privacy laws have forced a change to a new best practice that is far more transparent.

Be active, not reactive—notify users about your data practices.

Whether your state has a consumer online privacy law or not, we recommend actively notifying users that your website is collecting data. This is usually done with a notification overlay that appears the first time a user hits your site—and it usually requires the user to actively close the notification before proceeding. Most notifications include a link to the privacy page, or at a minimum, note that details on how the site handles data (possibly including opting out of some or all data tracking) is available there.

Additionally, internet browsers are changing constantly. Some changes in the policies of the browser software company and the technology updates that are being implemented have a direct impact on cookies and how they behave—even to the extent of automatically blocking website cookies. This is outside of your users’ control, save for their choice in browser.

Be transparent in your privacy policy

Your site’s privacy policy provides an opportunity to reinforce the trust your users are putting in your system. The key here is transparency; if the user has less doubt about what data is collected and how it’s handled, they’re more likely to continue to engage with your site. Keep your privacy policy up to date when you add scripts or change the way you collect user data. Speak with your digital advertising team about the tracking that’s in place and make sure your policy is appended with technology changes. You likely should have your legal team read through it. Plan to review your policy on a regular basis and update the policy with the date it was reviewed.

The impact on marketing and lead attribution

The digital data revolution provided an incredible way to track user pathways and enable lead attribution—it was like a cheat code tracking where leads came from so marketers could better evaluate the effectiveness of their various advertising efforts. The push for more privacy and user control over data, essentially, means that when a user opts out or a device blocks cookies or other tracking technology, the value of data analytics is less robust.

The new normal for privacy practices

Of course, privacy extends far beyond your website—your CRM (Customer Relationship Management) software should be up to date and provide robust safeguards for people’s data, for example. But ensuring your community website employs modern data safety and transparency practices is the focus for this article.

Protect your site visitors’ data with SSL and regularly update plugins. Be transparent with visitors about the data you collect and how it’s used. Consider adding a required notification to your website about your data processes. And make sure to research applicable privacy laws in your jurisdiction to ensure you don’t open your organization to potential legal impacts. Users will reward you for following good practices and being transparent in what those practices are.