The web designer’s role in protecting the client’s data privacy and upholding Internet security

We say “it’s a crazy time to be a web designer.” You say “nope, it’s a great time to be a web designer.” None of these statements are wrong actually: It’s a great time to be a web designer because web designers are wanted (the good kind of wanted) in every corner of the earth, the internet couldn’t possibly be more alive than it is right now. But life does have its ups and down: it’s also a crazy time to be a web designer because the internet is rife with different shades of internet security concerns and issues concerning breaches of user data privacy. And somewhere in the eye of the storm is the web designer. 

With the increasing rate personal information is exchanged over the internet, organisations have to be extra careful with how they handle that data. The problem is building websites for security does not necessarily mean designing usable, personalised websites. The challenge for web designers and developers then becomes determining the best way to obtain enough personal data in order to create a sufficiently personal experience with a web design that also adequately protects the user.

What the eye of the storm looks like

Whether it is hackers bringing down their sledgehammer of new and improved malware strains or different groups taking data mining to a whole other level to advance the course of their political campaign, web designers and developers sometimes have to feel the full weight if something serious goes wrong with a website.

In 2015, Alpine Bank was breached and who was blamed for it? The web developer. The court held the developer accountable for over $150,000 in damages, insisting that the developer did not encrypt customer information, install critical software patches, install basic anti-malware software, or maintain the website. And that is just one case. In another instance, an Australian web development and hosting company had no choice but to liquidate their entire business because the organisation had been held responsible for more than $100,000 in damages from cyberattacks and had to pay for software to protect its customers as well as itself. Eventually, they were not able to recover the costs and the developer had to refer clients to other providers. So you see, it IS a crazy time to be a web designer/developer. Security lapses can’t be traced to the registrar and web host alone anymore.

What designers and developers can and should do

Protect users with the privacy by design framework: The PbD or Privacy by Design framework as Heather Burns explains, will become required when the EU has concluded its data protection overhaul. The framework goes way beyond legal compliance and should be taken seriously by all web designers and developers, no matter what part of the world they are in and especially if they serve customers in the EU. The complex data mining operation by British company, Cambridge Analytica, to compile as many as 5,000 pieces of information on every American adult for Donald Trump’s presidential campaign is a glaring example of what developers are faced with.

By sticking to a privacy-first, best-practice framework like PbD, developers will be able to protect the user’s privacy and dignity from such uncanny elements. Adopting the Pbd framework means developers will anticipate, manage, and prevent any issues regarding privacy before they ever write any code. The PbD philosophy posits that the best way to deal with privacy risks is to not put them there at all. The framework was first defined in Canada in the nineties where it was devised to take care of the common practice of developers implementing privacy fixes only after a project had been completed. Essentially, if PbD had a mantra, our guess is it would be “prevention is better than cure.” Imagine how much developers would be able to reduce the stress of dealing with privacy issues if they simply take action before any problems arise.

Never sacrifice privacy for personalisation: Personalisation is all the rave as it helps businesses serve consumers better using their websites, but it does come at a cost. To create a truly personalised design, a developer needs to obtain personal data from users, which is then used to provide them a more tailored experience. While the goal is to retrieve as much personal data as possible without affecting website security, when it comes down to making a choice between user privacy and personalisation, very kindly push the privacy button. The more data a company obtains, the more data they have to keep safe with a secure website, meaning extra vigilance is compulsory.

Web designers must collaborate with web developers: Web designers and developers must be able to work together when building a website, with the primary goal being a secure website for users. There is no denying that personal data is needed if a website is expected to function optimally and provide maximal user experience. However, the designer and developer have to address questions such as the kind of data that must be collected and how it will be retrieved, as well as how it is going to be used and protected. It is only with this kind of collaboration that the best result can be achieved — one based on how the website is expected to look and work, as well as the requirements for managing and securing users’ personal data.

Pay super attention to the front-end: The last thing any company wants to deal with is a cross-site scripting vulnerability (XSS) that forces it to shut down its service. Web designers have to pay particular attention to protecting against client XSS, and should be extra careful with Iframes, CORS, and cookies, as well as HTML5 elements and API’s as these are known to be rife with vulnerabilities.   Web designers are, now more than ever, required to be security conscious and really have no other choice but to live up to expectations.