Working as a web designer/developer comes with a significant burden of responsibility. When you sign a contract to develop or update somebody’s business-critical web presence, you’re confronted with a situation where you have enormous potential to abuse or, through irresponsibility, damage that person’s business.
This is something I think about on an almost daily basis, thinking to myself “Have I taken the necessary precautions to make sure that THIS action doesn’t break anything?”
It’s a responsibility that goes far deeper than the relatively superficial issues of whether your design breaks in an 800-pixel wide browser window.
Private Data
Almost every site I work on, regardless of the specific situation, requires that I be provided with access to business-critical resources. Servers, passwords, usernames, databases, and business strategy information. Being responsible for the protection and control of this information is a critically important area. You need to be prepared to retrieve any piece of information at any time — -
I’ve been asked for information as obscure as details about the content of a web site two full versions before I started working on it. Now, this is a situation which probably goes a bit beyond the necessities — - this wasn’t data which had ever actually been available to me. Nonetheless, it points out the fact that client’s do not always maintain copies of their own information. You should absolutely take care never to lose anything.
- Don’t overwrite documents without archiving them.
- If you replace a user account, record the information from the previous account.
- If you change hosting situations, record the information from the previous hosting. (Yes, I have needed it.)
- If you have access to a resource, record your access information in a secure manner.
Responsibility for Business Performance
Even if you haven’t taken on a contract which expressly states that you are responsible for the continuing performance of the site, you should consider that to be a significant part of your responsibility. I’ve said before that redesign is not about design — - it’s about improvement. Taking care that you aren’t incidentally failing to account for the existing performances of a site is an important part of redevelopment work.
It’s called not fucking up. It’s a simple thing; but it’s commonly missed.
I don’t call this search optimization, but it’s certainly frequently associated with it:
- Using appropriate 301 redirects to make sure traffic follows along to the new pages.
- Using robots.txt to block access to private areas.
- Making certain that important, popular content continues to exist and be accessible in the new site.
- Accommodating for search spiders, to ensure that the website will be at least as crawlable as it was before your development.
Managing Financial Data and Email Accounts
As I manage dozens of websites, I am fully capable of accessing, rerouting, CC’ing myself, or in general abusing the private information of hundreds of people. They don’t always know that I can do this; they don’t always realize just how much power there is in having the ability to manage email accounts.
Knowing that you have all this information, it’s critical to have detailed processes to describe how email is handled; what to do in case of a forgotten password or account information, and guaranteeing your client’s privacy.
- Inform a client if you need to check their email account. Don’t do ANYTHING without permission.
- Maintain your own account on their server, if possible, to test server mail handling, record errors, and handle other critical business.
- Make sure that your client knows exactly what kind of control you have. Whether they understand it or not, they have the right to know. It IS their business.
Responsibility to your Client’s Customers
On rare occasions, I will make the choice to override my client’s preferences. This is when their preference compromises the privacy or security of their own customers. This is not their choice; and any developer should know this critical piece of information: You can be held legally responsible for situations involving your development work. This includes privacy issues, copyright problems — - anything where you had the ability to prevent the problem.
I will fight for my preferences when it comes to accessibility issues, search marketing issues, design issues, or the usability of processes. However, when it comes right down to it, in these cases I’ll accept the final decision of my client.
Some things are not acceptable, however:
- Send credit card addresses unencrypted by email from an unsecured server.
- Maintain private user data in an unsecured location on their website.
- Add users to a mailing list without allowing them the option to “opt out.”
Think about it. Would you give just anybody access to your own website?
Good post Joe. I, too, think about these things. Security is a biggie for me. I try my best to keep their stuff secure. When I set up a blog, for example, I activate a back-up plugin, harden it two ways immediately because it needs it, and then I teach them how to use it recommending they do so after every post. Ditto with email security, and any other possible content printed or collected data.
Regarding site WWW performance, I give them the tools and teach them how to use them, and then I also make sure to inform them that success doesn’t happen like magic and that they must promote their site, and provide quality, on-going content. That’s a big reason why I like delivering WordPress… it helps me make what they need to do possible and simple.
I do take responsibility for all else. Redirects, error pages, accessibility, robots… they get it all. I’m not a corner cutter. I would never touch their data or visitor data. Once they site is theirs it’s in their hands and I am gone; unless I am hosting, maintaining, or both, then I go to great lengths to ensure they are safe and sound on an on-going basis, and that everyone’s privacy is always protected.
It’s good to know about the legal side. It’s not something I have to worry about, though it makes me think I should insist clients buy/supply imagery used in backgrounds and site decorations. I make a lot, but I do borrow bits at times, only bits mind you, but I’d rather not have to do that at all.
Comment by Mike Cherim (101 comments.) — November 1, 2007 @ 12:50 am
Borrowing “bits” will usually keep you safe. Fair use does apply — - small portions of a larger work are something where you’re likely to be OK. Still, you’ve got to be careful…
And clients sometimes just don’t KNOW where their media elements came from!
The biggest security risk is somebody with all the access and none of the understanding of the risks; that’s definitely where this “education” thing really needs to come into play!
Thanks, Mike
Comment by Joe Dolson (377 comments.) — November 1, 2007 @ 10:14 am
I am an SEO guy. I am constantly amazed by the web design communities approach to their customers. Many seem to only care about getting the project completed, making money, and moving on. So few take a partnership approach. They just do not seem to care if the service actually benefits the customer.
When I work with a website I take their success very seriously. I start with an initial consultation that covers the good , the bad, and the ugly. My approach is this: If I SEO a site, an bring increased traffic, the site should be ready for those new visitors. So I take the time to point out usability and design issue that go way beyond SEO. Many times it’s as simple as including a call to action at the bottom of the page.
I feel that if the site is inferior and not ready for prime time then why bother with SEO.
I charge a reasonable fee for this consultation. I often end up not working with these sites, because the owners are looking for an easy fix and are not willing to do things the right way. At least they walk away with a clear plan that is designed to bring in traffic that may actually have a chance at turning those visitors into customers.
I wish more people in the design an SEO industry would be more ethical. I want my customers to have the best possible chance to succeed. If they succeed then I will because they will tell others.
It just blows me away how so few seem to take this approach.
Comment by Boris (1 comments.) — November 3, 2007 @ 2:45 pm
It’s so true…it’s really pretty remarkable — - you’re right, it’s both site owners and designers who frequently fall into that trap. The “quick and easy” is almost always worth the time and effort you put into it. (If you know I mean…)
Comment by Joe Dolson (377 comments.) — November 7, 2007 @ 7:29 pm
Being as a web designer, always be confident that you could probably do anything that is out there. When you have your first meeting with your client, give a lot of suggestions and be honest about how you feel on certain things. Make sure that your client gets an impression that you know the stuff. Also important there should be a proper planning always to finish up your work quick and easy….
Comment by merlia (1 comments.) — November 16, 2007 @ 3:56 am