Working as a web designer/developer comes with a significant burden of responsibility. When you sign a contract to develop or update somebody’s business-critical web presence, you’re confronted with a situation where you have enormous potential to abuse or, through irresponsibility, damage that person’s business.
This is something I think about on an almost daily basis, thinking to myself “Have I taken the necessary precautions to make sure that THIS action doesn’t break anything?”
It’s a responsibility that goes far deeper than the relatively superficial issues of whether your design breaks in an 800-pixel wide browser window.
Almost every site I work on, regardless of the specific situation, requires that I be provided with access to business-critical resources. Servers, passwords, usernames, databases, and business strategy information. Being responsible for the protection and control of this information is a critically important area. You need to be prepared to retrieve any piece of information at any time —
I’ve been asked for information as obscure as details about the content of a web site two full versions before I started working on it. Now, this is a situation which probably goes a bit beyond the necessities — this wasn’t data which had ever actually been available to me. Nonetheless, it points out the fact that client’s do not always maintain copies of their own information. You should absolutely take care never to lose anything.
- Don’t overwrite documents without archiving them.
- If you replace a user account, record the information from the previous account.
- If you change hosting situations, record the information from the previous hosting. (Yes, I have needed it.)
- If you have access to a resource, record your access information in a secure manner.
Responsibility for Business Performance
Even if you haven’t taken on a contract which expressly states that you are responsible for the continuing performance of the site, you should consider that to be a significant part of your responsibility. I’ve said before that redesign is not about design — it’s about improvement. Taking care that you aren’t incidentally failing to account for the existing performances of a site is an important part of redevelopment work.
It’s called not fucking up. It’s a simple thing; but it’s commonly missed.
I don’t call this search optimization, but it’s certainly frequently associated with it:
- Using appropriate 301 redirects to make sure traffic follows along to the new pages.
- Using robots.txt to block access to private areas.
- Making certain that important, popular content continues to exist and be accessible in the new site.
- Accommodating for search spiders, to ensure that the website will be at least as crawlable as it was before your development.
Managing Financial Data and Email Accounts
As I manage dozens of websites, I am fully capable of accessing, rerouting, CC’ing myself, or in general abusing the private information of hundreds of people. They don’t always know that I can do this; they don’t always realize just how much power there is in having the ability to manage email accounts.
Knowing that you have all this information, it’s critical to have detailed processes to describe how email is handled; what to do in case of a forgotten password or account information, and guaranteeing your client’s privacy.
- Inform a client if you need to check their email account. Don’t do ANYTHING without permission.
- Maintain your own account on their server, if possible, to test server mail handling, record errors, and handle other critical business.
- Make sure that your client knows exactly what kind of control you have. Whether they understand it or not, they have the right to know. It IS their business.
Responsibility to your Client’s Customers
On rare occasions, I will make the choice to override my client’s preferences. This is when their preference compromises the privacy or security of their own customers. This is not their choice; and any developer should know this critical piece of information: You can be held legally responsible for situations involving your development work. This includes privacy issues, copyright problems — anything where you had the ability to prevent the problem.
I will fight for my preferences when it comes to accessibility issues, search marketing issues, design issues, or the usability of processes. However, when it comes right down to it, in these cases I’ll accept the final decision of my client.
Some things are not acceptable, however:
- Send credit card addresses unencrypted by email from an unsecured server.
- Maintain private user data in an unsecured location on their website.
- Add users to a mailing list without allowing them the option to “opt out.”
Think about it. Would you give just anybody access to your own website?
Joe Dolson; August 18, 2014 at 10:07 am
It depends somewhat on the documents; legal documents can be drawn up that are legally sound without being scary — or they can be written in dense legalese that can leave a potential customer nervous.
Either way, you might want to be considering that a prospective client who’s bothered by a liability release may not be a great client — inclined to point fingers if something goes wrong. But, that’s certainly not an absolute.
Ell; August 16, 2014 at 8:31 pm
I’ve been worried about the legal ramifications and debated having some legal documents drawn up to release me from liability (or limit it anyway), but I’m afraid of scarring costumers. Has anyone gone down that road?
Joe Dolson; August 2, 2011 at 6:32 pm
I can say without doubt that you should have access toyour domain and hosting accounts. You should have the ability at any time to get in and change your information; including to the degree of blocking your designer out of the account. Your web site should be your own property, under your own control.
However, from a legal standpoint, it’s a bit muddier. The specific terms of your contract should specify your rights. Primarily, the rights to the design itself and any code or graphics created for that site are an issue: unless those rights were specifically transferred to your company or the web designer was an actual employee of your company, then the designer has a legal claim to those elements.
So, from a responsibility perspective, you should have all rights — from a legal perspective, it’s not quite that clear.
My suggestion would be that you contact the designer and request access. If they either ignore your request for a significant amount of time or deny it outright, you should consult the specific terms of your contract with the designer and legal counsel to see what your recourse might be. That said, it may be that although they have not actually provided you with that access, they will have absolutely no problems providing it on request.
Pamela; August 2, 2011 at 6:24 pm
Thank you for the insight. I found this entry via a web search for web designer’s responsibilities. The company that I work for just finished a complete re-branding including a new website. We worked with a reputable website designer company and in the end are very satisfied with the results. My question is related to the responsibilities of the web designer and what rights we have to certain information. We have just noticed a bug in Google’s search results, specifically the snippet referencing our old company’s information listed under our new website. Our research revealed a fix via google, however, the designer claims to have no knowledge of this type of issue and wants to charge additional fees to research and remedy the problem. Secondly, the designer, as a part of the process, registered/purchased our domain (included in the fees we paid) and is hosting the site – the designer has not provided us with the details of either of these accounts. Although we have not asked yet, do we have rights to the information for both the domain and hosting accounts?
Alan; March 3, 2011 at 5:27 pm
Thanks for the input. Well at least he hasn’t cashed the final check yet, but he asked for another $60 to make the site live. The contract says “FTP (File Transfer Protocol) upload of site (live),” but he said that he simply assumed that his clients would automatically use his hosting. So sick of dealing with weenies. I had few options after 2 days of failure to upload the site, so I told him to go ahead.
Joe Dolson; March 2, 2011 at 5:48 pm
That is *not* industry standard. To be fair, I’m not sure there is a true ‘industry standard,’ but that’s not it, if there is. Speaking for myself (and also for every web designer or developer I know,) launching the site is part of the process. The project isn’t complete if the web site isn’t launched. I don’t even submit my final bill until after the web site is live.
Alan; March 2, 2011 at 6:51 am
My web desinger won’t publish my website through a hosting company other than his. And I’m having a hell of a time figuring it out. Is it industry standard to not offer help to make the site live?
Andrew; July 27, 2010 at 1:10 am
This has been a big help with an irritating assigment ive had, I was wondering if you could answer my question. How at all have interactive websites changed the work practices, procedures, and decision-making processes of individuals, organisations, and communities?
If you could that would be ‘icing on the cake’ so to speak
Joe Dolson; July 20, 2010 at 10:28 am
@Jack That’s going to depend somewhat on the specifics of the contract between the web designer and the client, but in general a web designer can be held equally liable for copyright infringement as the client. It is not explicitly the designer’s responsibility to ensure that any materials provided to them are free of copyright infringement, but they should absolutely guarantee that any materials they use are either original or appropriate licenses have been obtained. And it is wise, in some cases, to double check the licensing of provided media.
Jack; July 20, 2010 at 3:41 am
I have read through this and this is great information, but what would their responsabilities be towards the use of various forms of media? such as copywrite laws and so forth.
Thanks for the rest of this great information
Taina P. // Sitegrinder; May 8, 2009 at 6:07 am
Thank you for the information in your article. People who are just starting out in the web designing field are going to find this helpful. Most website-making companies actually don’t implement all of the precautions and things that you should do, they’re just focused with the money that you’re giving out to them. companies or designers like those will need to take more effort out of them for them to rise up and become a good web design company.
merlia; November 16, 2007 at 3:56 am
Being as a web designer, always be confident that you could probably do anything that is out there. When you have your first meeting with your client, give a lot of suggestions and be honest about how you feel on certain things. Make sure that your client gets an impression that you know the stuff. Also important there should be a proper planning always to finish up your work quick and easy….
Joe Dolson; November 7, 2007 at 7:29 pm
It’s so true…it’s really pretty remarkable — you’re right, it’s both site owners and designers who frequently fall into that trap. The “quick and easy” is almost always worth the time and effort you put into it. (If you know I mean…)
Boris; November 3, 2007 at 2:45 pm
I am an SEO guy. I am constantly amazed by the web design communities approach to their customers. Many seem to only care about getting the project completed, making money, and moving on. So few take a partnership approach. They just do not seem to care if the service actually benefits the customer.
When I work with a website I take their success very seriously. I start with an initial consultation that covers the good , the bad, and the ugly. My approach is this: If I SEO a site, an bring increased traffic, the site should be ready for those new visitors. So I take the time to point out usability and design issue that go way beyond SEO. Many times it’s as simple as including a call to action at the bottom of the page.
I feel that if the site is inferior and not ready for prime time then why bother with SEO.
I charge a reasonable fee for this consultation. I often end up not working with these sites, because the owners are looking for an easy fix and are not willing to do things the right way. At least they walk away with a clear plan that is designed to bring in traffic that may actually have a chance at turning those visitors into customers.
I wish more people in the design an SEO industry would be more ethical. I want my customers to have the best possible chance to succeed. If they succeed then I will because they will tell others.
It just blows me away how so few seem to take this approach.
Joe Dolson; November 1, 2007 at 10:14 am
Borrowing “bits” will usually keep you safe. Fair use does apply — small portions of a larger work are something where you’re likely to be OK. Still, you’ve got to be careful…
And clients sometimes just don’t KNOW where their media elements came from!
The biggest security risk is somebody with all the access and none of the understanding of the risks; that’s definitely where this “education” thing really needs to come into play!
Mike Cherim; November 1, 2007 at 12:50 am
Good post Joe. I, too, think about these things. Security is a biggie for me. I try my best to keep their stuff secure. When I set up a blog, for example, I activate a back-up plugin, harden it two ways immediately because it needs it, and then I teach them how to use it recommending they do so after every post. Ditto with email security, and any other possible content printed or collected data.
Regarding site WWW performance, I give them the tools and teach them how to use them, and then I also make sure to inform them that success doesn’t happen like magic and that they must promote their site, and provide quality, on-going content. That’s a big reason why I like delivering WordPress… it helps me make what they need to do possible and simple.
I do take responsibility for all else. Redirects, error pages, accessibility, robots… they get it all. I’m not a corner cutter. I would never touch their data or visitor data. Once they site is theirs it’s in their hands and I am gone; unless I am hosting, maintaining, or both, then I go to great lengths to ensure they are safe and sound on an on-going basis, and that everyone’s privacy is always protected.
It’s good to know about the legal side. It’s not something I have to worry about, though it makes me think I should insist clients buy/supply imagery used in backgrounds and site decorations. I make a lot, but I do borrow bits at times, only bits mind you, but I’d rather not have to do that at all.