Working as a web designer/developer comes with a significant burden of responsibility. When you sign a contract to develop or update somebody’s business-critical web presence, you’re confronted with a situation where you have enormous potential to abuse or, through irresponsibility, damage that person’s business.
This is something I think about on an almost daily basis, thinking to myself “Have I taken the necessary precautions to make sure that THIS action doesn’t break anything?”
It’s a responsibility that goes far deeper than the relatively superficial issues of whether your design breaks in an 800-pixel wide browser window.
Almost every site I work on, regardless of the specific situation, requires that I be provided with access to business-critical resources. Servers, passwords, usernames, databases, and business strategy information. Being responsible for the protection and control of this information is a critically important area. You need to be prepared to retrieve any piece of information at any time —
I’ve been asked for information as obscure as details about the content of a web site two full versions before I started working on it. Now, this is a situation which probably goes a bit beyond the necessities — this wasn’t data which had ever actually been available to me. Nonetheless, it points out the fact that client’s do not always maintain copies of their own information. You should absolutely take care never to lose anything.
- Don’t overwrite documents without archiving them.
- If you replace a user account, record the information from the previous account.
- If you change hosting situations, record the information from the previous hosting. (Yes, I have needed it.)
- If you have access to a resource, record your access information in a secure manner.
Responsibility for Business Performance
Even if you haven’t taken on a contract which expressly states that you are responsible for the continuing performance of the site, you should consider that to be a significant part of your responsibility. I’ve said before that redesign is not about design — it’s about improvement. Taking care that you aren’t incidentally failing to account for the existing performances of a site is an important part of redevelopment work.
It’s called not fucking up. It’s a simple thing; but it’s commonly missed.
I don’t call this search optimization, but it’s certainly frequently associated with it:
- Using appropriate 301 redirects to make sure traffic follows along to the new pages.
- Using robots.txt to block access to private areas.
- Making certain that important, popular content continues to exist and be accessible in the new site.
- Accommodating for search spiders, to ensure that the website will be at least as crawlable as it was before your development.
Managing Financial Data and Email Accounts
As I manage dozens of websites, I am fully capable of accessing, rerouting, CC’ing myself, or in general abusing the private information of hundreds of people. They don’t always know that I can do this; they don’t always realize just how much power there is in having the ability to manage email accounts.
Knowing that you have all this information, it’s critical to have detailed processes to describe how email is handled; what to do in case of a forgotten password or account information, and guaranteeing your client’s privacy.
- Inform a client if you need to check their email account. Don’t do ANYTHING without permission.
- Maintain your own account on their server, if possible, to test server mail handling, record errors, and handle other critical business.
- Make sure that your client knows exactly what kind of control you have. Whether they understand it or not, they have the right to know. It IS their business.
Responsibility to your Client’s Customers
On rare occasions, I will make the choice to override my client’s preferences. This is when their preference compromises the privacy or security of their own customers. This is not their choice; and any developer should know this critical piece of information: You can be held legally responsible for situations involving your development work. This includes privacy issues, copyright problems — anything where you had the ability to prevent the problem.
I will fight for my preferences when it comes to accessibility issues, search marketing issues, design issues, or the usability of processes. However, when it comes right down to it, in these cases I’ll accept the final decision of my client.
Some things are not acceptable, however:
- Send credit card addresses unencrypted by email from an unsecured server.
- Maintain private user data in an unsecured location on their website.
- Add users to a mailing list without allowing them the option to “opt out.”
Think about it. Would you give just anybody access to your own website?