Website management, content creation and editing are decentralised at most universities and colleges, which complicates website risk management.
Content and site configuration choices can create risk exposures: some minor, others potentially more serious. Minor risks might include reputational ‘harm’ from poor site navigation, while failure to make sites accessible, follow data collection regulations or (in the UK) provide accurate programme information might result in legal action.
Managing or mitigating potential exposures relies on gathering current and comprehensive site content and configuration data to identify and analyse risks. You don’t know the risks until and unless you look. Visitors potentially see or experience them every visit, but they don’t tell you about them.
In this post, we discuss a specific example of a content element that may cause minor reputational harm by being ‘incorrectly’ implemented. Many higher education websites’ page footers contain the following text: © DATE, NAME OF INSTITUTION.
We carried out an automated check of 4,557 higher education website home pages, for institutions in six countries, to record current copyright text practice and to gather the data to assess this content element’s risks. We chose to audit a set of home pages rather than a specific site or all the sites at a higher education institution as the results are more widely applicable.
The same exercise conducted across an institution’s sub- or micro-sites within its overall web estate would likely produce a higher ‘error’ rate than seen in our results, as main site home pages receive disproportionately more attention than other pages.
Our website copyright text review results divide into four clusters, as follows:
- About 1 in 5 of the websites do not place copyright text on the main website home page – spot checks suggests this result is more likely with recently re-designed sites. Sites without copyright text typically include a detailed copyright statement with the site’s set of privacy and disclosure notices.
Risk factors – inaccurate or out-of-date page-level copyright text may invalidate or weaken copyright protection. A legal determination can only take place based on reliable data about current practice.
Risk mitigation – Removing copyright text from each page footer and using a single statement, drafted by legal experts, simplifies content maintenance, potentially leading to more accurate information for site visitors.
- A further 20% of sites use copyright text, but do not date it.
Risk factors – inaccurate page-level copyright text may also invalidate or weaken copyright protection, but in this case the text can’t be ‘out-of-date’. Nevertheless, it is prudent to check that the text actually appears on every page. Local legal expertise will determine whether this approach provides appropriate rights protection.
Risk mitigation – Dropping the date element simplifies content updates and results in accurate site information for visitors.
- A bulk of sites – 44% - use a copyright text formulation of: © YYYY NAME OF INSTITUTION with YYYY representing the current year.
Risk factors – Examining the copyright text's HTML shows the majority of sites hard code the date, rather than deriving it from a system date. This approach requires annual updates, which may or may not happen on time.
Risk mitigation – Eliminating manual date element updates simplifies content maintenance giving more accurate site information.
- The balance of sites – 16% or about 1 in 6 - use the typical copyright text formulation, but have neglected to keep the date current. We found examples dating back to 2008.
Risk factors – Out-of-date copyright text suggests that page content is not regularly updated, which is likely to be inconsistent with an institution’s reputational aspirations. Moreover, using a non-current date may also negatively impact the level of rights protection.
Risk mitigation – Eliminating manual updates simplifies content maintenance, suggests that all content is current and ensures visitors are confident they are receiving accurate and timely information.
The following table summarises the results of our review. The data for Ireland includes universities and technical institutions.
|No © Text||Undated © Text||Dated © 2017||Dated © 2016||Dated © 2015||Dated © 2014||Dated © 2013||Dated © 2012||Total No. Of Sites|
TABLE 1: Survey of 4,557 higher education websites and their use of copyright text on main website home pages. Data gathered 6-7 July 2017
We selected copyright text for this exercise, as it’s a tedious content element to verify it across large websites or all the websites in an institution’s web estate. And, that’s the point. Content needs regular verification to ensure it conforms to institutional standards, is compliant with relevant policies and is not a risk exposure.
From this specific example, we can generalise content-related risk exposures as falling into three main categories:
- Content Quality – issues related to branding, editorial standards, content updates and quality
- Privacy – issues related to using cookies and third-party add-in services or “tags”
- Visitor Experience – issues resulting from website accessibility, usability, design and information architecture
As our exercise shows, you can’t understand potential risk exposures without an audit, as audits generate data essential to identifying and evaluating risk exposures for further action.