Call us on:
01392 349 580

2009 Resolution — Give Your Site a 10-Point Legal Check-Up

It’s early in the year, and it’s time to fulfill your resolution to give your site a quick legal check-up.

Online businesses are now highly regulated, and there’s substantial liability if your site’s not legally compliant. In addition, your customers are becoming more Internet savvy, and a site that’s not legally compliant is not going to be trusted.

So, let’s get started.

Use This Checklist If You Already Have The Basic Site Documents In Place

1. Copyright Notice. Check Your Copyright Notice. Your copyright notice consists of the following elements: the word “copyright” or copyright symbol (c in a circle) followed by the year of first publication followed by the name of the copyright owner. It’s also a good idea to add “All rights reserved worldwide”. Example: Copyright 1996-09 Digital Contracts, Inc. All rights reserved worldwide. Note that if you update your site from time to time, you should add a date range reflecting the fact that the site has been updated each year within the date range. If you haven’t updated yet for 2009, do it now.

2. Blogs, etc. Have you recently added a blog or any other functionality that permits visitors to post text or digital files to your site? Or, do you plan to do so as part of your marketing plans for 2009? If so, you need to have a DMCA notice in your Terms of Use and you also need to file a DMCA Registration form with the U.S. Copyright Office. These steps will create a “safe harbor” from strict liability for copyright infringement if a site visitor posts infringing material to your site.

3. Personal Information. Do you collect personal information from site visitors? If so, review your Privacy Policy to make sure that you identify all of the categories of personal information you collect and the way in which you share this personal information. If you’ve changed these policies since you posted your Privacy Policy, amend it now… without delay.

4. Data Security. Check your data security measures. If you collect personal information, you are required to implement “reasonable and appropriate” data security measures. These measures are essentially moving targets since data security technology evolves at a relatively rapid pace. What may have been “reasonable and appropriate” a couple of years ago may not pass muster today. Update your security procedures, if necessary.

5. Future Sale of Your Business? If your online business is starting to be successful and generate positive revenue, have you ever considered that you might want to sell it for a profit in the future? If so, be sure that your Privacy Policy specifies that personal information collected may be transferred and shared in the event of a sale. If you don’t do this prior to collecting personal information, you won’t be able to pass it on to your purchaser. The Federal Trade Commission (FTC) stipulated in recent settlements that personal information collected prior to posting this notice in your Privacy Policy will not be transferable in the event of a sale. And this personal information (your opt-in lists and customer lists) are the real value of your online business.

6. Service Providers. Do you use service providers to provide hosting, site maintenance, SEO services, or other site functions where they have access to your server? If you don’t collect personal information, your answer to this question is immaterial, but if you do (and only an email address will suffice), you need to enter into privacy and security agreements with your service providers. The FTC stipulated in a couple of recent settlements that you would be liable if you don’t.

7. Registration Agreement. Does your site require site visitors to register for certain benefits such as a membership or subscription rights? If so, you need an electronic agreement (a so-called “click-wrapped” agreement where the user clicks on “I ACCEPT”). Your agreement should be presented conspicuously in the registration process and it should require an affirmative act (clicking on “I ACCEPT”) to complete the registration. You also need to be sure that all of your warranty disclaimers and limitations of liability pass muster.

8. Collect Birth Dates? Do you collect the date of birth as part of your registration process? If so, and if this date indicates that children under 13 are registering, you will be liable for substantial damages under the Children’s Online Privacy Protection Act (COPPA) if you do not comply with COPPA’s stringent requirements. You should either modify your information collection practices or comply with COPPA, or both.

9. Creditor Under FACTA? Do your registered users make periodic payments payable as monthly or quarterly installments, or do you extend credít so that payment is made after receipt of the product or service? If so, you fall within the statutory requirements of the Fair and Accurate Credít Transactions Act of 2003 (FACTA). FACTA requires that you adopt a “Red Flag” Identity Theft Policy before May 1, 2009, or face substantial liability.

10. Sales Intermediaries? Do you use affiliates or resellers? If so, a recent New York case illustrates that you may be liable for their actions if they violate certain laws acting on your behalf. For example, are your affiliates engaged in illegal spamming activities? If they are offering their own end user license agreements, do they properly disclose certain activities such as the use of pop up ads? You should check your affiliate and reseller agreements and modify them, if required.

Use This Checklist If You Don’t Have Your Site Documents In Place

You may be just starting your online business, or you may have procrastinated a little with your website legal compliance. If you fall into this group, you should get started without delay.

I’ve developed a procedure that will help you determine the correct mix of legal compliance documents for your site. Part of it is set out below.

First, if your site does not collect personal information, you should consider these documents:

a Legal page for your intellectual property notices; and

Terms of Use.

And if you allow site visitors to post text or digital files to your site (for example via a blog, forum, or chat room), you’ll need a DMCA Registration Form (see No. 2 above).

Second, if your site collects personal information, but does not require registration to open an account or to use or purchase a product or service, you should consider these additional documents:

Privacy Policy.

And if you have service providers that have possession of your server or have access rights to it, you’ll need a privacy-security agreement for these service providers (see No. 6 above).
Third, if your site requires registration to open an account or to use or purchase a product or service, you should consider in addition to the foregoing documents, a customer agreement such as:

a software as a service (SaaS) agreement; and/or

a Software License Agreement (for software downloads).

And if you are regulated by FACTA (see No. 9 above), you’ll need a Red Flag Identity Theft Policy — before the May 1, 2009 deadline.
Conclusion

The checklists provided above are not exhaustive. However, they should point you in the right direction as you give your site a new year’s legal compliance check-up.

A simple check-up — and remedial action if necessary — is one of the best investments you can make in your online business.

About The Author
Chip Cooper is a leading intellectual property, software, and Internet attorney who’s advised software and online businesses nationwide for 25+ years. Visit Chip’s DigiContracts.com site and download his FREE newsletter and Special Reports: “Determine Which Legal Documents Your Website Really Needs”, “Draft Your Own Privacy Policy”, and “Write Your Own Website Marketing Copy — Legally”.