By Chip Cooper (c) 2009
It's early in the year, and it's time to fulfill your resolution to give your site a quick legal check-up.
Online businesses are now highly regulated, and there's substantial liability if your site's not legally compliant. In addition, your customers are becoming more Internet savvy, and a site that's not legally compliant is not going to be trusted.
So, let's get started.
Use This Checklist If You Already Have The Basic Site Documents In Place
1. Copyright Notice. Check Your Copyright Notice. Your copyright notice consists of the following elements: the word "copyright" or copyright symbol (c in a circle) followed by the year of first publication followed by the name of the copyright owner. It's also a good idea to add "All rights reserved worldwide". Example: Copyright 1996-09 Digital Contracts, Inc. All rights reserved worldwide. Note that if you update your site from time to time, you should add a date range reflecting the fact that the site has been updated each year within the date range. If you haven't updated yet for 2009, do it now.
4. Data Security. Check your data security measures. If you collect personal information, you are required to implement "reasonable and appropriate" data security measures. These measures are essentially moving targets since data security technology evolves at a relatively rapid pace. What may have been "reasonable and appropriate" a couple of years ago may not pass muster today. Update your security procedures, if necessary.
6. Service Providers. Do you use service providers to provide hosting, site maintenance, SEO services, or other site functions where they have access to your server? If you don't collect personal information, your answer to this question is immaterial, but if you do (and only an email address will suffice), you need to enter into privacy and security agreements with your service providers. The FTC stipulated in a couple of recent settlements that you would be liable if you don't.
7. Registration Agreement. Does your site require site visitors to register for certain benefits such as a membership or subscription rights? If so, you need an electronic agreement (a so-called "click-wrapped" agreement where the user clicks on "I ACCEPT"). Your agreement should be presented conspicuously in the registration process and it should require an affirmative act (clicking on "I ACCEPT") to complete the registration. You also need to be sure that all of your warranty disclaimers and limitations of liability pass muster.
8. Collect Birth Dates? Do you collect the date of birth as part of your registration process? If so, and if this date indicates that children under 13 are registering, you will be liable for substantial damages under the Children's Online Privacy Protection Act (COPPA) if you do not comply with COPPA's stringent requirements. You should either modify your information collection practices or comply with COPPA, or both.
9. Creditor Under FACTA? Do your registered users make periodic payments payable as monthly or quarterly installments, or do you extend credít so that payment is made after receipt of the product or service? If so, you fall within the statutory requirements of the Fair and Accurate Credít Transactions Act of 2003 (FACTA). FACTA requires that you adopt a "Red Flag" Identity Theft Policy before May 1, 2009, or face substantial liability.
10. Sales Intermediaries? Do you use affiliates or resellers? If so, a recent New York case illustrates that you may be liable for their actions if they violate certain laws acting on your behalf. For example, are your affiliates engaged in illegal spamming activities? If they are offering their own end user license agreements, do they properly disclose certain activities such as the use of pop up ads? You should check your affiliate and reseller agreements and modify them, if required.
Use This Checklist If You Don't Have Your Site Documents In Place
You may be just starting your online business, or you may have procrastinated a little with your website legal compliance. If you fall into this group, you should get started without delay.
I've developed a procedure that will help you determine the correct mix of legal compliance documents for your site. Part of it is set out below.
First, if your site does not collect personal information, you should consider these documents:
- a Legal page for your intellectual property notices; and
- And if you allow site visitors to post text or digital files to your site (for example via a blog, forum, or chat room), you'll need a DMCA Registration Form (see No. 2 above).
Second, if your site collects personal information, but does not require registration to open an account or to use or purchase a product or service, you should consider these additional documents:
- And if you have service providers that have possession of your server or have access rights to it, you'll need a privacy-security agreement for these service providers (see No. 6 above).
Third, if your site requires registration to open an account or to use or purchase a product or service, you should consider in addition to the foregoing documents, a customer agreement such as:
- a software as a service (SaaS) agreement; and/or
- a Software License Agreement (for software downloads).
- And if you are regulated by FACTA (see No. 9 above), you'll need a Red Flag Identity Theft Policy -- before the May 1, 2009 deadline.
The checklists provided above are not exhaustive. However, they should point you in the right direction as you give your site a new year's legal compliance check-up.
A simple check-up -- and remedial action if necessary -- is one of the best investments you can make in your online business.
About The Author