Website Legal Checklist 2009
2009 Resolution -- Give Your Site a 10 Point Legal Check-Up
It's early in the year, and it's time to fulfill your resolution
to give your site a quick legal check-up.
Online businesses are now highly regulated, and there's substantial
liability if you site's not legally compliant. In addition, your
customers are becoming more Internet savvy, and a site that's not
legally compliant is not going to be trusted. So, let's get started.
Use This Checklist If You Already Have The Basic Site Documents
- Copyright Notice. Check Your Copyright Notice.
Your copyright notice consists of the following elements: the
word "copyright" or copyright symbol (c in a circle)
followed by the year of first publication followed by the name
of the copyright owner. It's also a good idea to add "All
rights reserved worldwide". Example: Copyright 1996-09 Digital
Contracts, Inc. All rights reserved worldwide. Note that if you
update your site from time to time, you should add a date range
reflecting the fact that the site has been updated each year within
the date range. If you haven't updated yet for 2009, do it now.
- Blogs, etc. Have you recently added a blog
or any other functionality that permits visitors to post text
or digital files to your site? Or, do you plan to do so as part
of your marketing plans for 2009? If so, you need to have a DMCA
form with the U.S. Copyright Office. These steps will create a
"safe harbor" from strict liability for copyright infringement
if a site visitor posts infringing material to your site.
- Personal Information. Do you collect personal
to make sure that you identify all of the categories of personal
information you collect and the way in which you share this personal
information. If you've changed these policies since you posted
- Data Security. Check your data security measures.
If you collect personal information, you are required to implement
"reasonable and appropriate" data security measures.
These measures are essentially moving targets since data security
technology evolves at a relatively rapid pace. What may have been
"reasonable and appropriate" a couple of years ago may
not pass muster today. Update your security procedures, if necessary.
- Future Sale of Your Business. If your online
business is starting to be successful and generate positive revenue,
have you ever considered that you might want to sell it for a
specifies that personal information collected may be transferred
and shared in the event of a sale. If you don't do this prior
to collecting personal information, you won't be able to pass
it on to your purchaser. The Federal Trade Commission (FTC) stipulated
in recent settlements that personal information collected prior
in the event of a sale. And this personal information (your opt-in
lists and customer lists) are the real value of your online business.
- Service Providers. Do you use service providers
to provide hosting, site maintenance, SEO services, or other site
functions where they have access to your server? If you don't
collect personal information, your answer to this question is
immaterial, but if you do (and only an email address will suffice),
you need to enter into privacy and security agreements with your
service providers. The FTC stipulated in a couple of recent settlements
that you would be liable if you don't.
- Registration Agreement. Does your site require
site visitors to register for certain benefits such as a membership
or subscription rights? If so, you need an electronic agreement
(a so-called "click-wrapped" agreement where the user
clicks on "I ACCPET"). Your agreement should be presented
conspicuously in the registration process and it should require
an affirmative act (clicking on "I ACCEPT") to complete
the registration. You also need to be sure that all of your warranty
disclaimers and limitations of liability pass muster.
- Collect Birth Dates? Do you collect the date
of birth as part of your registration process? If so, and if this
date indicates that children under 13 are registering, you will
be liable for substantial damages under the Children's Online
Privacy Protection Act (COPPA) if you do not comply with COPPA's
stringent requirements. You should either modify your information
collection practices or comply with COPPA, or both.
- Creditor Under FACTA? Do your registered users
make periodic payments payable as monthly or quarterly installments,
or do you extend credit so that payment is made after receipt
of the product or service? If so, you fall within the statutory
requirements of the Fair and Accurate Credit Transactions Act
of 2003 (FACTA). FACTA requires that you adopt a "Red Flag"
Identity Theft Policy before May 1, 2009, or face substantial
- Sales Intermediaries? Do you use affiliates or resellers?
If so, a recent New York case illustrates that you may be liable
for their actions if they violate certain laws acting on your
behalf. For example, are your affiliates engaged in illegal spamming
activities? If they are offering their own end user license agreements,
do they properly disclose certain activities such as the use of
pop up ads? You should check your affiliate and reseller agreements
and modify them, if required.
Use This Checklist If You Don't Have Your Site Documents In Place
You may be just starting your online business, or you may have
procrastinated a little with your website legal compliance. If you
fall into this group, you should get started without delay. I've
developed a procedure that will help you determine the correct mix
of legal compliance documents for your site. Part of it is set out
First, if your site does not collect personal information, you
should consider these documents:
- A Legal page for your intellectual property notices; and
- And if you allow site visitors to post text or digital files
to your site (for example via a blog, forum, or chat room), you'll
need a DMCA Registration Form (see No. 2 above).
Second, if your site collects personal information, but does not
require registration to open an account or to use or purchase a
product or service, you should consider these additional documents:
- And if you have service providers that have possession of your
server or have access rights to it, you'll need a privacy-security
agreement for these service providers (see No. 6 above).
Third, if your site requires registration to open an account or
to use or purchase a product or service, you should consider in
addition to the foregoing documents, a customer agreement such as:
- A software as a service (SaaS) agreement; and
- A Software License Agreement (for software downloads)
- And if you are regulated by FACTA (see No. 9 above), you'll
need a Red Flag Identity Theft Policy -- before May 1, 2009.
The checklists provided above are not exhaustive. However, they
should point you in the right direction as you give your site a
new year's legal compliance check-up.
A simple check-up -- and remedial action if necessary -- is one
of the best investments you can make in your online business.
Copyright © 2008 Chip Cooper
This article is provided for educational and informative purposes
only. This information does not constitute legal advice, and should
not be construed as such.
Back To Top
Please note that these articles about Copyright are informational only. Please
consult your legal advisor.