Site   Web

July 15, 2009

16 Things Every Website Absolutely, Positively Needs To Know About Website Legal Compliance

I talk to a lot of owners of small websites — entrepreneurs getting started with new businesses or re-doing existing sites on the Web — and most of them have a profound lack of understanding regarding the scope of legal regulation they face.

What’s worse, most don’t have any idea of their exposure to legal liability.

Why Aren’t Website Owners Aware of Website Legal Compliance Requirements?

I believe the lack of awareness and understanding is due to several factors:

  • most small website owners don’t have an Internet attorney; most don’t even feel the need for one, and the ones who do, don’t know how to find one they can trust;
  • most website developers don’t inform their clients of the need for website legal compliance;
  • website regulation developed without fanfare; to date, there is no federal privacy statute of general application that would have been highly publicized at the time of passage;
  • privacy and data security regulation has developed in piecemeal fashion in the form of state statutes (with California leading the way); federal jurisdiction was not created by any Internet-specific statute – the Federal Trade Commission (FTC) assumed jurisdiction for enforcement of privacy and data security violations by claiming jurisdiction (successfully) resulting from its authority to regulate false and misleading claims under Section 5 of the FTC Act; and
  • despite press releases by the FTC regarding claims filed against websites, the message is just not getting through to entrepreneurs; for example, in the last 3 years, the FTC has settled with fourteen businesses over inadequate data security for personal information with substantial fines levied in some cases, and the FTC’s aggressive enforcement has continued into 2009 with two new actions filed in the first two months of 2009.

So, given the factors listed above, it’s understandable why most entrepreneurial website owners aren’t aware of the need for website legal compliance. However, website owners won’t be able to plead ignorance. The cliche you’ve heard before is true – “ignorance is no excuse”.

16 High Risk Activities That Indicate The Need For Website Legal Compliance

There are certain website activities that are now very high risk – and indicate the need for legal compliance measures. They include:

  1. collection of any single element of personal information; for example, if you collect merely an email address for a sign-up form for product information, a newsletter, or a downloadable report, you have entered an area that is highly regulated – and which presents a very significant exposure to legal liability;
  2. collection of credit card information;
  3. failure to operate a secure server that stores personal information;
  4. failure to identify and assess internal and external risks to the security of personal information;
  5. failure to monitor the effectiveness of security of personal information and update security measures as indicated by changes in website operations;
  6. offering monthly subscription or membership payment models, or any payment scheme where payment is made over time after the delivery of the product or service;
  7. sharing of personal information with others for purposes of direct marketing;
  8. permitting third party service providers such as website maintenance and SEO service providers or hosting service providers to have access to the internals of your server;
  9. transmission of personal information outside the website’s secure system or across public networks; Nevada and Massachusetts both have statutes regulating these activities;
  10. operation of a blog or forum that permits users to upload text or files;
  11. operating a website that targets children or at least by virtue of graphics, text, and products or services would be attractive to children under 13;
  12. serving third party cookies (e.g. Google Analytics);
  13. serving behavioral ads (e.g. Google’s AdSense);
  14. appointment of online resellers or affiliates;
  15. use of a competitor’s trademark in keyword-triggered ads; and
  16. “borrowing” someone else’s privacy policy without detailed analysis of how it fits your own specific business and marketing practices.

Make Website Legal Compliance a Top Priority

If your website engages in any of the risk factors listed above, website legal compliance measures are required — and compliance should become a top priority ASAP.

The legal liability for failure to comply can be significant.

Leading Internet, IP and software lawyer Chip Cooper has automated the process of drafting website documents for small websites with his MyLegalFirewall website documents drafting service. Discover how quick, easy, and cost-effective it is to determine which legal compliance documents you need and to draft them online, and claim your FREE Special Report, Determine Which Legal Documents Your Website Really Needs, at ==>