A Legal Audit of Your Website is a Good Dose of Preventative Medicine
An improperly created website can breed lawsuits. It's not the place to test the limits of the law. Once you put information out on the Net, it's there for anybody to see. It's the ultimate in unrestricted access. You might create a site for potential customers, but your competitors and enemies get to see it too. A cautious and conservative approach is the way to go. How cautious you need to be will vary depending on several things. The preventive medicine is a legal audit of your website.
As with almost everything with the Net, the precise legal standards for websites aren't easy to define as the law is in its infancy. The global availability of the Net and all the differing legal systems throughout the world has exacerbated the problem of establishing the applicable legal standard.
To some extent, you need to be concerned about the laws of every jurisdiction in this country and throughout the world. Complete compliance with every variation of the law throughout the world is obviously an impossible goal. How you cope with this fact depends on what you do and where you do it.
If You Don't Do Overseas Business
If you're an American company in a generally unregulated industry, and assuming that you don't have any overseas operations, your legal compliance strategy can probably safely center on the United States. In this scenario, your tech lawyer can guide you on what's considered “mainstream” compliance.
While it's true that “mainstream” compliance doesn't guarantee complete legal compliance, I think that it's the only reasonable approach. You cripple yourself if you demand a guarantee of complete legal compliance. If you do, only your lawyer will make money. There are just too many laws in too many states. Enjoy the benefits of your generally unregulated status. Accept some risk, enjoy your profits, and deal with problems when and if they occur.
If we change just one variable, the advice changes. If you're in a generally regulated industry, you must be more cautious. The starting point in your legal audit is to decide what states may have jurisdiction over your actions. The analysis will vary depending upon your industry whether its securities, insurance, banking, or whatever.
Your website audit will then need to focus on those states and federal law. Since you're in a regulated industry, you're already used to the need for often fastidious compliance with the laws and regulations of multiple states. In this context, your website is no different from anything else you do. You can't just slap up a website while blithely commenting that nobody regulates the Internet. You’re wrong! In some ways, everybody regulates the Internet.
If You Do Business Overseas
If you do business overseas, you'll have to be sensitive to the legal requirements of those countries that could have jurisdiction over your company. Although a computer in the United States may physically host your website, this may not stop you from being hauled into a foreign court. Worse, it's conceivable that they could hold your website up against their legal standards.
Whether you think that's right is not the issue. I'm just telling you that it can happen and that you need to be sensitive to foreign legal compliance with your American-based website.
Your website audit needs to consider many things. Some of it is just common sense, but some is uniquely Internet law. Some is a mixture of the two. Here's a sample of what I consider in a website audit.
Information Accuracy
This point is so obvious that I wouldn't say it except that I've heard reasonably astute people say things like, “It doesn't count if it's online.” That statement couldn't be more wrong.
Defamation and unfair and deceptive trade practices (things like false advertising) are examples of some things that you can have on your website that can get you hauled into a courtroom. It's essential that you carefully review information before it's posted to the Web.
Copyright and Trademark
Copyright and trademark law fully apply to the Web. If you post somebody else's logo on your site, make sure that you have their written consent. If material is copyrighted, get the author's permission.
I don’t know why sophisticated business people think that somehow the Internet is somehow different when it comes to intellectual property because fundamentally nothing changes when you move content from a magazine to a website. The content is just as protected by intellectual property law online as on paper.
Post Terms and Conditions
With few exceptions, every commercial website should have Terms and Conditions of Website Use posted.
Terms and Conditions of Website Use are a natural evolution of “Shrink Wrap Agreements” which you see every time you buy new off-the-shelf software. “By installing this software, you agree to be bound by the terms of this agreement” is typical Shrink Wrap Agreement language.
“By using this website, you agree to be bound by the terms of this agreement” is Web Agreement language.
A well-drawn Web Wrap Agreement can help you to significantly reduce your legal risks. The most basic thing that you should put in every Terms and Conditions is a limitation of liability clause. So even if you get sued and lose, at least the maximum damage award against you is nominal. I'll typically limit damages to something like $50 to $100.
To further insulate you from the claims of users, I always have them agree that use of the site is at their own risk and that you disclaim all warranties. Also, the flip side is that I include a clause making them liable to you if they upload things to the site like copyrighted or trademarked material that they don't have a right to use. This gives you some protection if a third party sues you for something posted to your site by a user.
My favorite way to discourage my clients from getting sued over nonsense is by including a clause requiring that any lawsuit be filed in my client's home state, not the user's. Using the courts looks a whole lot less attractive as the mileage increases.
Be Proactive
Having your website audited is a good example of effective proactive law. Once you get sued, you can't require the other side to come to your home state if you didn't have the agreement already on the site.
Don't be like the people that put in the burglar alarm after the burglary. A little preventive law is much cheaper and less stressful than crisis law. Have your site audited now, not after it causes you a problem.