If your business has a website, whether you use it for commercial purposes or otherwise, you’ll want to protect yourself, your website, and your company from malicious forces in the cybersphere. Keep reading to find out about two of the most important legal documents every website should have.
Terms of Use
You have likely seen a link at the bottom of a website for “Terms of Use” (aka “Terms of Service” or “Terms and Conditions”). A website’s terms are intended to be a contract between the website owner and each visitor/user of the site. In short, they give you a legal leg to stand on in the event of abuse or litigation.
If properly drafted and incorporated into a website, a website’s terms of use may, among other things:
- minimize the website owner’s, and, in some cases, its content and service providers’, potential liability to site users;
- protect the intellectual property included on or accessed through the site (e.g. prohibit unauthorized reproduction of material contained on the site);
- prohibit illegal or undesirable user behavior, such as using the site for illegal purposes, spamming other users, introducing viruses, and posting illegal, infringing, or defamatory content;
- set forth dispute resolution provisions, including choice of law, prohibitions on class actions and arbitration provisions.
Website terms of use are generally drafted from the perspective of the website owner and are not intended to be negotiated. If you visit a few websites, you will notice that that may differ from one site to another. That is because a website’s terms of use should be tailored for that particular website.
Privacy Policies
If you collect personal information from visitors/user of your website, numerous privacy laws may require that you have a privacy policy posted on your site. Examples of personal information include, but are not limited to, names, dates of birth, email addresses, billing and shipping addresses, phone numbers, bank details, and social security numbers.
A website privacy policy notifies users about the website operator’s practices concerning the collection, storage, use, and disclosure of information, including personal information. However, no model privacy policy works for all or even most websites. Instead, a website privacy policy must be carefully drafted to specifically reflect the company’s actual or anticipated information collection and privacy practices.
In the United States, there is no single governing privacy law. Instead numerous state and federal laws may apply, including, but not limited to, the following: the Americans With Disabilities Act (ADA), the Cable Communications Policy Act of 1984, the Children’s Internet Protection Act of 2001 (updated in 2013), the Computer Fraud and Abuse Act of 1986, the Computer Security Act of 1997, the Consumer Credit Reporting Control Act, the Children’s Online Privacy Protection Act (COPPA) and the California Online Privacy Protection Act (CalOPPA). Further, if your website collects personal data from residents of other countries, the laws of the that country may apply. Recently, the European Union enacted the General Data Protection Regulation (GDPR) in Spring 2018, replacing the Data Protection Directive 95/46/ec as the primary law regulating how companies protect European Union citizens’ personal data.
Penalties for non-compliance of these laws include fines, injunctive relief (including shutting your website down), and, in some cases, criminal charges.
Similar to a website’s terms of use, there is not a one-size-fits-all privacy policy for every website. When drafting a privacy policy, it should be accurate and reflect what information your site collects, what you’re using it for, and if you are sharing the information with third parties.
This article is meant to be utilized as a general guideline for online terms and privacy policies. Nothing in this blog is intended to create an attorney-client relationship or to provide legal advice on which you should rely without talking to your own retained attorney first. If you have questions about your particular legal situation, you should contact a legal professional.
Mark Turner can be reached by phone at (440) 571-7773 or by email at [email protected].
Continue reading about the EU’s General Data Protection Regulation Law (GDPR) in “The Steep Price of Data Collection is Skyrocketing, Unless You Get it Right”
An audit of your policies can help you avoid the pain of lawsuits. The Gertsburg Law Firm now offers CoverMySix, a one-stop legal audit for your business, led by award-winning litigators and in-house counsel. CM6 minimizes your exposure to lawsuits, investigations, disgruntled employees and customers, and all the damage that comes with them. Schedule a confidential, no-cost CM6 Vulnerability Check with Gertsburg Law Firm’s CEO, who will walk you through the minefields in your documents and key processes and tell you how to fix them yourself. Call 440-571-7774 or e-mail [email protected] to schedule your CM6 Vulnerability Check today. Newer or smaller companies will want to take advantage of CoverMySix for Small Companies and Startups complete legal documentation portfolio. Check out www.covermysix.com to learn about the full CM6 audit suite.
