If you operate a website, you’re probably aware that your website operations are now highly regulated. And the pace of legal regulations continues to accelerate.

Which means that you face an increasing risk of legal liability.So, it’s a good idea to give your website a legal check-up and to update your site before it’s too late.

General Issue Checklist

The general checklist below covers issues that are not new issues which arose in 2009. These issues have been around for a while, but some may be new to you, particularly if your website or marketing activities changed recently.

Copyright Notice. These are the basic elements of a copyright notice: the word “copyright” or copyright symbol (c in a circle) followed by the year of first publication followed by the name of the copyright owner followed by “All rights reserved worldwide.” Here’s an example : Copyright 1996-2010 Greatson Media, LLC All rights reserved worldwide.

Blogs. If you’ve recently added a blog to your site, or if your site is a blog site, it’s possible that a visitor could post infringing materials (e.g. text, video links, images). Under the strict principles of copyright law, you’d be a copyright infringer even if you were unaware of the posting. Your liability could be significant. The Digital Millennium Copyright Act (DMCA) provides a “safe harbor” from liability provided you publish a DMCA notice and register with the Copyright Office.

Collection, Use and Sharing of Personal Information. Your marketing activities determine the categories of personal information you collect, how you use it, and how you share it. As you evolve your marketing practices over time, it’s easy to forget that your Privacy Policy should reflect your actual practices regarding personal information. This is one area in which most online marketers are the most vulnerable to legal liability. So, review carefully your present and anticipated future marketing activities that include personal information and update your Privacy Policy accordingly.

Data Security. Technology and security practices are in a continual state of evolution. You’re required to implement and maintain “reasonable and appropriate” data security measures, according to the Federal Trade Commission (FTC). If your site does not actually implement up-to-date measures, you should update them immediately.

Service Providers. Do your outsourced service providers – hosting, SEO, website development, etc. – have access to the internals of your website server and your databases that archive personal information? If so, according to the FTC, you need to enter into simple confidentiality agreements with these service providers.

Human Intervention in Online Contracting. Two 2008 cases highlighted the fact that human intervention in online contracting may be a recipe for creating unenforceable agreements. The recipe for enforceable online agreements is well settled, but if you add intervention by your employees into the acceptance process, your online agreement may end up becoming unenforceable.

Emerging Issue Checklist

The emerging issue checklist below covers issues that were new in 2009 or experienced relatively significant new developments in 2009.

Keyword-Triggered Ads. The issue is familiar: Whether pay-per-click advertisers should be permitted to use keywords that are also competitor’s trademarks for purposes of triggering the advertisers’ ads on a search results page. This issue continued to be hotly litigated in 2009 without ultimate resolution due to a split among various Circuit Courts of Appeals. However, a 2nd Circuit ruling in 2009 narrowed the split in favor of trademark owners. Congress may resolve the split with specific legislation in 2010.

Behavioral Ads. Behavioral ads are highly relevant to consumers because they are based on consumers’ online behavior, including data tracked regarding sites visited, length of visits, content read, and searches made. In February 2009, the FTC issued a staff report entitled “Self-Regulatory Principles For Online Behavioral Advertising”. This report set out certain principles for purposes of protecting consumer privacy. Later, Google issued a notice that “interest-based” advertising utilized in its AdSense program required a modification to the Privacy Policies of all participants in the AdSense program. Look for congressional action on behavioral advertising in 2010.

Red Flag Identity Theft Policy. 2009 saw deadlines for establishing a Red Flag Identity Theft Policy come and go. Extensions of the deadline were ordered by the FTC due to confusion over the scope of the regulations and who is covered. The current deadline is June 1, 2010. In simple terms, if your registered users make periodic payments payable as monthly or quarterly installments, or if you extend credít so that payment is made after receipt of the product or service, you’re covered by the regulations, and you should implement a policy.

False Advertising. In July 2009, the Attorney General for New York reached a settlement with a cosmetic surgery company over the company’s fake positive consumer reviews on the Web. The company ordered its employees to pose as customers and to write flattering reviews. The Company agreed to pay $300,000 in penalties.

FTC Guides. Concerned over false advertising on the Web (including the type of behavior discussed in the False Advertising point above), the FTC issued new Guides explaining how they will interpret existing law regarding endorsements and testimonials used in online advertising. If you recruit affiliates, resellers, or bloggers to promote your offering, you’d be classified as an “Advertiser” under the Guides, and if you’re recruited as an affiliate, reseller, or blogger to pitch the products of others, you’d be classified as an “Endorser” under the Guides. In simple terms, Advertisers are required to provide guidance and training to their Endorsers regarding the Guides or face liability. Endorsers are required to disclose material connections with their sponsoring Advertisers including receipt of compensation of any kind. Drafting and posting a Disclosure Policy is the key to compliance for Endorsers in order to avoid a fine of up to $11,000.

What to do if You’re Developing a New Website

If you’re developing a new website (or heaven forbid, if you have an existing website that has yet to incorporate website compliance documents), your website should incorporate some combination of the following documents:

• FTC Guides Disclosure Policy,
• Legal Page,
• Terms of Use,
• DMCA Registration Form,
• Privacy Policy,
• Service Provider Privacy-Security Agreement,
• Customer Agreement (click-wrapped SaaS, Membership, Subscription, Account Agreement), and
• Red Flag Identity Theft Policy.


The checklists in this article are not exhaustive; however, they should be a good start to a comprehensive legal check-up for your website as you move into 2010.

It’s not the “wild, wild west” atmosphere on the Web anymore. Legal compliance is essential if you want to avoid liability in a highly regulated environment.

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

By Chip Cooper (c) 2010