Where to Start: Create A Valid Contract and Privacy Policy
Savvy business owners know that a website for their business is a great tool for attracting potential customers or clients. But fewer are familiar with the legal risks of not having privacy policies and terms and conditions tailored to their audiences and business practices. The risk cannot be overstated: if you have a website for your business, do not merely publish words from a template, forget about them, and assume you’re covered.
Why?
The answer is because lawmakers and federal regulators are increasingly sensitive to the needs and vulnerabilities of private citizens who now regularly enter into transactions over the web and send important personal information across the cyber-world.
A number of federal and state statutes, as well as a growing body of actions by the Federal Trade Commission (which enforces federal privacy policy) now address the handling of information that can be used to identify individuals.
This legislation has created new categories of specially-protected information. Federal statutes target the collection of online medical information, financial information, and information about children younger than thirteen who use the web.
Furthermore, many states have enacted data security breach and privacy laws. Maryland, for example, enacted the Personal Information Protection Act in 2007. California’s Online Privacy Protection Act of 2003 requires commercial websites that collect the “personally identifiable information” of Californians through the internet to publish a conspicuous privacy policy and abide by it—and it could be used to call out-of-state companies into their courts.
What’s the bottom line?
If you are a business owner, one of the worst things you can do is what we warned you against in the very beginning: Do NOT assume terms and conditions or privacy policies are one-size-fits-all remedies that can be easily published once and forgotten about while you go about the realwork of running your business. This assumption is plain wrong and potentially dangerous. The fact is that building and maintaining a legally-sound website requires active engagement from you, the business owner.
So where do you begin?
The first thing you should know is that there is an important difference between terms and conditions and a privacy policy. They protect you in different ways and you may well need both. Terms and conditions can serve to create a contract between you and the web user that could protect your intellectual property (images, registered trademarks, logos); manage users’ expectations; clarify what you own (such as copyrights or other intellectual property) and do not own on your site (such as any third-party links); and ensure that any disputes are litigated in a court of your choice.
A privacy policy is quite different, and it is necessary if you collect information that could be used to identify an individual, such as names, e-mail addresses, phone numbers and billing addresses. You could be collecting such information even through a simple web form where a user can type his or her name and e-mail address to contact you with a question. You must tell users how you use and protect their information, whether you share it, how long you keep it, and how to contact you in order to change it. The law favors informing users and giving them control over what belongs to them.
Next, consider whether you collect any specially-protected information—be it medical, financial, or provided by minors or foreign residents of other states or countries—and engage an attorney to determine how to best protect you from potential liability. Even if you do not intend to collect any specially-protected information, just collecting an email address qualifies. Therefore, your site should be tailored to ensure that it fits your purposes and your audience.
It is important also that you consider the very design of your website—and not think of your site’s terms as merely just words on a page. Your site must be designed to give the user sufficient notice of the terms and a genuine opportunity to consent to the terms of the deal; what is sufficient is up to the courts. In recent years, courts have held that certain disclosures were not prominent enough, or that a user must affirmatively click through in order to agree to certain terms.
Most importantly, be ready to commit to the terms you set. Courts have come down hard on business owners who effectively say they’ll do one thing, but do another.
Doesn’t this seem like overkill?
No. No matter how short and simple the website terms and conditions of some pages you visit on the internet may seem, the fact is that what protects them may not protect you, for the reasons we discussed above—not to mention that there are plenty of bad practices out there.
Privacy experts reference what is called the “life cycle” of data, which includes: collection, use, disclosure, storage, and disposal. Each of these discrete phases demands your attention and contains potential pitfalls along the way.
We have seen a tremendous increase in awareness and concern about these issues and we can help you avoid pitfalls. We encourage our clients to look at their websites with heightened scrutiny. The attorneys at McMillan Metro, P.C. would be happy to provide a review of your website and address any issues.