While many people skim over or ignore the "fine print," it’s there for a reason: To clearly define your responsibilities and protect your business. While the "fine print" may seem like a formality, it can be anything but.
Here are some basic guidelines for business website policies and terms and conditions.
Privacy
The GDPR, or General Data Protection Regulation, went into effect in May 2018. It’s the most comprehensive online data privacy law to date and it applies to any business that collects any type of information from citizens of the European Union. This includes customer information, email addresses, and even ip addresses and cookies. If your business has sales or web visitors in Europe, the law probably applies to you.
Key aspects of the GDPR are:
- If you want to use an EU citizen’s data for any purpose, you must get the person’s clear and unambiguous agreement. You must explain how you will use the data and make it easy to opt out.
- Data must be stored in a way that protects citizens’ privacy.
- You must delete data if a person doesn’t want your company to use it anymore.
- The penalty for serious violations can be up to four percent of your annual global turnover.
If GDPR applies to you, check to see if your website and email providers are using GDPR compliant policies and procedures.
Even if you don’t think your site will gather any information from Europeans, you should have a similar privacy policy that tells visitors what information you might gather and what you will do with it. A written policy may be required for certain types of businesses or in certain jurisdictions. California has enacted significant privacy rights legislation that may impact you if you do business with Californians.
Experts caution that you should always develop a privacy policy that accurately reflects the way you are collecting and using information: don’t just copy another company’s privacy policy. You can write a privacy policy yourself, but you should have it reviewed by an attorney to make sure it complies with the law and doesn’t leave anything out.
Once you have a privacy policy, be sure to follow it, update it regularly, and communicate those updates to your site’s visitors. In addition, make sure you have adequate security measures in place to ensure that your visitor’s confidential information is secure.
Copyrights and Trademarks
Your website is protected by copyright as soon as it is created, and you’re not legally required to place a copyright notice on the website. However, a copyright notice, such as "Copyright ©2010 ACME Productions, Inc. All Rights Reserved" informs visitors that information (including photos, diagrams, and text) provided on your site should not be copied or distributed without permission. Placing a copyright notice on each page of your site may help deter other people from infringing your copyright.
If your site contains a significant amount of copyrighted material that other people may want to use photographs, for example you may want to watermark your images or include a link to your policy for granting permission for others to use your copyrighted work. This increases the chance that people will obtain permission before using something from your website.
If you use any trademarks on your site, you should include the proper trademark designation to notify visitors that you are claiming trademark rights.
Protection of Minors
If you know that your site will be collecting, using or disclosing personal information about children under the age of thirteen, special guidelines apply. You may be required to get parental consent before collecting or disclosing personal information about a child. On the other hand, you are not required to get consent if you collect an email address to respond to a one-time request, or to ensure the safety of a child (or of your site), or to provide notice to the parents of their child’s activity on the site, or to regularly send newsletters or other information to the child (as long as you first notify the parents and give them the opportunity to decline on behalf of their child).
As you can see, running a site catering to children can be complicated: see Federal Trade Commission guidelines or consult with an attorney experienced in child Internet and e-commerce issues.
Forums and Comments
If you maintain a forum or discussion board or allow comments on your blog, you may be liable for comments posted. To limit the possibility of legal ramifications, make sure you:
- Regularly monitor postings. Immediately delete any posts that are offensive or could be considered libelous. (Even though you or your employees may not have created the post, your business could still be liable since the post appears on your site.)
- Remove posts upon request. If someone asks you to remove a post, take the safe route and do so even if you do not consider it to be offensive or libelous. The key is to be safe rather than sorry.
- If you have comments enabled on your blog, set these up so that you must approve them before they are posted publicly.
- Set clear expectations and limits. Highlight the fact your company is not responsible for the accuracy or reliability of third-party statements or posts. Make sure users of your forum understand that their posts can be deleted at any time for any reason.