Website Audit - Does your company need one?
By Mark Grossman, Chair of the Technology Law Group of Becker & Poliakoff, P.A.
Your company's website should enhance your company's image and business. However, it can become a regulatory and legal nightmare for your company if you don't attend to ensuring its legal compliance.
You should have your tech lawyer audit your website. This audit will allow you to identify potential risks and devise a legal compliance strategy that takes into account where you do business and your stomach for risk. Your stomach is important because many of the issues you will address in this audit will lead to gray answers. Only you know if you're comfortable in dark gray, light gray or simply black and white.
I will say this though. If you like black and white, the Net is a tough place to be because Internet law is just too new and the law too undeveloped for there to be much black and white. Speaking personally, I was drawn to the entire area of tech law because it is so gray. I happen to enjoy the intellectual challenge of unraveling a constantly changing and somewhat undeveloped legal area.
The starting point for your audit is to ask what you provide over the Net. Is it good, services, computer information or what? Do you provide it to consumers or businesses or both? If you're a business to business site, you can often avoid compliance with the sometimes nettlesome rules that protect consumers.
An important component of your audit is to look at the geographic limits of where it is you choose to do business. Do you have a statement saying that you limit your business to customers in certain places only? How do you verify that the customer is where he says he is? The answers to these questions help you determine with whose laws you must comply.
I'm a big advocate of websites providing basic company information. Some of my concern here is legal, but I think it?s usually a good business move too. I think it?s usually wise to have an "About Us" link that details things like your full company name, location, phone number, and email address. I know that when I'm surfing, I hate not being able to find this basic information. While I understand that you may be hoping that you can deal with all Web business on the Web, you should still provide a telephone number ? and it should not take a long wandering journey through your website to find it.
One of the unforeseen penalties for not providing something as simple as an easy to locate phone number is that unhappy customers may find it easier to call their credit card company than you. Then, you end up with a lost customer, a chargeback from the credit card, and a charge back fee. It can be an ugly triple whammy.
If you have an electronic catalog and posted prices, I also like to focus on whether your customer can easily find all the information necessary to make an informed decision. One of the things I consider is does the potential customer have enough information before committing himself to the transaction and giving confidential payment information.
Are your prices posted in a clear and unambiguous way? Is the cost of delivery included in the posted price and, if not, are you clear about shipping costs and time. Are you clear on whether sales tax is included and for what states?
Do you have well written Term and Conditions of Website Use posted? This contract is something almost every site should have. It's your chance to impose a contract that protects your interests should you have a problem with a customer or even a mere surfer who is passing through.
You want to be clear on your express promises, recommendations, qualifying information, warranties and disclaimers. I like to look at where your notice and disclaimers are located on your site. Are they conspicuous? Are they accessible from every page? Do you require a click? I Accept? on your Terms and Conditions before you allow users to register to use your site?
No audit is complete without detailed consideration of privacy issues. I look at issues like does your site collect personally identifiable information from surfers? Is your site geared to children or does it collect information from children?
Children raise their own unique set of issues because of the Children's Online Privacy Protection Act. The key age for this Act is under 13. Be careful with compliance with the Act when dealing with kids.
In a similar way, financial institutions must ensure compliance with Gramm-Leach Biley and anything that touches health or medical raises Health Insurance Portability and Accountability Act issues.
If you touch Europe in any way, you need to be concerned with the EU's more stringent (as compared to the United States) privacy rules.
What I've attempted to do here is to give you a flavor of some of the concerns a website audit will address. It's only a "flavor" because the list of things to consider is long and illustrious. This column didn't even touch intellectual property issues and that, like so many other things, are extremely important. My suggestion is to deal with an audit now before you have some regulatory body or court breathing down your neck.
Mark Grossman is a shareholder and chairs the Technology Law Group of Becker & Poliakoff, P.A. Website at www.EComputerLaw.com. His e-mail address is techlaw@EComputerLaw.com. His research assistant is Patricia Echeverri.