Skip to main content

Privacy and Legal Concerns Relating to Websites

By August 12, 2014Article

Most businesses nowadays (whether they are primarily brick and mortar or exclusively online) have a website to promote their business services. Some companies might have a tech-savvy employee create their online presence while others might rely on a Web developer. No matter who creates the website, any business should be concerned with certain necessary content that must be included on its webpage in order to comply with the law and common privacy practice.    

The following are four essential elements all businesses should include on their websites. 

Copyright notice 

According to the United States Copyright Office (“USCO”) a “Copyright is a form of protection grounded in the U.S. Constitution and granted by law for original works of authorship fixed in a tangible medium of expression. Copyright covers both published and unpublished works.” This includes websites. 

A website or other work is protected under copyright “the moment it is created and fixed in a tangible form that it is perceptible either directly or with the aid of a machine or device.” Because of this, many would assume that there is no need for a copyright notice. However, while not legally required, good privacy practice provides for the inclusion of a copyright notice in order to make users aware that you claim copyright rights and to deter improper use of your copyrighted information. Plus, it is free and simple to do.  

A valid copyright notice requires three parts:

  1. The word “copyright” or the © symbol
  2. The date for which the copyright is claimed. If the website has been up and running for numerous years, include a date range and be sure to update it each year it is in use
  3. The name of the person or entity claiming the copyright 

A valid copyright notice should look something like this: © 2007-2014 XYZ Corp., All Rights Reserved. 

Privacy policy/statement 

In many states, including California, it is the law that a business that collects information from visitors, even an email address, provide a privacy/statement policy on its website. Indeed, whether or not you are based in California, if you collect data from an individual residing in California, you are required to comply with California law. Hence, even if your state does not mandate a privacy policy, having one in place is important for the protection of your business. 

Privacy policies in California are governed by the California Online Privacy Protection Act of 2003 (“OPPA”). OPPA requires “[a]n operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California” to “conspicuously post its privacy policy on its Web site.” 

OPPA defines “personally identifiable information” as “information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form.” This information includes a consumer’s name, physical address, email address, telephone number, social security number or “any other identifier that permits the physical or online contacting” of the consumer. 

In order to comply with California law, a privacy policy must include:

  1. Categories of “personally identifiable information” the website collects and the categories of third parties with whom the information might be shared
  2. Description of any process that allows the consumer to change its “personally identifiable information” collected by the website
  3. Process by which the website informs the consumer of material changes to its privacy policy
  4. Effective date of the privacy policy
  5. How the website responds to Web browser “do not track” signals
  6. Disclosure relating to whether other parties may collect “personally identifiable information” about the consumer’s online activities over time and across different websites when a consumer uses the operator’s website 

According to the California Attorney General, “an operator is in violation for failure to post a policy within 30 days of being notified of noncompliance, or if the operator either knowingly and willfully or negligently and materially fails to comply with the provisions of its policy.” 

Terms of use 

Think of a “terms of use” (“TOU”) statement as a contract between you and your site’s end users. A TOU statement specifies how your website’s visitors can and cannot use your website. Commonly, a TOU includes rules relating to use of the site, choice of law and forum selection provisions, rules relating to the posting of information on the website by users and disclaimers of liability (which will be discussed further below). 

There are two different types of consumer consent to a website’s TOU:

  1. A website can require a user to click a box stating that they consent to the TOU (“Click Wrap Agreement”)
  2. A link to the TOU on the website and a provision stating that the consumer’s use of the website constitutes their consent to the TOU (“Browse Wrap Agreement”) 

Obviously, a Click Wrap Agreement is a superior method because the user must take some affirmative action to indicate acceptance of the TOU. These types of TOU are generally favored by the courts. That is not to say that a Browse Wrap Agreement is not enforceable.  If your website contains a Browse Wrap Agreement, be sure to include sufficient notice on your website to bind the consumer to the TOU. A privacy attorney can advise as to the necessary notice needed to make such TOU enforceable against the consumer.  

Disclaimers 

A disclaimer is a statement that denies responsibility. The purpose of a disclaimer is to limit the liability of the website operator wherever possible. Disclaimers could be set up on a number of places within your website. You could use a disclaimer to say that the information provided on your website is not intended for legal or professional advice. You could use a disclaimer to let visitors to your site know about how you are, or are not, affiliated with other websites to which you provide links. Also, if outside contributors participate in providing content, you could use a disclaimer to disclaim the accuracy and authenticity of the information contained on your website. 

These disclaimers may or may not be combined with your privacy policy or terms of use statement. Regardless of the type of business you practice, the use of disclaimers on your website makes good legal and business sense. 

By adding the above information to your business website, you take steps to protect your business from consumer claims that may arise in relation to your site and business practices. While it may seem that the easiest way to include these provisions is to “copy and paste” from similar sites, it is important to seek the advice of an attorney in relation to these matters to insure that your privacy policy, terms of use and/or disclaimers are appropriate for the specific business you conduct. 

Lisa Allen is an associate attorney at the Lotus Law Center, where she specializes in helping small business clients with their legal needs. The Lotus Law Center was founded as a way to make legal services affordable for all sizes of businesses. Focusing on the practice of business and technology law, the Lotus Law Center provides premium personal and professional responses to the legal needs of business clients at an affordable fixed or hourly rate. Contact her at Lisa@lotuslawcenter.com.