October 5, 2017,

Why your Website needs a Privacy Policy and Terms of Use

The Internet Vortex

It happened.  Everyone is online.  Some may say this was caused by the personal computer becoming so affordable that every home now has one (or two)?  Or was it the proliferation of Wi-Fi, laptops and smart phones?  Maybe it was caused by the advancements in technology that allowed anyone with a mobile phone to access the internet at the same speed (or faster) than using a computer? Maybe it was a combination of all of these things.  Whatever may have caused it to happen, the result is that the internet has become one stop shopping for all of our information and business needs. It’s where we do our shopping (i.e. AMAZON), our banking, our socializing (i.e. TINDER, MATCH.COM) and connecting (i.e. INSTAGRAM, FACEBOOK) with new and old friends and most recently even our social activism (i.e. TWITTER).  Online is the first place we go to for our news and for recommendations and reviews on everything from restaurants to doctors to house painters and baby sitters.  The White Pages and Yellow Pages we used to rely on to obtain information on businesses have transitioned from print to online versions (along with a good portion of newspapers and magazines).  This is why just about every business today has a website.  If you don’t have an online business presence, you don’t have a business presence.  Having a brick and motor storefront is no longer the only way to have a business.  All you need now is a website, a business entity and an EIN (Employer Identification Number) and you can be in business literally overnight.   

Website Necessity

Websites are also relatively easy (depending on what you need your website to do) and affordable to create and maintain.  You can hire someone to create your business website for you or you can create one on your own.  There are several companies (i.e. GO DADDY, SQUARE SPACE, WIX.COM) that will provide you with the tools, templates and step by step instructions on how to create your own website.  This is all great news for the small business owner.  It means that the start-up costs for a business have decreased dramatically.  However, having an online business or E-business has created new problems for the business owner.  

As a website owner, how do you answer the following questions:  

  • How do you control who sees your website?  
  • How do you let your customers know how they can use or what they can do with the information on your website?  
  • Are you or the business activities conducted on your website subject to industry specific requirements or guidelines?  
  • If you ask for or collect information from users on your website, do you tell them how that information is used?  
  • What are your responsibilities for protecting the customer information you collect via your website?  
  • Are there certain people (minors) that should not be viewing or using your website?  
  • How do you minimize your legal liability if the information on your website is misused or used for an illegal purpose?  
  • Can you be held liable if your website is used, without your knowledge, to spread a computer virus?  
  • How secure does your website need to be?  

These are important questions that need to be answered and that should be considered before you create your business website.  All of these issues can be addressed in the terms of use and privacy policy for your website.  This is why creating the terms of use or privacy policy for a website is usually not included by web developers, web hosting services or programmers as part of creating your website.  Creating these important documents should be the responsibility of the website owner.  Despite the importance of these documents, most business owners probably spend more time deciding on the layout and graphics for their website or determining who will create and host their business website than they do on the terms and conditions governing its use.  Although the responsibility of preparing a terms of use and privacy policy for your website falls on the website owner, this is a task most website owners are unable to complete on their own due to the legal requirements that must be addressed in a terms of use and privacy policy.

Website Terms of Use

A well-drafted website terms of use (also referred to as website terms of service or website user agreement) will serve the following purposes:  

  1. Protect the owners and operators of the website by minimizing their potential liability to third party users and visitors to the website,
  2. Protect any intellectual property that exists on the website or that can be accessed through the website from copying or other unauthorized use.
  3. Ensure that the website is not misused or manipulated by prohibiting illegal or questionable uses of the site by visitors (i.e. introduction of viruses; posting or uploading illegal or defamatory content; etc.).

Creating a terms of use for a website is essentially preparing a contract between the website owner and the users of the website.  There are legal requirements that must be considered in order to make sure that your terms of use will be enforceable in court if a dispute arises.  For example, you must consider how your website gives users notice of the terms of use and how your users indicate their consent to the terms of use.  Notice and consent are key considerations in determining whether a legally enforceable contract has been created.  As a result, the website owner should determine whether the terms of use will be presented to users before entering the website and whether users will be required to indicate assent to the terms of use by checking a box before they can use or move through the website.

If your website allows users to upload or post content (text, video, audio, photos, etc.) your website terms of use should specifically address what type of content can be posted and also limit your liability for the user generated content by addressing the requirements necessary for any applicable safe harbors available under the Digital Millennium Copyright Act (“DMCA”) or Section 230 of the Communications Decency Act (“CDA”).  In addition, if either the website owner or the business activities conducted through the site are subject to industry specific rules or regulations, such as the health care industry (i.e. Health Insurance Portability and Accountability Act (HIPAA)) or the financial services industry (i.e. Gramm-Leach-Bliley Act (GLBA)), the website terms of use (and your website contents) should be drafted to comply with those industry specific regulations.

Website Privacy Policy

A privacy policy is a document that informs users about the website operator’s practices concerning the collection, storage, use and disclosure of information, including personal information.  If your website collects user information (i.e. name, email address, mailing or physical address, credit card information) you must have a privacy policy on your site to disclose to visitors how you will use the information collected.  Even if your website does not specifically solicit users for any personal information, it is still a best practice to have a privacy policy on your website.  Visitors to your website are aware that certain data, such as their IP address and even what pages they visit on your site, can be collected (and probably is being collected) without their specific knowledge or consent simply because they landed on your website.  Having a privacy policy will inform the users and visitors to your website how their data will be used (i.e. to improve your online marketing and find out what topics your visitors are most interested in) and reassure them that their personal data will be protected and will not be sold to third parties or affiliate companies or otherwise misused.  

If your website operates in the U.S. and collects personal information from U.S. residents, your policy must comply with the applicable U.S. privacy and data security laws including, but not limited to, the following:  the Federal Trade Commission Act, 15 U.S.C. § 45 (regulating unfair and deceptive business practices and providing guidance on consumer privacy); the Children’s Online Privacy Protection Act (COPPA) (regulating the online privacy of children under 13); the Health Insurance Portability and Accountability Act (HIPAA); the Gramm-Leach-Bliley Act (GLBA); and the California Online Privacy Protection Act (CalOPPA) (regulating commercial website operators that collect personal information from California residents).  If your website operates outside the U.S or you collect information from users outside the U.S., your privacy policy must comply with the privacy and data security laws applicable in that jurisdiction or country.

Conclusion

As indicated above, the specific content of the terms of use and privacy policy for your website depends upon several factors including, but not limited to,: the type of business transacted on your website, the purpose of your website, whether information is being collected from users via your website, how you use the information collected from users of your website, the target audience for your website and the legal and ethical requirements of your particular business or industry.  As a result, every website is not the same and each website requires a privacy policy and terms of use that is specifically tailored to the business activities and purposes of that website.  Beware of “boiler plate” or “standard” website terms of use and privacy policies available for “free” on the internet.  Remember, you get what you pay for.  It is true that there are typical clauses and sections included in every terms of use and privacy policy, but not every clause or section is applicable or compatible for use on every website.  It is important to the success of your business to have the proper terms of use and privacy policy in place on your website.  These documents are essential to: ensure that your website complies with the applicable laws and regulations and protect you from legal liability.

Author Contact Information:
Michele G. Moss, Esquire
Johnson Moss L.L.C.
3505 Lake Lynda Drive, Suite 200
Orlando, FL 32817
Tel:  407-273-7027
Email: info@johnsonmosslaw.com
Website: www.johnsonmosslaw.com