By Ira J. Hammer, Esq.

It seems so easy. All you have to do is pick and register a domain name, choose a vendor to operate and run the website, paste some content on the website, and you are ready to go.  Beware, however, because what seems so easy at first can become a source of aggravation or later, even civil or criminal liability.  Here is a list of some preliminary questions that you should ask when creating a website or engaging a third party to do so:

• Is the content (text, pictures, videos, graphics, sound) that appears on the website originally created by website employees or is some or all of it copied or adapted from somewhere else? If it is copied or adapted from somewhere else, what proof (e.g., license) do you have that authorizes you to use the content? Only the copyright owner can give you permission to use the copyright owner’s works.  The problem is that determining who the copyright owner is and who has the authority to grant permission for the copyright owner is not easy to determine.  Beware of websites that claim to have the right to license you to use content but have no evidence that they have been granted the authority to issue such licenses by the copyright owner.   

• What steps are you taking to protect your website against hackers and what protocols do you have in place to notify your customers and vendors in the event that there is a breach of your website’s security? 

• Are you collecting personally identifiable information from your visitors or customers or other sensitive data (e.g., donor names and donation amounts)?  If you are, (i) do you have their written consent to do so; (ii) what steps are you taking to protect such collected information from hackers; (iii) who are you sharing that information with, if anyone; (iv) how long are you retaining the information and (v) if asked by the visitor or customer, do you tell the inquirer what personally identifiable information you have collected regarding that visitor and, if requested to remove it, do you do so?  What you are required to do by law will vary depending on where you are operating and where your visitors and customers are located.  

• What data are you collecting from visitors without their permission?  Most websites collect data that does not identify the visitor to help assure that the website will run smoothly.  Such data may include the Internet Protocol Address the visitor is using, the operating system and type of computer hardware that the visitor is using, and the domain name from which the visitor accessed the website and flow information (e.g., which webpages the visitor visited and how the visitor navigated through the website).  Even though this is not personally identifiable information, you may still be legally obligated to inform your visitors that you are collecting this data. 

• Are you going to allow communications between visitors or between customers on the website?  It is not unusual to allow a visitor to post questions to the website owner (or operator) through the website and if it is just between a single visitor and the website owner, there is limited risk.  That changes if you allow visitors to post information to the website and further allow other visitors to access and copy it.  In that case, you must protect yourself against visitors who post content that does not belong to them (e.g., materials protected by a third-party’s copyright registration) to the website.  

• Do you have website terms and conditions and a privacy policy that match the risks posed by your website?  It may seem easy to copy these from another website, but there may be differences in your respective operations that require differences in those documents.

This is not a complete list of the questions you should be asking before making a website available to visitors, but it will provide you and your attorney with a good starting place to discuss the risks and potential liabilities you face from operating a website. Moreover, the terms and conditions and privacy policy that you adopt for your website will be guided by your answers to these questions.  Particularly if you are using a third party to develop and operate your website, taking the time to ask these questions and making sure that you have complete answers will help you limit any liability arising out of the website. 

For more information, contact Ira J. Hammer at ijh@spsk.com or 973-631-7859.