Disclaimer: The legal resources provided here are intended for educational and informational purposes only and should not take the place of hiring an attorney nor is it all-inclusive.
Resources
Policy Generators
- Termageddon – Policies for your website that automatically update when the laws change
- Termly – Offers a full suite of compliance solutions, including a GDPR Cookie Consent Manager
- TermsFeed – Online policy generators and downloadable templates
- GetTerms.io – Offering basic and comprehensive policy packages
Legal Advice
If you do not have your own attorney both Rocket Lawyer and LegalZoom offer website policy services.
Privacy Policies, Copyright, GDPR, and Spam, Oh My!
These are by far the least glitzy and least visited pages on your website but a necessity none the less. Okay, okay, I can hear you saying “But I’m a small business, do I really need a privacy policy or legal notices on my website?” In short, yes. Let’s dive into why.
Copyright Requirements
Every website owner should know their website legal requirements under copyright law. Understanding the Digital Millennium Copyright Act is a good place to start. It’s the U.S. law enacted in 1998 that ensures international copyright standards are maintained for website copy and images. The copyright law generally limits the liability of a website owner for copyright infringement committed through any of its user-generated content, provided they respond quickly and as needed once notified to remove the content. And, of course, that you yourself and not using someone else’s copyrighted material on your website without explicit permission.
Copyright Notice
It’s important to include a copyright notice on all of your web pages, but that doesn’t mean that you need a specific page for your copyright. Something simple in the footer, “Copyright © 2015 yourwebsite.com” will suffice for most website owners. Websites that have a specific page about their copyright do so because the copyright is complicated, as in some of the material is owned by the site itself and some of it is owned by contributors.
Privacy Policy
No, not every site needs one. However, most do. If your site collects any user information, such as names and email addresses or uses cookies to track user behavior with a program like Google Analytics, then yes, you need one. This serves as a disclosure that you’re collecting data and what data specifically you are collecting.
Depending on where you are based or which customers you serve, you may also need to include information regarding your compliance with the CCPA (California Consumer Privacy Act), COPPA (Children’s Online Privacy Protection Act), and the CAN-SPAM Act. In addition, GDPR which we discuss later on in this post may impact your compliance requirements.
Can-Spam Act
You’re probably aware of Can-Spam by now, but it’s worth being reminded that if you misuse any type of email marketing, you can be fined up to $16,000.00! We recommend using tools like Mailchimp, Aweber, MailerLite, Get Response, etc. to send out mass emails. These tools are designed to alert you of any spammy tactics you might inadvertently use. But it won’t catch everything. Make sure you’re in compliance with the Federal Trade Commission’s rules and regulations outlined in the CAN-SPAM Act: A Compliance Guide for Business. Getting permission from your leads before you email them is vitally important and not just because of the risk of an FTC fine. Permission-based marketing is a much better way of getting customers than spam tactics whether conscious or unconscious.
Terms of Use (Service or Conditions)
Undeniably the dullest page on your website, the Terms of Use page sets the rules for using your website. While most websites seem to have one, there’s actually no legal requirement at this time for defining Terms of Use, but it’s still a smart thing to include. Having this policy page in place can limit your liability should a customer take you to court, as well as protect your rights to the content contained in your website. If you’re ever facing a legal battle, a court will look at your website terms to determine the contractual terms between you and the customer.
Minimize the risk of user-generated content
Additional steps and requirements may be needed if your website allows user-generated content. Preventing plagiarism may not be fully possible, but there are steps you can take to reduce the risk as a website owner. Start with clear and simple Terms and Conditions that are displayed prominently at the point where your visitors will be uploading their content. This is where you can cover your bases, and outline your website legal requirements. For instance, make sure the terms clearly forbid the use of any defamatory language in the content. You should also get users’ express consent of the right to display the content.
Disclosures
Disclosure pages are important from both a legal and ethical standpoint. If you run a website with an audience that relies on your expertise and advice, you must inform them whenever a conflict of interest arises. In fact, the Federal Trade Commission specifically requires you to disclose that information.
If you’re not sure whether you need a disclosure page, we’ve got your back. Let’s run through a few scenarios together:
- If you participate in affiliate marketing programs, then yes, you should include a disclosure.
- If you run contextual ads (such as Google Adsense) then you should also include a disclosure.
- If you receive compensation in any form for including anything on your website – a link, an image, an article, anything – then you should absolutely include a disclosure.
Additional eCommerce Considerations
If part of your website involves e-commerce (i.e. collecting payments for any reason), knowing the website legal requirements for selling online will help you not only save time and money but also any potential legal hassles. It’s important to have a solid understanding of consumer protection laws and e-commerce regulations in the United States. For instance, your contact details must be readily available for customers should they wish to reach you. Your prices and whether they include tax should be plainly stated. Your refund and cancellation policy must be clearly visible at the point of purchase.
Don’t forget about PCI DSS Compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
GDPR (General Data Protection Regulation)
Have you noticed the increasing number of websites with the annoying cookie popup? You can thank GDPR for that!
The GDPR enacted in 2018 is a European Union data privacy law. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world. What this means in practice is that if you collect any personal data of people in the EU, you are required to comply with the GDPR. The data could be in the form of an email address, name, location, or the IP address tracked by analytics software.
So far (as of May 2019), the EU’s GDPR reach to US businesses has not been tested in court, but no doubt data protection authorities are exploring their options on a case-by-case basis. The folks behind GDPR have provided a complicated GDPR compliance checklist for US companies. Bottom line, it’s a new international law and there are still a lot of unknowns and questions surrounding the logistics of implementing GDPR best practices and the impact of GDPR on US companies.
A few WordPress plugins that support GDPR and paid Consent Management Providers are popping up. At this time, we have no experience with any of these consent management providers and cannot recommend one over another. If compliance is required for your business, please submit a request so we can explore your project requirements together.
