A Short Legal Guide to Auditing Your Web Site As you may be aware, the body of law relating to Internet websites continues to evolve at a rapid rate. This happens whenever a judge issues a ruling which is inconsistent with past practice, or when a new issue is decided for the first time, or when a State, Federal or international body enacts a new law. Recent changes have been coming so frequently that we thought it would be prudent to send a checklist to our clients highlighting the areas where changing legal realities are most likely to cause an impact. The list below is set up in Q and A form. While it is not exhaustive, it should permit you to perform a quick “self audit” to determine whether action of some sort on your part may be necessary. If you do find such an area, or if you have any questions, please contact one of the attorneys at LGU with whom you work, and we will be happy to assist you. 1. Do you deliberately or incidentally collect personal information from visitors to your site? This may include information as innocuous as IP addresses (which many site traffic software packages automatically record), to more overt requests for names, addresses, and demographic information. If so, you should:

• Consider posting a written privacy policy that informs users about the kind of information that is collected and its anticipated uses. However, privacy policies that are needlessly overbroad can place undue restrictions on future uses of this potentially valuable asset, especially in the case of merger, acquisition or bankruptcy.

• Comply with the Children's Online Privacy Protection Act (COPPA), particularly if you collect date of birth information or design portions of your site for children. Note that these rules can apply to you even if children are not your intended audience.

• Comply with the Health Insurance Portability and Accountability Act (HIPPA) if your site involves personal medical or health-related information.

2. Do you sell goods or services on your site? If so, you should:

• Use an adequate, correctly placed license agreement that covers such issues as disclaimers of liability, choice of law/venue provisions for dispute resolution, and taxes. If you resell products from others, ensure your reseller agreements do not restrict your use of the Internet as a distribution mechanism.

• Consider the applicability of laws and regulations generally applicable to mail order sales (such as requirements to notify customers of delayed filling of orders).

• Consider whether it is advisable to use alternative dispute resolution procedures for disputes with customers.

• Determine whether state sales taxes need to be charged. • Obtain appropriate insurance coverage, arranged by a broker familiar with e-

commerce issues. 3. Do you use your site as a business-to-business "e-commerce site" (that is, do you enter into agreements with other businesses over the Internet)? If so, you should:

• Ensure that your Internet-based contracts do not conflict with paper invoices and purchase orders that may originate with your company or your customer (these may override your web-based agreement terms).

• Consider whether you would benefit from taking advantage of the relatively new Electronic Signatures in Global and National Commerce Act (E-SIGN), by contracting electronically.

4. Did an independent contractor develop or contribute to your site? If so, you should:

• Have or obtain an appropriate agreement with the contractor to determine your rights in the content. Absent such a written agreement, the contractor may actually own the intellectual property you thought you had paid for. Often, for example, a web site developer will only grant a limited license to the developed content, making it difficult and expensive for a company to subsequently update its own web site.

• Ensure that the developer obtained all necessary permissions to use any third-party content contributed to your site. Without the proper contractual language, your company may be liable for the developer's failure to obtain these permissions.

5. Does a third party host your site? If so, you should have or obtain a written agreement that provides, if possible, specific measurable criteria for performance (a "service level agreement"), and entitles you, if you fail to receive adequate support, suffer unreasonable down time, or if the ISP or provider goes bankrupt, to:

• Gain access to all electronic material you need to swiftly redeploy with another provider.

• Control your URL(s), so that traffic goes to your new site, and not the old. • Be able to terminate on short notice, and without monetary penalties.

6. Does your web site use or refer to the intellectual property of others? If so, you should :

• Properly acknowledge the use of trademarks, service marks and copyrighted material of other parties, to provide greater protection against infringement claims.

• Exercise caution when framing or linking to other web sites. Depending on the circumstances, these practices may give rise to liability.

• Consider whether quotations, excerpts and reviews comply with the "fair use" doctrine and any applicable licenses before incorporating them into content on your site.

7. Do you permit other parties to post information on your site (creating a risk of copyright infringement or defamation by the posters)? If so, you should:

• Take advantage of a safe harbor provision in the Communications Decency Act (CDA) by notifying customers of commercially available parental control protections.

• Maximize your protection under the Digital Millennium Copyright Act (DMCA) by registering an agent with the Copyright Office and observing the "notice and take down" provisions of this law.

• Implement a carefully-crafted "Terms of Use" acknowledgement, which defines your right to remove postings or terminate a user's account.

8. Have you taken reasonable measures to secure the information on your site? Failure to do so may result in liability to persons for disclosure of their information, or loss of control of your information on the site.

9. Is your website directed to users outside the United States? If so, have you considered how the laws of other countries may impact your activities? For example:

• Europe's privacy laws are much more sweeping than those in the U.S. You may benefit by certifying compliance with certain privacy principles and registering under a "safe harbor" administered by the Commerce Department.

• Europe also recognizes far greater intellectual property rights for databases, which are largely unprotected in the U.S. Certain steps can be taken before making your database publicly accessible on the Internet to take advantage of this fact.

• European laws may permit you to be sued in Europe based on your website activities, even if you have no physical presence there.

10. Does your website contain substantial original content at risk of being illegally pirated? If so, you may wish to consider registering all or part of the site or its contents with the Copyright Office. Some copyright rights (such as the right to sue infringers) require registration, and others (such as the right to collect certain kinds of damages) are waived if a work is not registered in a certain timeframe. 11. Are you a public company, or a private company involved in raising funds from investors? If so, have you considered the impact of statements on your website on fundraising activities, including whether statements made may influence investor decisions about your company? Statements on websites concerning fundraising may be characterized as generalized solicitations, which could disqualify you from using certain exemptions under securities laws.