Featured Publications

Maria Currier Named Chair of Holland & Knight's National Health Law and Life Sciences Team

MIAMI – Maria Currier, a partner in Holland & Knight's Miami office, was named chair of the firm's national Health Law and Life Sciences Team, one of the largest health law and life sciences teams in the U.S.

More

Deborah Haddad Joins Holland & Knight's Chicago Office

CHICAGO – Deborah T. Haddad has joined the firm's Chicago office as a partner in the Real Estate Transactions Group.

More

Search Our Library

Search

  • Printer friendly
  • Email this page to a friend
  • Generate a PDF version of this page
Intellectual Property and Technology
Newsletter - February 2002
 
In this Issue...
Web Site Legal Audits
 
 February 4, 2002
 

The operation of Web sites is currently under close public, regulatory and legislative scrutiny. Government agencies, bombarded with complaints, have begun to investigate and take legal action against Web sites, particularly in the context of on-line privacy violations. For instance, the U.S. Federal Trade Commission (FTC) recently announced a settlement with three Web sites involving $100,000 in civil penalties for their violations of the Children's Online Privacy Protection Act. There also have been numerous individual and class action lawsuits related to online privacy issues and other issues surrounding the operation of a Web site, such as defamatory content posted by users, infringement of intellectual property rights, unfair and deceptive trade practice violations, and breaches of online contracts.

In addition to regulatory violations and civil and criminal liability, these and a variety of other issues also may result in lost revenue and business opportunities, erosion of branding, erosion of reputation, adverse media attention, and unwanted scrutiny from consumer advocates. Web site operators may avoid these problems by conducting regular audits of their sites to ensure compliance.

Patchwork of Applicable Laws

The operation of a Web site once was almost entirely self regulated. However, Web site owners and operators now find themselves potentially subject to a patchwork of laws, regulations and industry standards. In the area of online privacy alone, a Web site potentially must comply with the following:

Children's Online Privacy Protection Act (COPPA). Enacted into law in 1998, COPPA requires Web sites visited by children under the age of 13 to post a specific privacy policy and to obtain verifiable parental consent. Importantly, COPPA contains safe harbor provisions. Owners of Web sites are well advised to understand the provisions and take full advantage of them.

Financial Institutions Modernization Act (commonly known as the Gramm-Leach-Biley Act (GLBA)). The FTC has finalized its rules to implement the GLBA, which became fully effective in July of 2001. The GLBA regulates the privacy of personally identifiable, non-public financial information disclosed by financial institutions to certain parties.

Health Insurance Portability and Accountability Act (HIPAA). The U.S. Department of Health and Human Services is finalizing privacy rules for HIPAA, which go into effect in 2003. The regulations will standardize the sharing of medical information.

The EU Privacy Directive. The EU Directive, which went into effect in 1998, sets privacy standards for all EU members, and limits the nature of data transfers to and from countries such as the U.S. that do not have "adequate" data protection legislation. There are, however, safe harbor standards to which Web site operators may wish to adhere.

The Canadian Personal Information Protection and Electronic Documents Act (Bill C6). This law, which became effective January 1, 2001, sets forth ground rules for collection, use and disclosure of personal information. It will become effective in stages, but by January 2004, the Act will apply to all intraprovincial, interprovincial and international commercial activities of all organizations.

In addition, a Web site may need to comply with the Communications Decency Act, the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Privacy Act, the Cable Communications Policy Act, the Telecommunications Act, the Right to Financial Privacy Act and the Family Educational Rights and Privacy Act. Approximately 50 countries have developed online privacy laws (with substantial variations among them), and dozens of bills related to online privacy are currently pending in the U.S. Congress.

Finally, in the absence of specific online privacy legislation in a particular area or sector, federal and state agencies alike have begun making use of existing laws (e.g. unfair and deceptive trade practice laws) to find privacy violations in the operation of a Web site. The FTC is the agency that has recently shown the most interest in online privacy, initiating an investigation of DoubleClick and bringing an enforcement action against ReverseAuction.com for allegedly failing to comply with their stated privacy policies.

What to Look For

Aside from online privacy issues, there are many other potential areas of legal risk involved in the operation of a Web site (e.g., intellectual property rights, online contracts, defamation (particularly with regard to publication of content by users in relation to the Communications Decency Act), consumer protection laws, advertising laws, whether cyberliabiilty insurance should be secured). A Web site legal audit enables a Web site operator to identify potential risks and to devise an appropriate compliance strategy that takes into account the jurisdictions in which the site has a presence and the site operator's appetite for risk. Web site operators are well advised to have a full-service Web site legal audit performed to identify all areas of potential risk. A Web site legal audit should, at a minimum, include a review of the following broad issues:

Applicable Laws and Regulations. If a Web site owner does business in a regulated industry or has a significant presence in a foreign country, review the Web site for compliance with the applicable laws and regulations.

Intellectual Property Rights. Web sites involve an enormous range of intellectual property. The Web site owner must ensure that it has proper licenses to use content obtained from third parties. At the same time, the owner should ensure that it takes adequate steps to protect its own content.

Privacy Issues. If the Web site collects personal information from visitors, significant privacy issues arise, particularly if the Web site is aimed at children. Carefully review the Web site's privacy policy, practices and compliance with applicable laws.

Online Contracts and Transactions. Analyze any agreements on the site, including user agreements or terms of use, and contracts arising from commerce transactions to ensure that they are enforceable and contain terms that will protect the Web site owner's interests.

Tort Liability Issues. If the Web site allows users to publish content, it is essential to limit the Web site owner's liability through suitable disclaimers, limitations of liability and other controls on users. Carefully review agreements with users to minimize potential liability.

Advertising and Promotions. Analyze the site's advertising practices and promotions for compliance with applicable laws. Carefully review the terms of its arrangements with advertisers.

Any issues that may be uncovered during an audit should be resolved in a timely manner, since the Web site operator may be considered to have actual knowledge of issues once they are identified. Moreover, most Web sites are dynamic and change frequently, so perform "maintenance" audits periodically to ensure that new or different issues have not arisen due to the rapidly changing regulatory landscape.

For more information, contact Sheila Heidmiller at 888-688-8500 or via e-mail at smheidmi@hklaw.com.