Conduct Our Website Compliance Legal Audit


Website operators have much to worry about in terms of maintaing proper website compliance. Most don’t know where to begin.  If you answer yes to any of the following questions, you should be sure to read the comments that follow. Each question is meant to address a specific area of website compliance


1. Does your website collect emails or other “Personally Identifiable” Information from visitors?

Yes-You need a Privacy & Communications Policy.

Every website operator needs to disclose how it collects personal information and if and how it discloses such information. Even if you or your business only collect your visitors’ emails in order to send them newsletters or communicate with them, it should be disclosed. If your website collects and then discloses personal or financial information of website visitors without telling them, this is a deceptive practice under some state laws and the Federal Trade Commission (FTC) Act.

The FTC requires you to disclose whether your website will collect personal information (i.e. information that identifies the person such as an email) and “covered information,” including your visitors’ web browser information, location data or screen names. The problem is that so many websites simply copy some other policy they have found on another site. Be forewarned- a cookie-cutter privacy policy can land you in trouble! It may not disclose how or what information you actually collect. Also, recent FTC decisions mean new changes to what should be included in your privacy policies. For instance, you should disclose use of any “third-party cookies.”

Do you plan on participating in Google’s Adsense program? You are now required to include specific notices in your privacy policy regarding the use of third-party cookies and flash cookies. You’ll also be required to use SSL (“Secure Socket Layer”) technology when transmitting any personal information. With recent changes in state and federal laws, generic and outdated privacy policies can cause problems for your business.


2. Does your website collect personal information form children under the age of 13?

Yes-You need to follow the requirements under COPPA and make required disclosures on your website.

The operators of any commercial website or online service directed to children under 13 that collects, uses or discloses any personal information form such children need to comply with The Children’s Online Privacy Protection Act (COPPA). COPPA also applies to the operators of general audience websites and online services where the operators have actual knowledge that they are collecting, using, or disclosing personal information from children under 13. COPPA requires that certain notices to parents and disclosures be made on your website, including whether information collected from children will be disclosed to third parties. The Act also requires that all such websites obtain verifiable parental consent before collecting, using, or disclosing personal information from children.

If you require that your website users register, you need to use some method of determining the age of your users prior to completion of the registration process. Any method you use should not “invite falsification.” For example, the question “are you at least 13 years old?” may invite falsification since a child can simply answer yes and move forward. However, requiring your users to enter their date of birth or using some other similar method probably won’t be seen as inviting falsification. This is especially true if you use some type of cookie disallowing users to re-access the registration process after they have been denied rights to register. If your registration process determines that a user is under the age of 13, it should direct the user to your Privacy Policy and you should include a Parental Consent Form to be downloaded and signed by the user’s parent or guardian before collecting any information.


3. Does your business provide any cash, free products, gifts, coupons, etc. to customers for making any positive reviews on your website?

Yes-You need to make certain “material connection” disclosures on your website.

As of 2009, there is a new sheriff in town when it comes to your customer endorsements and testimonials. Product sellers are now required to: a) disclose any “material connections” with any endorsers if your business compensates any customers or product reviewers, or provides any type of consideration in connection with their endorsement (i.e. a “material connection”); and b) disclose what the average results are when the results in any endorsement or testimonial are not generally expected. This means your business needs to disclose any payments or other gifts to customers or endorsers in exchange for their endorsement. Specific disclosures need to be used in proximity to the endorsement also. (But, including general disclaimers on your website is a good basic measure of protection you should employ.)


4. Are you an affiliate or reseller or do you review products and receive commissions, free gifts, etc.?

Yes-You need to disclose any material connection with the seller of the product.

This means disclosing your paid affiliate status or the fact you have received other consideration in connection with your review/promotion. You should also include a material connection policy on your website. This is basically a disclosure of your relationship with the sellers or manufacturers of any products you review, promote or sell on your website or blog.


5. Do any of customer endorsements appearing on your business’s website or blog involve claims that don’t reflect generally expected results?

Yes-You need to make any required FTC “Generally Expected Results” Disclosures.

Produce and service endorsers cannot make claims the product or service sellers/providers can’t make directly. The use of a generic disclosure such as “results not typical” is no longer permitted! This means disclosing the “generally expected results” of any endorsement that makes a result based claim that is extraordinary.


6. Does your business’s website use photos or images of anyone or use audio or video endorsements on your website?

Yes-You should use a Publicity Consent & Release Agreement with each “recognizable person.”

Do you use any “recognizable persons” in a photo, video or some other way on your website to promote your products? All persons have rights of publicity and rights of privacy. This means you better be careful about how you use another’s likeness, image, voice, name, personal information, etc. in an endorsement or promotion on your website. Will you plan on using any endorsement as a component of some other advertising in future promotions? You may be violating your endorsers’ rights of publicity. Protect your business by using a properly drafted Publicity Consent and Release Agreement and avoid future liability.


7. Does your business’s website make any results based claims regarding your products, including any earnings or income claims?

Yes-The FTC wants you to make necessary disclosures on your website so your claims and ads aren’t materially misleading. Otherwise, they are deceptive.

This means your website should:

    • – Disclose any information necessary for your consumers can make an informed choice; and
    • – Qualify any extraordinary claims regarding results, especially earnings or income results.


8. Does your business offer a “business opportunity” or is it engaged in multi-level marketing and makes earnings or income claims?

Yes-In addition to any specific website disclosures, your website should also include a general earnings and income results disclaimer.

This also applies to any direct claims of earnings or results by other websites or contained in any endorsements. Any claims of earnings by your affiliates, endorsers or by your business directly cannot be deceptive! Besides avoiding untrue earnings claims, not being deceptive also means you need to qualify extraordinary results claims including earnings and income claims. You should provide a statement that whatever earnings you claim or other results are not typical or average earnings and that your business makes not guarantees any customer will achieve the same results. Anything less will land you in hot water.


9. Does your business sell digital goods, provide services or some other intangible product like downloadable items?

Yes-Your customers should be required to register and enter into an appropriate customer product agreement.

When you sell or license goods or services from your website, you should always use some form of a customer product agreement. First, it is highly recommended you make your customers/members register before purchasing or licensing any product or service your websites offers. These agreements should govern the registration process if you don’t make your websites visitors register beforehand. Also, they should include some specific terms depending upon what your website is providing. Customer product agreements can really be broken down into the following basic types of agreements:

     –Website Terms of Sale/service. If you sell any tangible goods or provide any services from your website, you must have appropriate terms of sale or terms of service in place protecting your business. Including terms that control the sale of whatever it is you provide will protect your business from some common potential liability. Don’t make the common mistakes many new or unseasoned Internet businesses make. Not including terms limiting your liability, disclaiming warranties you don’t intend on providing and failing to set the choice of forum for disputes are a few examples of some necessary terms that can help protect your business.

     Content License Agreement. Websites selling retail goods use terms of sale or terms of service for service providers. But, it you provide intangible goods, such as an e-book or other information product your customers download, these products should be licensed to your customers for their non-exclusive use. Reserving your rights of ownership and granting limited rights of use to your customers is imperative. It includes the same basic boiler plate terms and conditions as terms of sale or service.

     Membership/Subscription Agreement. An agreement with your website visitors setting forth the terms of their membership or subscription to some service provided from your website. Membership agreements address the following important terms:

  • Nature of the service being provided;
  • Rights of termination by the website operator;
  • Member obligations;
  • Rights of the website operator to edit or review content submitted by members;
  • Rights of the website operator to use or own content submitted by members;


10. Does your business’s website pass customer billing information to third parties to be used in the sale of some other product or service?

Yes- STOP! This is now illegal under the Restore Online Shopper’s Confidence Act (ROSCA).

Selling someone a front-end product as the initial merchant and then channeling their credit card information to a third party to be used in conjunction with a sale of some product or service (“back end sales”) is now illegal. Under the Restore Online Shopper’s Confidence Act, any initial merchant that directly obtains customer billing information cannot disclose this to a third party “post-transaction seller” where it is to be used in the sale of any goods or services by that seller. This practice by the initial merchant is also known as a “data pass.” It typically occurs when the post-transaction seller offers a negative option type plan (i.e. membership clubs) to consumers as they are in the process of completing their transaction with the initial merchant. These offers are designed to make consumers think they are part of the initial purchase and not a new transaction with a third party seller.


11. Is your business a “Post-Transaction Seller” that receives customer billing information from third party affiliates?

Yes-You need to obtain informed consent from the third party customer.

The customer must be provided with notice of the relevant facts and then can decide whether to purchase from the third party or provide credit card information to the third party. ROSCA makes it unlawful for any post-transaction seller to charge or attempt to charge a consumer’s credit card, debit card, bank account or other financial account for any good or service unless the seller has clearly and conspicuously disclosed to the consumer all material terms of the transaction, including: (1) a description of the goods or services being offered; (2) the fact that the post-transaction seller is not affiliated with the initial merchant; and (3) the cost of the goods or services. The post transaction seller must also have received the express informed consent for the charges by the consumer (by obtaining from the consumer the full account number to be charged and the consumer’s name, address and contact information). Finally, post-transaction sellers must also require that the consumer perform some additional affirmative action, like clicking on “I accept” button or checking a box to indicate his or her informed consent.


12. Does your business offer and charge customers for recurring charges under a negative option billing plan?

Yes-You need to provide notice of the negative option plan and obtain consent.

The term “negative option feature” is defined broadly by the FTC and refers to a category of transactions in which a customer’s failure to take an affirmative action, either to reject an offer or cancel an agreement, is considered by the seller as assent to be charged for some goods or services. If you engage in these practices, FTC laws require that ads for subscriptions clearly and conspicuously disclose material information about the terms of the offer.

ROSCA also places restrictions directly on deceptive negative option sales and marketing tactics, sets forth transparency and informed consent requirements and gives the consumer the ability to stop recurring charges. Specifically, ROSCA prohibits any person from charging or attempting to charge any consumer for goods or services over the Internet through a negative option feature unless the person: (1) clearly and conspicuously discloses the material terms of the transaction before obtaining billing information; (2) obtains the consumer’s express informed consent before charging the consumer; and (3) provides “simple mechanisms” for a consumer to stop recurring charges. The FTC can enforce this law and the Act authorizes every state attorney general (and other authorized state officers) to sue in federal court to stop Internet businesses that are violating this law.


13. Does your business allow your website visitors to post text, video or image files on your website?

Yes-It is very important that you have some type of User Submission Policy, a properly drafted DMCA Policy and file a DMCA Registration Form with the Copyright Office.

The Digital Millennium Copyright Act (“DMCA”) is something you must be familiar with if you operate a blog, chat room or interactive website. The law protects certain “service providers” (i.e. Internet service providers, email providers, search engines, online auction sites, host providers, chat rooms, interactive websites, news providers, etc.) from liability for copyright infringement. If you fall under the definition of a service provider, you generally will be immune from liability for copyright infringement by your website users.

However, there are limitations against service provider liability. All service providers, including blogs and interactive websites, need to include a DMCA Policy on their website. It should contain the contact information of your designated agent, should contain a procedure in compliance with the DMCA Notice and Takedown requirements and Counter-Notice and Putback requirements. It should also set forth a policy for the termination of repeat infringers.

Under Section 512 of the Act, most service providers must designate an agent to receive notice of any infringement claims and register the agent’s contact information with the U.S. Copyright Office (a DMCA Registration). Service providers must also include this information on their website along with complying with the ‘Notice-and-Takedown’ requirements of the Act.

Your website must also comply with the requirements of the Communications Decency Act to avoid liability for claims of defamation. This means avoiding certain activities and too much control over content posted on your website.

User Content Submission Policy: Websites that allow users to post content should also have a policy controlling what type of content may be uploaded. This type of policy states important restrictions preventing obscene, illegal and infringing materials from being posted. It also includes important provisions disclaiming liability and reserving important rights to monitor and edit or remove restricted content. In addition, what can the owner do, or not do, with that material? Who owns the copyrights and other intellectual property rights to any materials posted on the site by the member? If the member owns them, what rights are granted to the site owner and its “successors and assigns” if any, to that material? Can the owner use the material in ways perhaps not originally intended by the member?


14. Is your business a bank, savings and loan or credit union (i.e. a “financial institution”)?

Yes-You need to implement an identity theft prevention program

The U.S Fair Credit Reporting Act requires “financial institutions” to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities that indicate possible identity theft. This policy is not required to be posted on your website, but you are required to adopt such a written policy nevertheless. You may be liable for actual or nominal damages under the Act if you do not comply and you could also face the wrath of the FTC for non-compliance.


What else does my website need?


All websites should have an appropriately drafted Website User Agreement

A Website User Agreement defines the terms and conditions that control your visitor’s use and access of your website.

Your website may also need special disclaimers!

Depending upon your specific website activities, you may also need to include specific website disclaimers. For example, I disclaim that the information on this website is legal advice and that no attorney-client relationship exists. Such specific disclaimers should be contained in your website terms of use and on a separate disclaimers page or directly on your webpages somewhere.


Affordable Flat-Fee Custom Website Legal Document Packages!

Website Legal ComplianceLet Website Attorney Philip A. Nicolosi draft your custom website legal terms, privacy policy, disclaimers and disclosures and affordable, flat-fee package pricing! Protect your personal or business assets and gain peace of mind knowing you or your business has taken the single-most important step in avoiding online liability!



Click here to learn more about our website legal document packages.