Can Your Client’s Website Put Its Business At Risk?

By Brian Behrens

According to BI IntelligenceBusiness Insider’s premium research service, U.S. consumers will spend $632 billion online by 2020, up from $385 billion in 2016. Brick-and-mortar stores scrambling to compete are investing in websites that will capture the eyeballs and wallets of online shoppers. But a pretty face is not enough when creating a dynamic digital presence. A website with all of the bells and whistles that is not legally safe, secure and compliant can put your client’s business and customers at risk.

Although requirements may differ from business to business, here are 10 issues your client should consider that will help keep its website on the right side of the law.

Is the company’s information displayed?
Companies are legally required to have their address and contact information, including email address, displayed on their website. Most business owners put this information on their “Contact Us” page and on the footer of their Home page.

Does the website have a privacy policy?
A privacy policy details what data a website collects from users (e.g., web cookies, emails, age, gender, credit-card information), how the business will use that data, how it will be stored and protected, if customers have control over their personal data and, if so, what kind of control, and if the business will be sharing that data with other businesses or third parties. It should be accessible from every page on the site with a link often found on the footer of the Home page.

Should the website be GDPR-compliant?
It is important to make clients aware of a significant change in data-security laws to protect members of the European Union. The new law – the General Data Protection Regulation, or GDPR – goes into effect on May 25 and affects any business across the globe that collects personal information from someone who is a member of the EU. If a business’s website sells or even advertises to individuals in Europe, being vigilant about fulfilling the new GDPR regulations will keep businesses from facing hefty fines for non-compliance.

Is the website COPPA-compliant?
If your client collects information from children under age 13, either intentionally or not, the client must make sure its website is compliant with The Children’s Online Privacy Protection Act (COPPA), with accompanying disclosures in its Privacy Policy. COPPA puts parents in control of what information a website can collect from their children.

Does the website have a Terms-and-Conditions page?
While there is no legal requirement to include a Terms-and-Conditions page on a website, it is wise to do so, as it can limit a business’s liability if a customer or user pursues litigation against the business. It also protects the business’s rights to the content on the site and makes clear the contractual terms between the business and its customers. The basic elements that should be included in a Terms-and Conditions page are provisions to limit liability, protect the business’s intellectual rights and those of third parties, reference the Privacy Policy (required by law) and set governing law and venue for any disputes that may occur.

Can people with disabilities use the website?
According to the Web Content Accessibility Guidelines (WCAG), content on a website must be equally accessible to those with disabilities, including visual, auditory, physical, speech, cognitive, language, learning and neurological. The list of 14 guidelines is revised periodically and includes making sure the site provides equivalent alternatives to auditory and visual content, does not rely on color alone and provides clear navigation elements.

Is the website safe from a cyberattack?
Every day hackers attempt to steal sensitive data, such as credit-card details, Social Security numbers and personal-contact information from websites. Have your clients taken all of the precautions necessary to thwart such attempts and provide their customers with the reassurance that doing business online with them is safe from cybersecurity threats and scams? A single successful attack could damage a business greatly, bring your client’s reputation into question and cause a serious financial burden to your client and its customers.

Does the website adhere to anti-spam law?
The Federal Trade Commission’s CAN-SPAM Act sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have a business stop emailing them and spells out tough penalties for violations. One of the most common ways a business can adhere to this law is to make sure users can opt out of receiving emails from the business. This is an evolving area of the law and requires companies to stay up-to-date to reduce liability for noncompliance.

Is your client following best practices when hosting a sweepstakes or contest on the website?
Internet contests are a great way to promote a business, but it is necessary to comply with applicable law and administer a legitimate process. Rules and regulations vary from state to state and should be followed expressly. A site’s users should be able to read all of the terms and conditions of the contest, whatever its form, in a clear and obvious place on the website, and businesses must obtain all of the necessary rights and licenses from entrants and winners. Even though such contests are intended to be fun and reward customers and users of the website, failure to adhere to rules and regulations can give rise to expensive legal claims against a business.

Has your client properly vetted the web developer and designer?
When clients are considering building a website for their business, it is important to make sure that they are on the same page with their web developer and designer about how they want their website to look and function. If a business wants something unique, it needs to make sure it is not getting a “one-size-fits-all” template or a copycat version of someone else’s site. For example, I encountered a situation where a site developer had copied the content, look and feel of another website in developing a website for a business. Unfortunately for the unsuspecting business, it received a cease-and-desist letter with the threat of a lawsuit for intellectual-property infringement. Fortunately, most freelance web developers and marketing firms are pros and would never do this, but it is definitely something to counsel your clients to keep in mind.

Is your client savvy about sales taxes?
Just as brick-and-mortar stores must collect any applicable sales taxes, so must anyone who sells online. Because regulations can differ from state to state and internationally, your clients need to understand when to charge sales tax, when they are exempt and how much to charge.

Nearly every business today has an online presence, but launching a website without considering the legal issues associated with it can quickly bring a business to a halt. Counsel your clients to play by the rules and build a website that not only looks good and functions well but operates on the right side of the law.


This article was originally published in the May 8, 2018 issue of Missouri Lawyers Weekly.

Brian C. Behrens is an attorney at Carmody MacDonald P.C. in St. Louis. He concentrates his practice in the areas of corporate and business law, mergers and acquisitions, growth and venture companies, and corporate finance.

This column is for informational purposes only. Nothing herein should be considered legal advice or as creating an attorney-client relationship. The choice of a lawyer is an important decision and should not be based solely on advertisements. Read our full Legal Disclaimer.