This article reviews what needs to be included in terms-of-use agreements and privacy policies for company websites so that you can determine whether your company needs to review and update any of the provisions in them to better protect your company.
These provisions are typically included in a hyperlink at the bottom of a webpage. They can also be named terms of service, terms and conditions, conditions of use, or similar phrases. The first rule about these provisions is that they should be easy to read and understand. The provisions are intended to be a legal agreement binding on the website user which establish the terms a user must abide by to use the website.
Terms-of-use provisions generally include:
• Agreement to use the website only for lawful purposes (prohibits use of malware or other software that interferes with the content or use of the website);
• Disclaimer that the information on the site is for general information purposes and there is no warranty regarding the accuracy, completeness, or usefulness of the information. The disclaimer should extend to third-party content if used on website;
• Acknowledgement that website content is owned by the company and is protected by copyright, trademark, and other intellectual-property laws, and the material cannot be reproduced or modified;
• If the website contains message boards, chat rooms, or other interactive features, terms governing user-generated content so that user-posted material does not violate laws or company standards;
• Email address for feedback or comments relating to the website; and
• Traditional contract provisions such as disclaimer of warranties, limitations on liability, governing law, and indemnification.
“Browsewrap” vs. “clickwrap” agreements
• A description of what kind of information you collect from users, why you collect it, how you use it, how long you store it, and what information is shared with third parties;
• Disclosure that the company may have to release collected user information in response to warrants, subpoenas, or other legal process;
• How to request changes to, or a review of, any information of the user that is collected and stored;
• An opt-out procedure for users who do not want their information shared with third parties or used by the company;
• The policy should identify the date it was last revised.
The word “privacy” should be used in the title of the policy and any links to the policy.
While provisions in terms-of-use agreements and privacy policies on company websites may look “boilerplate,” they are not. These must be tailored to the capabilities and functions of your website and to the specific information that is being collected and stored from user use.
Gail M. Norris is a senior counsel in the Rochester office of the Syracuse–based law firm of Bond, Schoeneck & King PLLC. She works in Bond’s Cybersecurity and Data Privacy practice. Contact Norris at email@example.com. This article is drawn from the law firm’s Cybersecurity and Data Privacy Information Memo.