Web site legal audits: a basic check list

Web site legal audits: a basic check list – Legal Update

Maria E. Recalde

The development, operation, and maintenance of a web site raise legal issues as the laws applicable to the Internet and e-commerce can be complex.

Initial and periodical web site legal audits provide a practical tool with which to assess compliance with applicable laws, including state and federal legislation regulating Internet content, commerce, and conduct, as well as applicable industry-related laws and regulations such as HIPAA applicable to the healthcare industry. Such web site audits are also important in determining areas of potential exposure to liability and developing risk management strategies.

Certain fundamental issues should be addressed:


* Does the site collect any personally identifiable information?

* Does the site collect information from children?

* Is there an appropriate Privacy Policy posted on the web site?

* Are the organization’s privacy practices consistent with its Privacy Policy?

* Is the organization complying with applicable privacy laws and regulations?

* To the extent the organization operates internationally, is it complying with requirements from the European Union, Canada, and other countries?

Regulatory Compliance

* To the extent the organization is involved in a regulated industry, is the organization complying with regulations applicable to its industry (e.g., HIPAA)?


* Have the appropriate disclaimers been posted on the web site (e.g., liability, endorsements, content, hyperlink disclaimers)?

Terms and Conditions for Web Site Use

* Are Terms of Use posted on the web site?

* Are users required to read and accept the Terms of Use?

* Do the Terms of Use comply with applicable laws and regulations?

* Are the organization’s internal practices consistent with the stated Terms of Use?


* Who created the web site content?

* Are third-party materials, such as graphics, music, photographs, or written materials, incorporated in the content?

* Is there an appropriate “work for hire” agreement, assignment of rights and/or license in place with respect to all third-party materials?

* Is the content reviewed for accuracy, fair advertising practices, intellectual property rights, compliance with applicable regulations, and other issues?

* To the extent there are licensing agreements in place, do they provide the organization the rights it needs to distribute, alter, modify, or otherwise use the licensed content?

* Do the licensing agreements in place, if any, contain the appropriate representations and warranties for the licensed content and the appropriate indemnifications by the licensor?

Control, Security, and Monitoring

* Does the organization maintain sufficient control over the posting of content on its web site?

* Do the organization’s internal practices provide sufficient guidance for employees to reduce exposure to liability?

* Is the organization exposed to electronic security risks?


* Who developed the web site?

* If an independent web site developer, rather than an organization employee, is there a written web site development agreement in which the developer assigns all rights to the organization?

Chat Rooms/Message Board

* Are there appropriate policies in place dealing specifically with any interactive chat room or message board operated on the web site?

* Are users required to read and accept the policies posted prior to accessing the chat room or message board?

Intellectual Property

* Has the site been registered for copyright?

* Are trademark and copyright notices properly placed and used on the web site?

Advertising and Promotions

* Are the organization’s advertising and promotion practices in compliance with applicable laws, including fair advertising laws?

Technology Used

* Is the technology used on the web site (including the use of meta-tags and/or framing and linking technology) exposing the organization to liability?

Web Site Hosting

* If the organization’s web site is hosted by a third-party, is there an appropriate written web site hosting agreement in place?

The issues listed above are not intended to be exhaustive of the many issues raised in the development, operation, and maintenance of a web site. The web site owner should work with legal counsel to reduce the inherent risks associated with owning a web site.

Maria E. Recalde is a partner at Sheehan Phinney Bass + Green, PA. She is a member of the firm s Business Litigation and Intellectual Property and Technology Practice Groups. She may be reached at mrecalde@sheehan.com.

COPYRIGHT 2003 Healthcare Review

COPYRIGHT 2003 Gale Group