Website development: A practical approach to the legal pitfalls: Part 2

Website development: A practical approach to the legal pitfalls: Part 2

Miller, Nigel

Nigel Miller continues his look at the importance of protecting your web presence. This month he considers the need for a bulletproof service agreement.

An important aspect in protecting your website is to ensure that the website development is carried out under an appropriate agreement. In the last issue we looked at the considerations that revolve around preparation and design. However, there is more to the story – the services to be offered by the developer, warranties that relate to performance and hosting of the finished site.

Services

The fundamental aspect of any agreement for the provision of services is to define clearly the services which the developer is to supply. In a website development contract, there can be a range of potential services apart from pure website development work. For example, the developer may also be providing some or all of the following:

Hosting – Typically, an SME will not host its own website. Accordingly, the provider of hosting services will let the client place the software and content relating to the client’s website on the provider’s servers, which are connected directly to the Internet. The provider will be responsible for managing those servers and maintaining the connection. Often, the client’s website will be one of a number of websites hosted on the same servers. While this is a cost-efficient solution, it can raise questions regarding the performance of the website and the bandwidth which is made available.

Another model, known as co-location, is where the customer has its own servers but locates them at the provider’s facility. Where co-location is involved, the provider is responsible for maintaining the servers, for their overall security and for their connection to the Internet. In this case, no other website will be hosted on the same server, which will be dedicated to the client’s website. This is a more expensive solution but one that may provide the client with greater performance and guarantee of bandwidth availability.

If the developer is providing hosting services, then consider separating this out into a standalone agreement. This is because hosting will continue beyond the development phase and the client may want to terminate it independently of the ongoing obligations under the development agreement.

Domain name registration – it is risky to outsource the registration and management of domain names unless these processes are managed and closely regulated by contract. The client must ensure that the details of the registration are correctly set out. For example, while the developer may register the client’s domain names, they must be in the client’s name and not in the developer’s name. If the developer’s name is entered as the contact and the renewal fee is not paid, the domain name may be lost and can then be difficult and expensive to recover. This is a risk given that the relationship with the developer may not continue beyond the development of the website.

Training – Where the content on the website is to be maintained by the client, the client’s personnel may need some training from the developer in uploading and updating. The nature and extent of this training should be clearly specified.

Support Services – It may be beneficial for the client to enter into a support agreement under which the developer agrees to maintain the website following the initial development. This may mean that the developer will be assisting the client with uploading content, or it may just mean that the developer is fixing any bugs that appear or making changes as required from time to time and providing support to the client’s staff managing the content.

Marketing services – These may also be provided by the developer in terms of registration of the website with search engines, promoting the website and providing to the client periodic website statistics and analysis with recommendations for action.

Warranties and liability – Apart from warranties relating to intellectual property, discussed in the last issue, the website owner will want warranties relating to the development and performance of the website.

A warranty of conformity with the specification is a cornerstone but may not be the complete picture, as the specification will not be exhaustive. There are other warranties that are web-development-specific, including that graphics have a consistent cross-platform appearance and that the website and associated programs can handle the maximum load that the client anticipates. A general warranty that the website will be free of material defects is a useful sweeper.

There have been from time to time a number of high profile news reports of serious security breaches with online banks: for example, one bank’s customers complained of being able to view other customers’ account details. The website was immediately taken down, but the damage in terms of consumer perception was already done. Security breaches of this type are embarrassing, but would be insignificant when compared with the damage caused by a malevolent hacker engaging in fraudulent activity. For many websites, particularly those engaged in some form of e-commerce, security is an important issue. Warranties should be extracted in relation to security, together with undertakings to install and keep up to date patches for the web server and associated software to fix any security holes and to keep them up to date within, for example, 12 hours of release. In the event of a security breach being identified, the developer could be committed to take the website offline within, say, one hour of being notified. Ultimately, in the event of a serious security difficulty, the client may wish to have the right of termination of the agreement, coupled with a requirement on the developer to assist in the migration of the website to a more secure server.

The developer will be keen to ensure that he does not assume any liability for the business being transacted on the website. On the one hand, while the developer should not have any liability in relation to products and services being sold or marketed by the website owner, he should be liable if, for example, the technology fails and does not allow the website owner to generate sales or collect revenue as anticipated. As in many commercial contracts, financial loss will be the main item of loss which the website owner may suffer in the event of a breach of warranty on the part of the developer. Standard clauses which seek to exclude liability for loss of profits and economic loss, where this is a direct loss, as opposed to an indirect loss, will not be acceptable.

Performance warranties – The most important aspects of hosting agreements relate to the performance levels of service which the provider offers. Service level warranties could include:

* Service response and bandwidth – if a website is slow to respond, then it may be to do with its design or it may be to do with the servers or the bandwidth being made available to it.

* Server downtime – inevitably, servers will need to be maintained and backups taken and this can lead to short periods of server downtime. Minimum levels of downtime can be contractually committed. If the client can tolerate no down time at all then it may be necessary to consider mirrored servers.

Acceptance testing – Provisions relating to acceptance testing, acceptance and the consequences of non-acceptance are crucial, particularly as acceptance usually involves a final or substantial payment. This motivates the developer to ensure acceptance. Also, acceptance implies that the website has moved from the development stage into a warranty period or support contract.

It may not be possible to test all aspects of the website, but acceptance tests must test the major functionality of the website, including, for example, verification of response times, veracity of links, overall conformity with the specification, correct handling of input data, cross-browser compatibilities, printing and so on.

The acceptance clauses may be similar to those in complex software development agreements. However, bear in mind that the performance of a website in a controlled environment may be very different from that where it is live with multiple users accessing it simultaneously.

If the website fails acceptance tests, the developer should be required to correct the problems as quickly as possible so that the tests can be repeated. The client should have some control over how many times they can be repeated. After perhaps two rounds of acceptance testing, the client should have more serious remedies. This might include accepting the website as is, albeit deficient, with some retention or reduction in price. In serious cases, where the website is unacceptable, the client should have the ultimate remedy to withdraw from the agreement and recover monies paid.

Portability – If, for whatever reason, the client wishes to migrate the website from one provider to another, it will need the support of the developer and the host service provider. Contractual commitments in terms of the timetable for co-operating in any migration can be included to prevent the client becoming locked into a single provider in circumstances where the service levels are poor but for technical reasons it may be difficult to migrate the website without assistance from the developer.

Nigel Miller is a Commerce and Technology partner at City law firm Fox Williams. He is also joint-Chair of the Society for Computers & Law. Nigel can be contacted at nmiller@foxwilliams.com or visit www.foxwilliams.com

Copyright Institute of Credit Management Ltd. Jul 2006

Provided by ProQuest Information and Learning Company. All rights Reserved