Keeping your website legal

For most of us building a website is a really exciting time in the business lifecycle. It’s our opportunity to add a little bit of creative flare into our business image, and it’s a way of introducing our business to the wider world.

Something that we often forget during this process though is the legal side of things. Keeping our web presence on the right side of the law, both here and in other countries is essential. It may not seem like anything to worry about at first glances (you are probably thinking that there are so many websites online that the chances of being prosecuted are minor) but the liability that you face is potentially huge should you not take some simple steps to protect yourself and your business.

Copyright

The first thing you need to understand is that all content both offline and online holds a copyright. Images, text and design are all examples of content that can hold copyright.

There are two ways you can ensure that you do not breach anyone’s copyright.

  1. Ensure that your content is your own work and unique to you. That means using your own words, your own images (taken by you or for you) and ensuring that your website is designed from scratch and uses unique code.
  2. Ensure that any content you use that is not rightfully yours is licensed for you to use, and that you use that content exactly as per the terms of your license. That means that if perhaps you don’t have your own images you may consider purchasing stock images from an online site. When doing this ensure that you check the terms of the license agreement and ensure that you retain proof of purchase and your granting of license. If you want to use other peoples text, designs or even want to link to their content then ensure that you first seek permission to do so, and keep a record of that permission just incase you are ever challenged.

Trademarks

Sometimes you can infringe registered trademarks without even realizing it. There are lots of different things that people trademark including images, words and phrases.

It’s not only the actual content of your site that you need to think about when it comes to this, but also the domain name (web address) that you register where your website is displayed.

You should carry out thorough checks before purchasing domain names, using straplines and so on, to ensure that you do not breech registered trademarks – be it intentional or not.

Defamation

Making false statements about someone or some organization that could be damaging to their reputation means that you could be held liable for a defamation claim.

It doesn’t mean that you can’t mention people or businesses online, but it does mean that you can be held accountable for what you say.

As a basic form of protection you should ensure that if you do have a need and a reason to pass comment then that comment must be based 100% on fact – the truth!

Linking

Without links the World Wide Web would not be World Wide, nor would it be a Web. However, there are a few no-no’s when it comes to linking.

Do not use an IMG link, which shows the images located on someone else’s website on your own. This is a form of copyright breech as you are using their work as your own. If you wish to do this you should first seek the copyright owner’s express permission to do so, and retain a record of that permission.

Using frames within your website to display external content. This again runs the risk of breeching copyright, than less of course that content belongs to you. If you wish to do this then again ensure that you first seek and gain permission, and have a record of that permission.

Usage Policies

Every website should set out clear guideline for use of the site in the form of a Terms of Usage or Terms and Conditions style document. The document should be easily viewable online and in some cases it could be worth providing a printable copy too.

A Privacy Policy should be in place to explain to visitors how you treat their privacy. This is especially important should your site collect information from them, sell products or services, or use cookies to track their browsing habits whilst on your site – even if you use external services such as Google Analytics rather than your own on-site service. And, as per new EU Legislation you must also seek to gain a visitors permission to use cookies prior to them using your site. A simple pop-up window that asks them to either agree to the policy or not use your site should protect the average website.

Accessibility 

The Disability Discrimination Act here in the UK means that if you own a website you must take all reasonable steps to ensure that it can be accessed by everyone, regardless of their ability.

In order to adhere to this legislation you should ensure that your website is built inline with W3C standards and you should regularly review your website design and performance to ensure that it remains compliant as technologies change.

Protection

Sometimes it isn’t always possible to stay totally within the law. It could be that the use of a single word could breech someone’s trademark, and potentially no end of research would flag that breech up.

If your website is commercially based (used for business rather than pleasure) then it would be strongly recommended to think about some form of insurance cover should the worst happen.

Many standard insurance policies for business now include a clause regarding the running of a website, or at least have add-in’s to cover for such things. If however you run an e-commerce site the it would be advisable to look into full e-commerce insurance to ensure that you are fully protected for all eventualities.

Summary

We are by no means experts on the law. We are not legally trained, nor should our advice within this post be taken as gospel.

Wherever possible, should you feel that your website requires it, you should consider seeking out professional legal advice.

However, hopefully this article will serve as a rough guide to help you make informed decisions.

What is SSL & SSH, and do I need them?

SSL and SSH are both terms you are likely to either have come across in the past or will come across in the future. Both are abbreviations for achieving secure data transfers.

SSL

This stands for Secure Sockets Layer, and commonly uses Port 443 to connect your computer to a secure server on the Internet. SSL is commonly used for the transmission of sensitive data on the Internet such as Credit Card details, Tax, Banking and other Personal Information – usually to a business, such as an e-commerce retailer.

SSH

This stands for Secure Shell and commonly uses Port 22 to connect your computer to another computer on the Internet. Usually, SSH is used by a network administrator for things like remote login, where the administrator can login to a company network from home and carry out tasks such as rebooting the email server or resetting passwords.

Why?

The purpose of both SSL and SSH is to create a confidential connection across the World Wide Wed. It is generally not possible for a regular hackers to break into an SSL or SSH connection, except in only very few circumstances, and the method used for encryption is as reliable as it can be.

If you are required to transmit any kind of sensitive data using the net then it is advisable to do so using either SSL or SSH as data transfer is scrambled into a meaningless result to anyone who intercepts that information other than the two computers directly involved in the sending and receiving process.

How?

From the point of view say of a customer to an e-commerce website who is going to make a purchase, SSL is more than likely something they aren’t even aware of. The sign that the website uses SSL is that the beginning of the web address will start https:// rather than http://.

When the customer makes their payment and submits their details this process will normally be processed via https:// and the process before it, where they simply choose the product they want to buy, is likely to only use http://.

Cost?

To this e-commerce customer there is no direct cost. They simply shop in the normal way, as they would expect to.

However, to the merchant there will be a cost to the use of SSL. This cost will vary depending on their web host, with some hosts charging a monthly fee and others opting for an annual subscription. Either way, SSL is generally ordered via your web host.

Summary

If you are required to collect sensitive data on the web, or need to transfer that data between computers or servers then privacy legislation means that you have a first hand responsibility to safeguard it.

As such, the use of SSL and SSH is highly advisable. At the very least, if you are using SSL and there is still a breach of security with regard to the transmission of that data, then you are at least seen as having taken all necessary precautions to safeguard the data whilst it is in your possession.

How do I comply with the EU cookie law?

As of the 26th May 2012 the EU cookie law requires a website to gain permission from its users before planting cookies on their local machine.

A cookie is a type of information that a website stores on the hard disk of your computer machine in order to remember certain details about you at a later time, such as when you click the “Remember Me” box on login pages. Cookies often record individual preferences for a given site making the future browsing of that site easier for you, but they can also be used to help advertisers show you banner advertisements specific to your online habits.

The EU cookie law is a piece of privacy legislation that was originally adopted by all EU countries, and the UK was given one year to comply with the directive after updating its Privacy and Electronic Communications Regulations, which brought the EU directive in to UK law.

Designed to protect the online privacy of customers, the law means that your website needs to make each individual visitor aware that your site uses cookies, and giving them to choice of whether or not to use the service, or if available to be able to choose how much information is collected.

Every EU member has their own approach to the law, but the basic requirement remains the same regardless.

The Information Commissioners Office (ICO) is responsible for upholding the legislation, ensuring that organisations are complying with the cookie law.

After the 26th May, if a business is not compliant, or is seen to be actively working towards compliance, it will then run the risk of enforcement action, with possible fines of up to £500,000.

Quick and simple action

Some larger scale organisations have implemented some ingenious solutions to ensure that they get the permission of each user to send cookies to their machines, including the introduction of “Privacy Sliders” that easily allow a user to adjust the level of information that a cookie collects about their usage.

However, for many small businesses there is a significant lack of budget to introduce fancy methods such as this.

A simple solution, as per the guidance issued by the ICO, suggests that online businesses could send prompts to appear on a user’s screen asking for consent to use cookies, which it says would be an easy option for achieving immediate compliance. Alternatively, it suggests, the user could be asked to sign up for the terms and conditions of a site, where the use of cookies is explained and then accepted or declined, thereby avoiding pop-up messages that many users see as tedious.

The ICO have admitted that organisations will need some time to comply with the new EU cookie law, but still insists that they should be able to demonstrate they have a plan in place to reach compliance as quickly as possible.