1

TOP TEN LEGAL OVERSIGHTS

THAT CAN SHUT DOWN YOUR WEBSITE

© 2007 Brett J. Troutwww.bretttrout.com

 10. No Website DisclaimerSets stageInforms court You know what you are doingYou are proactiveAggrieved partyChanges perception of success at trialMay shift burdenScope of disclaimer varies with websiteIncludeNotice of errors and omissionsDisclaimer of contractual relationship (if appropriate)Website/industry disclaimersDo not includeRedundant disclaimersUnreasonable disclaimersDraft for typical website visitorConsider type of information on websiteCollectionDistribution Presentation Consider “standard in industry”Update as appropriateMake sure you understand disclaimer

9. Privacy BreachesYouEnd userCollected informationUse SecurityDispositionAvoid surprises for end userPrivacy PolicyDo not unnecessarily restrict yourselfEasy to narrowDifficult to broadenBe aware of industry specific requirementsGramm Leach BlileyCOPPAHIPAA

8. No Chain of commandEveryone thinking someone else is handling the problemCEOCIOOutside counselOfficers and directors Key to designating chain of commandMay be held personally liable Made aware of the problemFailed to take appropriate action

Develop a coordinated chain of commandRequireWritten reporting procedures and protocols Addressing of IT issues on a timely basis Designate Chief Information Officer (“CIO“)Coordinate directly with the Board of DirectorsReduce critical delays and failures

7. Losing Intellectual PropertyPrincipal asset of most online companiesTrademarksCustomer listsProprietary technology PatentsDue diligence What do they haveCollect documentation regarding ownershipMaintain IP portfolioDocument intellectual property transfer procedures before useInform appropriate personnel of policiesObtain protectionTrademarksPatentsCopyrightsUse an intellectual property attorneyHave a readily available portfolioIdentify potential IP revenue streamsLimited time to take actionAssess value ProtectDo not protectMake active decisions Easy once structure in placePrevents valuable IP being lost forever

6. Security BreachesAnnual cost is $1.5 trillionHackersDisgruntled/Careless employeesDOS AttackDefacing websiteVirusesHijacking bandwidthAllowing unsecured access to websiteDeleting sensitive dataFailing to back-up sensitive dataGiving out passwords over the phoneDo not thinkWe are not a targetFirewalls prevent all hackingPasswords prevent unauthorized accessIT Department will prevent any LossAll our employees are

TrustworthyVigilantIT savvyOur lawyers have it covered Our contracts transfer all liabilityOur Vendors have the ability to pay for their negligenceAssess dangerTake action Designate Chief Security Officer (CSO)Identify and prioritize risksAdopt written security policiesConduct Security AuditTrain employeesTake ActionRequire security from vendorsDeter hackersUpdate policies and technology just ahead of industryShare strategiesTailor security plan toType of information collectedUnique vulnerabilitiesBe able to trace intrusionAction plan for breachesIdentify quicklyIsolate breached areaHave disaster recovery plan in placeDo not be The WorstThe Best

5. Breaking the LawHundreds of laws governing online activityGLBHIPAACOPPAHaving your ducks in a rowReduces exposureReduces required remedial measuresDesignate internal regulatory compliance committeeKeep abreast of changing lawsEspecially in your industrySeverity of government enforcement probably as important as language of statuteAgencies were not as aggressiveGive business time to adoptLet market work outKinksVulnerabilitiesBest practicesNow agencies much more aggressiveAgencies know what to look forFew companies not in complianceBe prepared to respond quickly and thoroughly

2

Thousands of Things Can Shut

Down Your WebsiteHardware Failure

Software Failure

Employee Mistakes

ISP Mistakes

HackersForce

Majeure

Legal Oversights

3

4

Legal Oversights

Lots of Crossed Fingers

Lawyers unaware

Businessunaware

Advisors Unaware

5

Things to remember

Fixing every flaw is too difficult

No lawyer can find every flaw

No website is perfect

Perfect websites still get sued

Look for trends

Address issues quickly

General Advice

Look to others in your industry

Stay abreast

of changes in the

law

Open communication

with your lawyer

Share Strateg

ies

6

7

Address problems quickly

Have an action plan

Prepare for the

unexpected

A few hours can make

the difference

Have forensics in

place

Get an attorney that knows IT legal issues

• Nearly invisible on most lawyers’ radar

• Most lawyers avoid cyberlaw advice– Not sure what to look for– Would not know what to do with a problem

• Most attorney’s simply cross their fingers

8

9

10. No Website Disclaimer

Likelihood of a lawsuit

Scope varies with

website

Draft for typical visitor

Consider industry standard

Update as appropriat

e

You must understand disclaimer

10

9. Privacy BreachesMisuse of Collected

Data

No Surprises

Signatures for Unusual Usage

11

8. No Chain of Command

Board of Directors

Chief Informat

ion Officer

Employees

7. Losing Intellectual Property

Patent, Trademark, Copyright, Trade Secret

Principal asset of most online companies

IP Audit

Register protection

Keep IP portfolio current

12

13

6. Security Breaches

$1.5 trillion/yr

Hackers/employees

Do not get complacent - share intel

Identify/prioritize risks

Written security policies/audit

5. Breaking the Law

Regulatory

compliance

committee

Hundreds of

cyberlaws

Criminal and civil penalties

Monitor legislatio

n

Do not be the worst in

your industry

Be ready to adjust quickly

Industry specific

14

15

4. Contracts

Bad Contract

Good Contract

16

3. Intellectual Property Infringement

Patent, Trademark, Copyright, Trade Secret

Teach employees

No fair use

Confirm ownership before you use it

Attorney fees3x damages

17

2. Ignoring Your Lawyer

Ignoring advice

Not using contracts

Failing to keep lawyer in the

loop

Letting IP lapse

Failing to train employees

18

1. No Formal PoliciesPolicy

specific to company

Use previous nine as outline

Followed by all

employees

Living document

Monitor change

Before a problem arises

Benefits

Less likely to get sued

Less likely to have website

shut down

Clients happier

Vendors happier

Employees happier

Board of Director happier

Lawyer happier

19

What if you still get sued?

Better positioned

to win early

Judge and jury can see

you know what you are doing

Other side more likely

to settle

Still cheaper, faster, easier

20