Updating Your Website? Update Your Terms!

Working from home woman business owner typing and texting.

We are officially in the swing of 2020. Welcome to a new year—and a new decade! If you’re feeling ready for a change and updating your website, or even if you aren’t, now is a good time to take a look at your website’s Terms of Use, Terms of Sale, and Privacy Policy. If they are more than a couple of years old, you are probably behind on some important legal developments. If you “borrowed” them from another website or found them in an online template, they may be causing you more harm than good. If you have no terms at all, you may even be violating the law.

Why are terms so important?

Terms of Use

A website’s Terms of Use are there primarily to protect your business. They are a contract between your company and the users of the website. They give you one more tool for taking action against anyone who misuses your company’s website, from hacking to copyright infringement to sharing inappropriate content. If your website allows its users to share information, posts, and so on, the Terms of Use are also the best place for you to share your company’s DMCA take-down procedures, which help protect your company from liability if a website user infringes on a third party’s copyright rights. They are also where to share any guidelines you have for users about what they are or are not allowed to post on your company’s website. And if you haven’t updated your Terms of Use recently, you may not have kept up with shifting rules about how to ensure those terms are binding on your website’s users.

Terms of Sale

If you sell products on your website, the Terms of Sale are also there primarily to protect your business. They are a contract between your company and anyone who makes a purchase on your website. They govern who bears what risks: when is an order official? What happens if you don’t have the product in stock? When or why can your customer return products for a refund or a store credit? Having clear, unambiguous Terms of Sale can help protect both you and your customers.

Privacy Policy

Finally, what is arguably the most important document: the Privacy Policy. This document informs your website users what information you are collecting from them and how you are using it. There are laws in at least three states that require you to have a Privacy Policy and set out specific requirements for what the Privacy Policy must cover. Other states don’t have specific requirements for your policy, but do have specific requirements for the kinds of security and procedures you need to maintain—and it could be a problem if you don’t describe what you’re doing accurately in your Privacy Policy. It is absolutely critical that your Privacy Policy accurately describe your practices, and if those state laws apply to your company, that it comply with them. Your company may also have additional rules to follow and disclosures to make if it is in a regulated industry like finance or health care. The consequences of non-compliance can be pretty draconian, so it’s better to comply than to

So you need to make an update. What do you do?

First, consider how well your current terms are working for you. Maybe you’ve had a dispute with a customer about a product sale and want to make sure that you don’t have to go through that again. Maybe you host a web forum and have noticed some troubling behavior you would like to ban in the future. Maybe you are aware of some of those new state privacy laws, and know you aren’t in compliance, but just haven’t had a chance to get around to fixing things yet. Maybe you updated your website and you aren’t quite sure if your old Privacy Policy is still accurate.

Second, gather some information from your web developer. What kinds of personal information are you collecting? What kinds of non-personal information are you collecting? What kinds of technology are you using to track your users? Is there anything your developer has noticed website users doing that they shouldn’t be?

Third, contact our office to help you make updates. Your attorney will ask you questions about your website, about your business, and about your industry, and help you create terms for your website that will reflect your business’s unique needs.

What Should I Put in My Company’s Social Media Policy?

Privacy & Data Security

It seems like someone is in the news for getting into trouble on social media almost daily. Many companies have adopted social media policies as part of their employment policies to help guide their employees’ behavior and prevent embarrassing mishaps. If you are considering a social media policy, here are some things to think over and include.

Trust your employees. You wouldn’t have hired them if you didn’t think they were reasonably intelligent adults. Don’t over-do your social media policy, particularly if you go into detail about rules for external communications elsewhere. One of my favorite social media policies is Best Buy’s: short, sweet, and to the point. You don’t want to anger or alienate your employees.

FTC regulations. There are a lot of them, but the ones most relevant to social media policies have to do with privacy (don’t disclose information that doesn’t belong to you) and disclosure of relationships (do disclose a relationship when you could have something to gain from your comments).

NLRB rulings. The National Labor Relations Board has been extremely active in regulating social media policies for the past few years, all on the theory that certain provisions might discourage protected activity. Make sure your policy doesn’t run afoul of any of these rulings.

Public companies. Social media is a must for public companies these days, but public companies are subject to special rules about what they can tell people and when. Remind your employees to think about those rules when posting on social media sites. A single thoughtless comment about what an engineer is working on at work can reveal a great deal more than s/he intended.

Regulated industries. If you are in a regulated industry, social media is not exempt from the requirements for your company’s communications. Remind your employees of this fact and make sure that you have the technology in place to support any documentation requirements.

Use during working hours. Companies approach this one in many different ways. Employees can use social networking as a valuable tool for creating and maintaining working relationships; or they can dither away time watching videos of cats. There can be some overlap there, too; finding that one has a shared love of cat videos with an important customer can solidify a working relationship. You need to take a look at your own company’s culture in deciding whether to restrict use of social media during working hours and on company equipment. Some common approaches are 1) the outright ban, blocking access from work computers (though you cannot physically/technologically prevent people from using mobile devices, without blocking all mobile signals); 2) the partial ban, allowing access only to selected sites or by selected employees who use social media as part of their jobs; or 3) the “use responsibly” policy, allowing employees to choose whether and when to use social media during working hours and on work machines, within reasonable limits.

Intellectual property. One area that your average employee likely does not have to deal with extensively in the normal course of business is intellectual property. Furthermore, the ways in which photos, videos, and so on, are shared on sites like Facebook, Twitter, and Pinterest has eroded the public sense of what is or is not acceptable practice under the law. Your policy may need to spell out the intellectual property practices of your organization, depending upon how and how often your employees have reason to come into contact with them.

Special concerns. You know your company. You know your industry. There are very likely one or two things that should be in your policy that are unique. You know what they are.

What does your company have in its policy? What else do you think a company should include in its policies?

Updating Your Outdated Terms of Use

You just looked at your business website’s Terms of Use and Privacy Policy (I’ll use the word Terms to refer to both of them together) for the first time in ages and realized that they have been in place since the Clinton Administration. It’s time for an update. What do you need to consider?

Don’t copy and paste. Terms should be tailored to your website. Your site will need different terms depending on whether you accept posts from users, how you want users to be able to use the site, what kinds of information you collect from users, whether you wish to allow sharing, and more. If you merely find a website similar to your own and copy its Terms, you risk creating Terms that you do not wish to bind your users, let alone your business.

Follow any requirements for your industry. If you are in an industry that is subject to regulations, you should make sure that your site’s Terms allow you to follow those regulations. For example, some industries are required to keep certain records about customer interactions for a certain amount of time. Make sure that your Terms disclose that you are keeping those records, and for how long.

The FTC regulates privacy policies. The Federal Trade Commission has been very aggressive about enforcement of privacy policies for the past few years, and it updates its regulations fairly regularly. Make sure your attorney looks at the latest regulations in drafting your Privacy Policy.

State laws. If your website is aimed at residents of more than one state, make sure you are complying with the laws of every state you are doing business in. California has generally been the most aggressive state in terms of legal regulation of website Terms.

Consider your timing. Pinterest has recently become a very popular site. If you want to, for example, update your Terms to allow you to share your users’ content via Pinterest, you will have to choose your timing carefully. If your current Terms do not grant the license needed for such sharing, you will need to make sure that your users are bound by your updated Terms before you add a “Pin It!” button or other means of sharing to your site. Otherwise, you may be risking a law suit for facilitating the violation of your users’ copyrights.

Inform your users of the update—email them if you can. It has become more and more common for websites to provide some notice before changes to their Terms go into effect. One might even say it is swiftly becoming a standard practice in the industry, especially for social sites. Facebook has a Site Governance Page where users can learn about and weigh in on changes before they are made. Pinterest gave its users more than two weeks’ notice, both by email and by notice on the Pinterest website, that it was going to make changes to its Terms of Service (and still makes the old terms available on the site in case users want to know how they have changed). Google gave users more than a month to review the changes it made to the Terms for its many services, informing them via pop-up when they visited a Google site as well as via email. If at all possible, you should take similar steps to inform your users of your changes. You don’t want your business to be left behind, if for no other reason than your users will expect this level of service.

Updating your Terms requires some consideration, but can be a painless process with the proper planning.

Crowdfunding On the Horizon

Back in 2012, there was quite a stir when Congress and the President worked together to create the controversial Jumpstart Our Business Startups Act (JOBS Act), Public Law 112-106. It was widely predicted at the time that the JOBS Act would be a disaster, and the naysaying has continued as the SEC’s regulations have wended their way through the implementation process.

We have very nearly, but not quite, reached the end of the very long implementation road. The SEC has announced that it has adopted final rules (PDF) for crowdfunding, but that 1) the forms for registering as a crowdfunding portal are not effective until January 29, 2016; and 2) the implementing regulations do not go into effect until May 16, 2016, 180 days after they were published in the Federal Register.

And, as was widely predicted at the time, it does appear that the 685 pages of SEC regulations could make crowdfunding a less-than-attractive option for startups, particularly those at the earliest stages. The SEC estimates “a cost range estimate for Form C and the financial statement review of: $2,500 for the smallest offerings, $4,000 to $23,000 for the larger offerings, $6,500 to $38,000 for first-time crowdfunding issuers conducting offerings between $500,000 and $1,000,000, and $7,500 to $50,000 for other issuers conducting an offering in the largest offering amount category.” This means that the cost of raising funds could be up to 7.6% for a first-time issuer conducting a $500,000 offering. This is on par with taking out a small business loan, an old-fashioned financing option that should not be discounted. While taking out a small business loan will involve quite a lot of time, effort, and paperwork, it won’t involve making the extensive disclosures and ongoing disclosures required by the JOBS Act implementing regulations. Small business owners should, as always, speak with their financial and legal advisors about their best options in their own situations.

So what’s next? Once they are allowed to begin to register this coming January, we see how many companies register as funding portals. Portals are how most small businesses (or “emerging growth companies,” as the JOBS Act calls them) will connect with their investors.

What do you think? Now that the process has become clearer, will crowdfunding be a good option for your business, or are you going to stick with more traditional funding methods?

Pinterest for Employers

Pinterest for Business

I was recently interviewed for the Society for Human Resource Management article “Pinterest Might Facilitate Copyright Infringement.” Below for your viewing pleasure is the entire text of the email-based interview with Workplace Law Content Manager Allen Smith.

[box]

What special copyright issues arise in using Pinterest and how should employees be trained to comply with copyright laws when they are pinning content on Pinterest in a work-related capacity?

Pinterest raises more or less the same copyright issues as any other website, but it has gotten more media attention than others. In general, no one should ever place any content on the web that he or she does not own or have a license (permission) to place on the web. Employees should be aware of what intellectual property their employer owns, any of which may be posted on the employer’s behalf (in compliance with any other laws and workplace policies, of course), and what intellectual property may be subject to licenses which limit the employer’s (and by extension the employee’s) right to post. Otherwise, content located on the web is generally off-limits; making material public does not abrogate any copyright rights. Exceptions include content that is in the public domain (there are several online databases of public domain works—in general, a work published prior to 1923 will be in the public domain); content that is explicitly licensed for pinning; content that falls under fair use exceptions to copyright; and content that is subject to a Creative Commons license (though be careful with that one, as work-related uses may not qualify for some Creative Commons licenses).

Employees should be trained to look for key phrases in website Terms of Use indicating that it is safe to use content on Pinterest (a handy shortcut: if a site owner who clearly owns or licenses the content has placed a “Pin It!” button on the site, pinning should be fine; Etsy is a good example). In addition, a Pinterest account holder that pins its own content has granted a license to Pinterest, so that the content can be re-pinned by other users. The tricky part can be determining whether content was pinned by the rights owner since Pinterest does not have a corollary to the Twitter Verified Account badge.

Could you provide examples of how employees might use Pinterest for work purposes?

I have seen some companies doing wonderful things with Pinterest, primarily retailers. Random House Books has an account and pins not only its own books (brilliant given that “Books Worth Reading” is one of the default pinboards), but also interesting book- and reading-related images. Home Depot has become very involved in the home decor suggestions boards and re-pins content in addition to posting its own proprietary photos, which of course gets people thinking about ways they could improve their homes using Home Depot products. Service professionals can use Pinterest as well; one of my favorite accounts belongs to a style consultant, Sasha Westin, who uses Pinterest to gather suggested wardrobes for people, such as “Men’s Relaxed Professional,” complete with links for purchasing each item.

If employees are using their personal Pinterest accounts to promote their employer, they should be aware of FTC blogger regulations, which require disclosing that relationship.

How are the copyright issues that arise when using Pinterest similar to copyright challenges employees face with other forms of social media that’s used in their work?

As noted, they are really very much the same. No one should post content on any site that he or she does not own or have a license to use. The difference between posting a link to an article on Facebook and posting it on Pinterest, though, is that on Facebook a thumbnail of any photo accompanying the article appears (which has been pretty well, but not definitively, established as fair use), but on Pinterest the full image appears and is uploaded to the Pinterest servers. Pinterest also has a more visual focus, which encourages people to post infringing material such as the work of photographers or painters.

Is pinning content owned by others any different from a legal standpoint from retweeting content on Twitter, and if so, how?

Yes. When someone posts something to Twitter, one of two things is happening: either it is original content, which that person has granted a license to Twitter to use (and that use includes retweeting by other users), or it is not original content. Content that is not original generally must be paraphrased or be a brief introduction to linked content. Linking does not infringe on copyright, and Twitter’s 140-character limit is short enough that it would be difficult to infringe any Twitter-external content. Pinterest has no such limitations.

Are many employees oblivious to the copyright concerns that may exist in their work-related use of Pinterest and, if so, what kind of training might employers provide?

I can’t speak to employees in particular, but much of the general population has developed an ethic about sharing that is not sensitive to the rights of copyright holders. This ethic extends to personal and professional use of social media, including Pinterest. Employers should ensure that their employees are aware that when it comes to copyright, creation, not possession, is 9/10ths of the law. Employees using Pinterest in a work-related capacity should always consider the source, whether the source owns the copyrighted material, and whether the source has given the employer a right to use the copyrighted material. For employers who may be cost-sensitive, the Copyright Office maintains a series of easy-to-understand Circulars, which explain much of what an average person needs to know about copyright. Circular 1 contains the fundamentals. The Copyright Office, however, does not give information about what to look for in a license.

There are also social media certifications becoming available for employees whose routine duties involve social media; the one I am familiar with, from the National Institute for Social Media, should be coming out this fall and will be accredited. (Disclosure: I am chair of the Industry Advisory Committee for NISM, so I wrote the portions of the exam dealing with legal questions. I do not benefit financially from my relationship with NISM.)

[/box]