Events
2010 Education Panel Discussion
How Education / Business Partnerships Improve Georgia Schools
March 19, 2010 - 7:30 AM to 9:45 AM
Sponsored By:
Georgia Pacific
GE Energy
North Highland
Related Content
BTB Exclusive - Home ownership among Georgia's Asian Pacific Community
Virtualization Delivers Disaster Recovery Capabilities and Saves You Money
All about the bottom line - A (corporate) cultural revolution
Social Networks
Insights into law - The five most common legal mistakes involving commercial Web sites
There’s a good chance there’s a difference between what you state in your privacy policy and what your actual practices are
by Rob Hassett
August 1, 2008
D
o you have a privacy policy posted on your business Web site? If so, did your attorney
review it? If you answered “no,” there’s a good chance there’s a difference between what you state
in your privacy policy and what your actual practices are.
And if there is, you could be subject to actions by the Federal Trade Commission, and
private companies and individuals for fraud.
In a recent case, a jury awarded $4.5 million in damages against a company that helped
students apply to colleges online, because the policy stated personal information was not being
shared. But it was. This is an example of the type of legal mistakes often made with commercial Web
sites.
Here are the five most common legal
mistakes involving commercial Web sites:
1. The company’s privacy policy doesn’t accurately state what the true policy of the company
is. Make sure your privacy policy says that in the event of the sale of your business, you reserve
the right to transfer the data you collected from customers to the purchasers of the business,
while making it clear the new owners will continue to be subject to the commitments that you make
regarding privacy.
2. The business is required to have a privacy policy and does not. There are a number of
laws requiring the posting of a privacy policy under certain circumstances including the Graham
Leach Bliley Act (which applies only to “financial institutions,” but which defines the term “
financial institutions” very broadly); the Health Insurance Portability and Accountability Act
(which applies to health care providers, health care plans and “health care clearing houses”(i.e.,
companies that collect and sort health related billing data); the Children’s Online Privacy
Protection Act (which applies to Web sites directed to children under 13 or knowingly obtain data
from children under 13); and the California Online Privacy Protection Act (which requires any
commercial Web site that collects data from individuals residing in California post their privacy
policies.) The consequences of non-compliance with privacy laws can be severe.
3. Failure to post “Copyright Policy.” Third parties are able to post materials on the Web
site and the company fails to post a “Copyright Policy” and file a designation of a representative
to receive any complaints regarding copyright infringement with the U.S. Copyright Office. Properly
posting such a policy helps insulate the company from liability for the posting of infringing
materials by third parties.
4. Failure to screen all photos of individuals posted on the site. Posting of a recognizable
individual on a Web site without permission that is not posted for a newsworthy purpose or other
situation protected by the First Amendment freedom of speech clause, can result in liability.
5. Failure of the owner to register copyrights in the owner’s Web site. If ownership of the
copyrights in the Web site are owned by the Web site’s owner, but the owner doesn’t register the
copyrights in the U.S. Copyright Office, the owner may still register the copyrights after an
infringement and sue to stop such copying and collect damages provable (it is very difficult to
prove any) but may not recover what are called statutory damages (much easier to prove) or attorney
fees.
Rob Hassett is an attorney with Casey Gilson in Atlanta.
You have 1000 characters left.