This guide is based on UK law. It was last updated in March 2008.
Every organisation is obliged to ensure that its website complies with what seems to be a never-ending volume of legislation. Achieving compliance with the many rules and regulations can be complex. No matter what your business or the extent to which your website is used, regular reviews and updates are vital. We set out below ten key issues which need to be taken into account in a website compliance audit.
Whether your website is one-way information only, allows user-generated content or sells goods or services online, you'll need some small print. This will cover core issues such as liability, content control, law and jurisdiction.
You should not write terms and conditions and then assume that they will bind all users of your site. To have a binding contract, your conditions need to be accepted by the user. This must be balanced against the need for a good user experience. Some conditions are more important than others and the level of incorporation can be varied accordingly. For example, terms of sale are usually more important than a site's copyright notice (since content can be protected by copyright whether or not there is a notice to say so).
Personal information can be collected about individuals for all manner of purposes. Typically this may include online registration procedures, collecting contact details to deal with information requests and accepting online job applications to name but a few. Make sure that you comply with the requirements of data protection law.
Collecting personal information via a website often goes hand in hand with electronic marketing. Care needs to be taken to comply with the laws on direct marketing when using email as a method of marketing your goods and services.
Ensure that your website includes a clear statement on the use of cookies and other tracking devices. We would suggest incorporating a basic explanation of how such devices work and how the data collected will be used. The law governing this area also states that users should be given an opportunity to refuse such devices. Please also refer to our sister site, www.aboutcookies.org, for further information.
Make sure any intellectual property rights are protected as appropriate, for example by incorporating a copyright notice and putting express restrictions on copying logos. Make use of registered trade mark symbols where authorised to do so and make sure that you have obtained all appropriate licences and consents for the use of third party material.
It is a legislative requirement that key information about your organisation and its products and services is provided. There is a whole host of information which should be included on your website for example, VAT details and information on pricing and delivery costs to name but a few. Accordingly, your website should incorporate appropriate statements to cover these issues. See our guide on the UK's E-commerce Regulations for a list of the minimum information which needs to be published on your website.
Online sales are becoming evermore commonplace. Ensure that your website incorporates online trading terms which would go beyond simply terms and conditions of use of your site.
These should cover key issues such as contract formation and liability. Don't just rely on putting an electronic copy of your standard trading terms online as they need to be appropriate to the online environment, for example the technical steps for formation of the contract and the ordering process as a whole need to take account of the nature of online procedures.
Be particularly careful when dealing with consumers (the so-called B2C contracts) and make sure that your website complies with the raft of consumer legislation which affects this area. This will include for example the Unfair Terms in Consumer Contracts Regulations 1999 which make certain types of clause unlawful and therefore unenforceable.
Consider how accessible your website is to disabled users and make any reasonable adjustments to ensure compliance with the Disability Discrimination Act 1995. This is not only important from a regulatory point of view but also in creating the right public perception about your business in order to encourage equality and accessibility for disabled users. Websites should be as accessible as possible to all users including those with, for example visual disabilities such as colour blindness. The ability to enlarge font size is one obvious step in working towards compliance with this legislation.
The target user group and nature of services you offer will have an effect upon the legal regime which will apply to your site. For instance many websites are aimed at minors in which case great care must be taken with regard to the collection of a child's details and for example contract formation. Another example of specific legislative requirement is in the financial services industry. There are specific regulations which deal with the distance marketing of financial services to customers.