This guide is based on UK law. It was last updated in March 2008.
Every organisation is obliged to ensure that its website complies with what seems to be a never-ending volume of legislation. Achieving compliance with the many rules and regulations can be complex. No matter what your business or the extent to which your website is used, regular reviews and updates are vital. We set out below ten key issues which need to be taken into account in a website compliance audit.
1. Do you have in place appropriate terms and conditions of use?
Whether your website is one-way information only, allows user-generated content or sells goods or services online, you'll need some small print. This will cover core issues such as liability, content control, law and jurisdiction.
You should not write terms and conditions and then assume that they will bind all users of your site. To have a binding contract, your conditions need to be accepted by the user. This must be balanced against the need for a good user experience. Some conditions are more important than others and the level of incorporation can be varied accordingly. For example, terms of sale are usually more important than a site's copyright notice (since content can be protected by copyright whether or not there is a notice to say so).
2. Do you collect any personal data via your site and what is it used for?
Personal information can be collected about individuals for all manner of purposes. Typically this may include online registration procedures, collecting contact details to deal with information requests and accepting online job applications to name but a few. Make sure that you comply with the requirements of data protection law.
3. Do you use data for email or mobile marketing?
Collecting personal information via a website often goes hand in hand with electronic marketing. Care needs to be taken to comply with the laws on direct marketing when using email as a method of marketing your goods and services.
5. Is your Intellectual Property adequately protected?
Make sure any intellectual property rights are protected as appropriate, for example by incorporating a copyright notice and putting express restrictions on copying logos. Make use of registered trade mark symbols where authorised to do so and make sure that you have obtained all appropriate licences and consents for the use of third party material.
6. Do you provide sufficient information about your organisation and its products and services?
It is a legislative requirement that key information about your organisation and its products and services is provided. There is a whole host of information which should be included on your website for example, VAT details and information on pricing and delivery costs to name but a few. Accordingly, your website should incorporate appropriate statements to cover these issues. See our guide on the UK's E-commerce Regulations for a list of the minimum information which needs to be published on your website.
7. Do online trading terms cover all key points?
Online sales are becoming evermore commonplace. Ensure that your website incorporates online trading terms which would go beyond simply terms and conditions of use of your site.
These should cover key issues such as contract formation and liability. Don't just rely on putting an electronic copy of your standard trading terms online as they need to be appropriate to the online environment, for example the technical steps for formation of the contract and the ordering process as a whole need to take account of the nature of online procedures.
8. Are you dealing with businesses only or do you deal with consumers online?
Be particularly careful when dealing with consumers (the so-called B2C contracts) and make sure that your website complies with the raft of consumer legislation which affects this area. This will include for example the Unfair Terms in Consumer Contracts Regulations 1999 which make certain types of clause unlawful and therefore unenforceable.
9. How accessible is your website?
Consider how accessible your website is to disabled users and make any reasonable adjustments to ensure compliance with the Disability Discrimination Act 1995. This is not only important from a regulatory point of view but also in creating the right public perception about your business in order to encourage equality and accessibility for disabled users. Websites should be as accessible as possible to all users including those with, for example visual disabilities such as colour blindness. The ability to enlarge font size is one obvious step in working towards compliance with this legislation.
10. Who is your website aimed at and what services are you offering?
The target user group and nature of services you offer will have an effect upon the legal regime which will apply to your site. For instance many websites are aimed at minors in which case great care must be taken with regard to the collection of a child's details and for example contract formation. Another example of specific legislative requirement is in the financial services industry. There are specific regulations which deal with the distance marketing of financial services to customers.