14 Reasons You May Need A Legal Audit For Your Website

Running an online business can be a hectic affair, to say the least. Things move so quickly that legal problems can develop subtly, developments you are unaware of until they explode into a full-blown crisis. A website legal audit isWebsite legal audit designed to discover if you are sitting on a time bomb and, if so, what steps can be taken to eliminate the risks.

Two Goals

The purpose of a website legal audit is two-fold. The first objective is to identify any steps the site operator has taken that might leave the business open to a legal attack. For example, an online business might add a forum to the site to increase customer interaction, but have failed to take steps necessary to protect itself under the safe harbor provisions of the DMCA. A legal audit identifies this potential exposure and then suggests a solution. In this case, the solution would be to comply with the DMCA.

The second goal of a legal audit is to make sure the website operator is aware of any new legal requirements or standards that have come into effect. For instance, the FTC issued new restrictive rules related to social media advertising and the Children’s Online Privacy Protection Act in the summer of 2013. The vast majority of website operators are unaware of these changes. A legal audit alerts the operator to the new legal standards and suggests the specific changes needed to meet the new requirements. With the FTC asserting fines of $16,000 per violation of these laws, the audit can be the difference between staying in business or hiring a bankruptcy attorney.

Brick and mortar businesses typically go through a legal audit process every two to three years. The online world, however, evolves at a much quicker pace so most online businesses should seek a legal review every year.

1. Liability Protection

The first step of any legal audit doesn’t involve the website at all. Instead, the focus is on the structure of the business. A limited liability company or corporation should be in place to create a “shield of protection” between the online business and the owners. This protection keeps the owners from being held personally liable for the debts and liabilities of the company.

In a legal audit, the following issues are covered:

  • Is there a business entity?
  • If not, should one be formed?
  • If a business entity exists, is it up to date?
  • If it is up to date, is there a definite plan detailed in writing for handling business disputes and voting conflicts?
  • Is there a buy-sell agreement in place?
  • If one of the owners is married, what are the signature requirements for the individual in question given the family law rules of their state?

A business entity is a fundamental building block of any online business. Much like a certain story involving a wolf and a few pigs, the protection is only as good as the solidity of the structure. A legal audit makes sure the foundation is solid.

2. Liability Insurance

Liability insurance is the second part of the liability protection equation. It is a critical part of any online business, yet many website operators don’t carry it and this opens them up to enormous legal risks.

Liability insurance is important for two reasons. The insurance pays your attorney fees and any judgment or settlement if someone sues you. Without insurance, you may end up losing a winnable lawsuit because you can’t afford to pay an attorney to defend you!

So, how does the business entity/liability insurance combination work in real life? Well, imagine you start a video sharing website. You have no idea what copyright is, so you hire a virtual assistant who scrapes television shows off of DVDs and posts the shows verbatim on your website. You sell a membership subscription.

The television industry sues you for $25,000,000 for copyright infringement. Your business functions as an S-Corporation, which limits the potential for personal liability. Yet, how are you going to pay the $100,000 to $200,000 in attorney fees to defend the action? If you do not have the money, you will either settle the case on unfavorable terms or end up with a default judgment awarded against the business.

You can also expect the lawyers for the television industry to make every effort to pierce the corporate protection to get at your personal assets. How will you stop this effort if you can’t afford an attorney to represent you?

Liability insurance is the answer to these threats. The insurance will pay your defense costs. If the case goes horribly wrong, you may lose the business, but the plaintiffs will be unable to get at your personal assets.

An audit is going to look at a few things in relation to your liability insurance including:

  • Do you have a policy?
  • What does the policy cover and not cover?
  • Are the policy limits high enough to protect you?

Discussing liability insurance is about as exciting as watching the grass grow. When the stuff hits the fan, however, you will be on your knees thanking whoever you pray to that you purchased a policy and paid those premiums. It is the difference between sleeping at night or staring at the ceiling and wondering if you are going to lose everything.

3. Domain Name

Finally, we get to an actual element of the website – the domain name. The audit in this area looks at what you might think is a laughable issue, but which is one that online businesses run into again and again. The issue? Who owns the domain name for the websites of the company?

The domains of many major websites are not held in the name of a business entity, but in the personal name of the founder of the company. Is this a legal strategy? No, it is a mistake. When starting an online business, most operators buy the domain name prior to forming a business entity and then never get around to changing it.

If a legal dispute arises, a crafty attorney will argue you should be personally responsible for any debts or liabilities of the website. In response, you will explain the business is held in an LLC or corporation, which protects you. The problem is the domain is in your name, not the name of the company. If liability arises from an aspect of the website itself, you are arguably on the hook personally. This result is not good.

A legal audit of your domain is going to look into the ownership issue. You can then address any problems.

4. Design Contract

Do you control your website design? It sounds like a bizarre question, but the answer for many online business owners is…no.

How can this be?

The answer is found in copyright law. Copyright is exactly what the word suggests. It is the right to copy a fixed artistic work. Many people don’t understand this concept. They incorrectly believe copyright is the right to own the work. It is not. But I digress…

Under copyright law, the person who creates the artistic work in question is automatically vested with the copyright in it. Here is where the twist comes in. This person can only legally transfer the copyright if they do so in writing. Anything less then a written, signed document will not suffice.

Now consider how the average website is built. Most website operators hire an outside freelancer to handle the design work. Under copyright law, this third party is the creator of the artistic work. They own the copyright. Unless the designer signs a written transfer of copyright, they retain control of the copyright for the design.

How does the transfer take place? The transfer is detailed as a clause in the website design contract signed by the website operator and designer. In a legal audit, your attorney will first determine if you even have a design contract. If so, the contract is reviewed to make sure the correct terminology is used and the freelancer actually signed the agreement. You would be surprised how often the signature is missing.

If there is no contract, a strategy is put in place to obtain one. A copyright assignment agreement is typically created and delicate discussions are held with the website designer. Most designers will simply sign off on the assignment without a second thought.

Is there a scenario where controlling the copyright for a website design is not important? Yes. If you are simply using a template website design, such as the Studio Press WordPress template I use for this site, then you obviously do not need to control the copyright. The value is found in the content of the site, not the design.

5. Text Issues

Written content plays a major role for most websites. From sales copy to informative articles and blog posts, text often makes or breaks the user experience and ultimate success of the site. A legal audit looks at the following issues with text:

  • Who wrote the text on the site?
  • If a third party, did they assign copyright to the website operator in writing?
  • Has the copyrighted text been registered with the copyright office to perfect the legal rights associated with it?
  • Should any of the text be trademarked, such as with a slogan?

A quality audit is going to take one additional step. The pages of the site will be run through Copyscape or a similar service to determine if any third parties are using the text on another site without permission. If so, either a Cease & Desist letter or DMCA takedown notice will need to be served to have the content removed.

6. Photos and Videos

The next step of the legal audit involves analyzing the videos and photos posted on the website. Again, the issue is copyright.

Every photo and video must have a supporting license or obvious fair use defense associated with it. Copyright restrictions on photos and videos are perhaps one of the more misunderstood areas of the online business world. Website operators often mistakenly believe the can copy and repost content off of YouTube, news websites, social media sites and government websites without restriction. A lawsuit for copyright infringement quickly brings them back to reality.

A legal audit analyzes ever picture and video on a website. The goal is to make sure a legal basis for posting each one exists. By going through the process, a website operator can feel confident they are not sitting on any copyright infringement time bombs.

7. Term & Conditions

The terms and conditions of a website [also called “terms of use” and “terms of service”] define how the website can be used by visitors and how the website operator can use any content such as comments, videos, photos and so on that the visitor uploads to the site. The terms for most sites, even big brand websites, are woefully inadequate and incorrect. One only has to realize Zappos had their entire terms thrown out in 2012 to verify as much.

A legal audit focuses on a number of issues with the terms of a website. The items covered are heavily dependent on the type of site being reviewed. The terms of an ecommerce site are entirely different than those of a social media site, for instance. Regardless, common issues inspected include:

  • Are the terms up to date?
  • Are the terms aligned with the law given recent court cases, regulations issued by government agencies or new legislation?
  • Are the terms factually correct, to wit, has anything in the business changed requiring the terms to be changed?
  • Is the amendment provision of the site unilateral or notice based?
  • Is copyright covered in the terms and, if so, is it correctly done?
  • How are the intellectual property rights of content uploaded by a user handled from a licensing and ownership perspective?
  • If the site sells products, are return and refund policies included and do they comply with FTC merchandising rules?
  • Is a choice of forum clause detailing the accurate state and city included?
  • Is a user required to affirmatively accept the terms and is a log of acceptances kept by the website operator?
  • Are any disclaimers needed and are they best positioned in the terms or the copy on the site?

The terms and conditions of a website act as a contract between the parties. This makes them an incredibly important document from a legal perspective. A well written set of terms can protect a website operator from a good number of legal threats. A poorly written set of terms actually invites legal disputes.

8. Privacy Policy

Every website must have a privacy policy. A legal audit focuses on a number of aspects associated with the policy. They include:

  • Is the policy written in plain English?
  • Does the policy cover subtle disclosures such as the release of information pursuant to a DMCA complaint?
  • Is the company actually following the practices it details in the privacy policy?
  • Is there a mechanism for the privacy policy to be amended and is it acceptable from a legal perspective?
  • Are there any idiotic statements in the privacy policy such as “we won’t sell your email address” that could preclude the sale of the website to a third party?
  • Is adequate security used to store and protect the information of site users from hackers and prying third parties?

With the general public finally waking up to the fact private companies and government agencies such as the NSA are monitoring everything they do online, privacy is now front and center on the legal stage. A privacy policy audit can help a website operator make sure they are covered in this area.


The Digital Millennium Copyright Act of 1998 is a controversial law in many ways. Copyright owners and people posting to websites tend to dislike the law. For a website operator, however, this is a great law.

“Great” actually undersells the value of this legislation. Why? The law provides website operators with immunity from being sued for monetary damages for copyright infringement claims based on content uploaded to the operator’s website by a third party.

An example can help explain why the DMCA is ambrosia from heaven for website operators. Assume I start a video sharing website. I allow individuals to join my website and post videos. Other members can watch and comment on the videos. We’ll call my site…WishIHadTheIdeaFirstTube.com.

One of my members rents a move from Netflix and loves it. They copy the movie and post it to my website. This is a blatant form of copyright infringement. The true owner of the video serves me with notice of the copyright violation. Historically, I would be up a certain creek without a paddle. Thanks to the DMCA, not only am I not in a creek, I’m lounging on a large yacht and enjoying myself to the fullest.

How can this be? The DMCA contains a provision generally known as Section 512c. As long as I follow the rules detailed in this section, the copyright owner of the video can only sue the individual who posted the content to my site. The reason for this is Congress was intent on helping the web grow when the DMCA was passed in 1998, so user generated content websites were given great leniency when it came to liability for content posted by others. The DMCA is also why sites such as Facebook and Twitter are not buried under a tsunami of copyright infringement lawsuits.

To gain the protection of the DMCA, a website operator must comply with the requirements and regulations detailed in the legislation. A legal audit will determine if this is the case by ascertaining:

  • Does the website have a DMCA policy and is it accurate?
  • Where is the DMCA policy published?
  • Does the site have a DMCA agent? [Try this service.]
  • Is the agent filed with the Copyright Office?
  • Is the copyright agent contact information current or has it changed?
  • Is the agent familiar with the time milestones associated with a takedown notice?
  • Does the website have a repeat infringer policy?
  • Has the repeat infringer policy been followed and is it up to date?
  • Does the privacy policy for the website cover disclosures made under the DMCA?
  • Do the terms and conditions of the site cover the compliance process?

Strict compliance with the DMCA is a must if a website operator hopes to maintain their immunity from copyright claims. Large copyright groups from the entertainment industry constantly attempt to find holes in the DMCA protection by analyzing the compliance efforts of website operators. Get a small part of it wrong and you could be facing a monstrous lawsuit. A website audit is designed to make sure this does not occur.

10. App Functions

Apps are trendy these days and, for once, this trend actually makes sense. In an effort to make things as convenient as possible for visitors, many website operators implement apps on their site without thinking through the ramifications. An audit reviews your apps and determines if any will cause legal issues. Let’s look at one situation becoming more common to see how apps might be an issue.

Facebook, Twitter and LinkedIn all offer apps for automated login. Instead of going through a sign up process for a site, a visitor can just login using their account information with one of these social media platforms. While this is convenient, it does cause legal problems with the acceptance of the terms and conditions of the site. Simply put, these apps do not require the visitor to agree to the terms. This renders the terms useless in most cases, which leaves a website operator in a very tough legal situation. A legal audit will identify such problems and suggest potential solutions.

11. Testimonials and Endorsements

Testimonials and endorsements are a tremendous method for creating credibility for a website. Most people realize this and, given we are talking about the web, services on sites such as Fiverr have popped up offering to give completely unfounded testimonials and endorsements.

The FTC is aware this is an area ripe for abuse. A website audit focuses on whether all your endorsements and testimonials are accurate and, just as importantly, whether you have documentation supporting their authenticity. This prepares you for any investigative efforts by the FTC.

12. Social Media

A recent article in Entrepreneur Magazine suggests fully half of all online searches could occur on social media sites instead of search engines in the near future. If you are not marketing through social media, you need to get with the program. Unfortunately, the FTC may have beaten you to the punch.

In 2013, the FTC issued rules for social media advertising. Known as the “.com Disclosure” rules, the agency detailed how websites must identify their social media posts as advertisements as well as how disclaimers must be used on websites. If the FTC sues a website operator for failure to comply and prevails, damages can be as high as $16,000 per offense. Practically speaking, this means 100 non-compliant tweets could produce a claim of $1.6 million.

A social media audit focuses on a couple of tasks. The first is to ascertain if a website operator is currently in compliance with the new rules. This is almost never the case and gives rise to the second task, which is to teach the operator or their employees how to comply with the new rules. Is the process annoying? Yes, but it is far better than being hit with a large damage claim by the FTC.

13. COPPA Compliance

Who will protect the children?! The apparent answer is Congress and the FTC. The protection is provided pursuant to the Children’s Online Privacy Protection Act of 1998, which is undoubtedly an unconstitutional law because of the restrictions it places on free speech. The only thing worse than the law? The draconian regulations issued by the FTC in relation to it.

A small book could be written on COPPA and this article is already bordering on becoming a novel. Suffice to say, a legal audit will determine if any aspect of your site is such that compliance with COPPA is required. If so, you can then determine if you wish to undertake compliance efforts or simply go become a bartender on the beach somewhere.

14. Trademark Filings

Protecting intellectual property should be a priority for any website operator. Trademarks represent a major part of the intellectual property associated with a website. An audit will determine:

  • If a trademark application has not been filed, should it be?
  • If a trademark exists, does it cover the appropriate classes or should it be expanded?
  • Has the website operator met with the required filing notices of continued use at the 5 year mark and beyond to keep the mark active and protected?
  • Has a logo or name changed in any way that requires a new mark?
  • Should a specific product or service be trademarked?

Trademarks are used to identify a product. If I ask you what line of products a swoosh represents, I’m pretty sure you will be able to identify Nike. The goal of a website operator is to establish their brand to such an extent that consumers in their niche recognize the trademark in much the same way. A legal audit makes sure the foundation of the trademark can support scrutiny from competitors.

In Closing

Are there other issues that can come up in a legal audit of a website? Yes. The web has evolved to the point where there are new and interesting online platforms popping up every day. Your goal as a website owner is to maximize the growth of your business while minimizing the risk. An audit will not help your site grow, but it will help minimize the risk. Contact me today if you have any questions or wish to discuss a potential audit.

Richard A. Chapo, Esq.