What legal measures need to be in place before launching a business website

Question

We are about launch our new business website that, as well as displaying information about our products, also allows our clients to log in to download their licences and applications.

We have been told horror stories about websites being hacked and losing personal data then getting sued for millions (these stories came from the lawyer trying to sell us EULAs for £5000+).

What measures (legal and otherwise) need to be in place before launching a website other that the obvious e.g. keeping everything patched with the latest updates, using strong passwords etc. Are there any other considerations we need to make e.g location of hosting company?

Thanks.

Answer 1

Might I suggest that you consult a lawyer?

Not sure the typical readership of this site is necessarily best placed to answer this.

Answer 2

An hour or two of lawyer time would be a good investment.

Answer 3

Probably worth speaking to the ICO to clarify issues on handling personal data as well as a good lawyer that specialises in this (I'm not a good lawyer).

Answer 4

The horror story and situation you describe relate to security precautions, not legal precautions.

You don't need many legal precautions other than the common-sense ones. Terms of use, etc.

You need many security precautions. Please see the OWASP site if you don't know where to start on web security.

Answer 5

I don't think there are any Terms of Service or Privacy Policies that you can add that will shield you from lawsuits if you are negligent. While you of course will want a TOS and PP, if your site loses users' private data due to negligent programming or design, I would guess the site owner would face significant liability. (But I'm not a lawyer, so I suggest CYA and see one.)

Answer 6

Actually the country that you decide to host the website in might have some interesting implications. Each country has different laws regarding what content can be stored on their servers, some with stricter content laws, others with none whatsoever.

As far as legal issues, here is an incomplete list of things that should be addressed:

• End User License Agreement
• Privacy Policy
• Terms of Service
• Disaster Recovery
• Warranties
• Who will legally supply maintenance
• Duration of license for your hosting, renewals, termination, metrics for adequate service, early termination fees
• Definition of confidential information, best efforts standard
• Information Needed for archival reasons, non-disclosure agreements
• Return of confidential information
• Indemnification from: IP Infringement, liability exclusion caps, users data, third-party infringement (users uploading copyrighted material)
• SAS 70 reports, security levels
• Venue considerations, arbitration in case of suit

And I could go on...so what does this mean? Well, a good lawyer will handle these things with a good licensing contract with your hosting service, a strong EULA and TOS as well as a privacy policy that protects your interests as well as the user's.

It seems like your major concern would be losing confidential data - maybe your #1 priority would be to make sure that you are indemnified from security breaches that occur on account of your service provider.

If you're looking for a good lawyer, might I shamelessly suggest this question/answer: http://stackoverflow.com/questions/613396/632961#632961

All in all, if you're concerned about these legal issues, you have a good head on your shoulders. The price of a lawyer to protect you far outweighs the potential costs. best of luck with your new business website!