An attractive, functional website that not only showcases the skills and services of an organisation, but also informs and engages has become an essential tool in the growth aspirations of modern businesses, writes Nichola Jenkins. 

But while appeal and functionality are top of the must have list, is enough consideration being given to ensuring the website meets the minimum legal requirements?

Nichola Jenkins, a solicitor in the Intellectual Property and Technology team at leading commercial law firm SGH Martineau, is warning organisations that ignoring the law could have serious consequences: “It appears many organisations are unaware of the laws regarding websites, either believing these laws only apply to e-commerce sites or those businesses or entities selling products to consumers.

“But in fact, all UK registered companies must clearly display on their website, the name of the organisation, the full registered address, place of registration and registration number and where appropriate the VAT number. If the business undertakes any regulated activity then it should also display the details of the regulator.

“For sole traders and partnerships, the address of the principle place of business must be shown. For businesses sell products, services or digital content to consumers through their website, must provide detailed information about the offering and right to cancel.

Cookies

“In 2011 the laws on cookies, files that allow websites to identify and track visitors, were changed and positive consent is now needed for their use. Users could block cookies in their browsers if they are not happy with an organisation’s policy and ruin the experience of a website, which eventually could require an expensive re-design for it to work without cookies. It’s far better to be open and honest and explain what cookies are being used, what information is being gathered and what will be done with it.

Websites

“The biggest compliance concerns surround the collection, storage and use of personal data, which includes the sharing or selling-on of information obtained by sites.

“To improve engagement with target audiences, websites are being designed to obtain visitors’ contact details, typically in exchange for information, reports or industry insight, with details like email addresses, postal addresses and phone numbers hopefully being secured. If a visitor provides personal contact details, as far as the law is concerned, consent to be contacted has been given.

“However, whilst there is no issue with emailing later, it must be in relation to their original enquiry or transaction, but they must be able to unsubscribe from the communications and be removed from any list containing their contact details.

“If an organisation wants to email individuals with general marketing information, unrelated to their original enquiry, they must obtain express ‘opt-in’ consent, which is often done by providing boxes to tick. However, it is essential these boxes are not pre-ticked, as an individual must positively affirm consent and organisation’s risk enforcement action if they continue to use pre-ticked boxes.

“These rules currently only apply to individuals (and strangely, partnerships but not LLPs) and not corporate visitors to a website, but care should still be exercised, as corporate visitors might provide personal contact details and whether it’s for work or personal use, is irrelevant.

“Interestingly, if a visitor to your website provides address details and a phone number, you are able to contact them by telephone or post for marketing purposes, unless and until they tell you not to.

Privacy Policy

“When any organisation intends to use the personal information it has been collecting through its website, it becomes a data controller. As such, it must fully explain to those using the site, whose information has been gathered, what data is being collected and why. A Privacy Policy should advise if this information will be used for direct marketing or other such campaigning and include a method of contacting the designated data controller – usually an email link.

“New data protection laws are expected to be introduced early next year, tightening the regulations around websites even more. Failure to comply with them could result in enforcement action and heavy fines its best if organisations work now to ensure their site complies and all the appropriate policies are in place.

Terms and Conditions

“Although not a legal necessity, a good set of ‘terms and conditions’ on a website can help prevent problems. These terms should clearly define what an organisation does and what Intellectual Property (IP) it owns on the site. A ‘disclaimer of liability’ is also a good idea to advise visitors that while the information on the site is accurate to the best of the operator’s knowledge it should not be taken as absolute fact

“Many organisations now invite people visiting their website to leave comment and opinion via blogs and forums, but if an organisation is allowing people to add content to their site, it is essential they have an ‘acceptable use’ policy in place and easy to find on the site. This protects the organisation if illegal or offensive material is posted, allowing the site owner to take action, including removing posts, banning individuals and reporting their activity to the authorities – without this policy the organisation could be the one that ends up in serious trouble.”

Nichola Jenkins is lawyer in the Intellectual Property and Technology team at leading UK commercial law firm SGH Martineau. She advises on IP and IT law, representing organisations of every size from start-ups to global multinationals, particularly within the education and manufacturing sectors.