The mobile web, though fantasic, is a mixed blessing. As one of those lawyers whose Blackberry never leaves his side, I am both liberated and enslaved by the mobile web. On the one hand, I can keep on top of everything thats going on, and I can instantly respond by email or phone wherever and whenever I wish.
How to keep your wi-fi network safe
With growing numbers using wi-fi in their homes, Paul Rubens looks at how good security is on these networks.
In less than two minutes hackers can defeat the security measures protecting many home wireless internet connections.
Defeating these measures could let them capture passwords, steal confidential information or download illegal pornographic material using the connection.
Read BBC news story (April 2007) on Legal fears over Wifi networks.
Financial Marketing – Opting in or out
Please note the Law may have changed since the publication of article.
Whilst voluntary codes of conduct may exist, there is no statutory provision for unsolicited mail in the UK. However when it comes to email it’s a different matter. Under UK law (Reg 22 of the ‘The Privacy and Electronic Communications (EC Directive) Regulations 2003’ you can only send unsolicited marketing emails to an individual subscriber unless he has previously consented to receive it, or:
- You have already sold something to the recipient, and
- You are marketing a similar product, and
- You include an ‘unsubscribe’ option in each email.
Emails which conceal the identity of the sender are not permitted under the UK provisions. Similar regulations apply in other EU countries.
Recipients of spam can ‘bring proceedings for compensation’. The Information Commissioner can assist, but unlike provisions in other EU countries such as Italy, these regulations are entirely without teeth.
For most legitimate businesses, the fear of causing ill-will is a stronger incentive than any legislative provision not to spam. ‘Do as you would be done by’ is a good principle on which to proceed. ‘Opt in’ marketing schemes will be much more effective than ‘opt out’ ones. A marketing campaign that alienates consumers is clearly a non-starter.
If you plan to hire an external marketing firm, ask for their Data Protection and Consumer Privacy Policy. If they don’t have one, take a good hard look at whether you still want to work with them.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Suing bad developers – is it worth it?
Please note the Law may have changed since the publication of article.
Ok. So you’ve employed a developer. He makes a pig’s ear of the development work you hired him to do. Your client pulls out claiming shoddy security and sues you for negligence. You mention to the developer in question that you are thoroughly underwhelmed by his contribution to the mess you find yourself in.
If you follow a fair procedure, you may well be able to dismiss him for lack of ability. However it’s fairly unusual for employers to go a step further and sue their employee for negligence or breach of contract. The point is though that there is no reason in law why you should not.
That being said there are practical reasons why this tends not to happen. Developers, whether employees or contractors, seldom work in isolation and generally work as part of a team. In other words, evidentially it’s often hard to pin the blame on a particular person. IT demands a high degree of innovation. If your employees (or contractors for that matter) are scared witless at the prospect of being sued simply for doing their job, you won’t keep them for very long. The few that you do retain will be very very careful, but their creativity will suffer as a result.
If a litigation culture is encouraged, you will drive developers into the arms of professional indemnity insurers, and you’ll simply force up your costs when you may do better taking out insurance yourself. There is little wisdom in suing someone who is unable to pay the award and legal costs even if you do win.
If you don’t have systems in place to prevent rogue developers, then in the same way that Barings Bank failed to stop rogue trader Nick Leason, you will be failing in your own job. Don’t just pass the buck.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Avoiding unnecessary Exposure
Please note the Law may have changed since the publication of article.
Limitations and exclusions of liability for IT providers.
Blogs – the legal issues
Please note the Law may have changed since the publication of article.
1. In the case of an individual disparaging a competitor on a blog – who is responsible should it be taken to court? The individual blogger? The Employer?
Much will depend on whether the company actively encourages its employees to blog (whether for marketing purposes or otherwise). If they do (or are seen to do so), usual tortious principles would seemingly apply and there would be a credible argument to the effect that comments made by an employee on such a blog falls within the scope of his or her employer’s authority. Although not directly analogous, it is worth noting (not least given that the application of the law of defamation to modern technology has been steadfastly applied by reference to traditional principles) that, unlike some American law, there is no fetter under English law in differentiating between slander and libel. As such, employers have been held liable for the rashly uttered words of their employees, notwithstanding that such words were not spoken at the employer’s discretion. Thus, employers who encourage ‘unsupervised’ blogging are effectively leaving matters at the discretion of their employees and could arguably be considered liable for the outcome.
It would therefore be advisable that any company promoting blogging has a comprehensive policy governing use and content. Even then, however, a general prohibition on the publication of defamatory material is unlikely to suffice to exclude liability. Indeed, established case law would suggest that an employer can be liable for even unauthorised publication of allegations by an employee when that publication occurred incidentally to the performance of an authorised act. In such circumstances, the fact that the employee chose an improper method of performing his ‘duty’ is nothing to the point. It is not hard to see such logic applied to blogs where the employer has encouraged legitimate discussion of rival businesses.
2. What are the consequences? How much can individuals/companies be sued for?
The most obvious consequences are potential liability in defamation and/or malicious falsehood. The fact that these blogs are published on the internet (and are therefore potentially accessible worldwide) also leaves real dangers of litigation outside of the company’s own jurisdiction. There is no formal ceiling as such on any award of damages in the UK, but it is now accepted that awards should not exceed the maximum amount recoverable for general damages in respect of personal injury claims (currently £200,000).
In the UK, the embryonic development of the law of privacy has seen claims brought on such a footing tending to attract relatively low awards of damages (on the other hand, the most blatant and damaging breaches of privacy are almost always settled long before any trial). However, breaches of confidence concerning sensitive financial information or content can of course lead to substantial claims in special damage.
An individual employee can be personally liable and where jointly liable may seek a contribution or indemnity under the Civil Liability (Contribution) Act 1978.
3. If a Network host is notified of a blog that is defaming, and they do not remove the page – are they liable? Or, are they “innocent bystanders”?
The failure of a network host to remove a defamatory blog promptly when notified leaves it in real danger of losing its statutory defence of ‘secondary responsibility’ under section 1 of the Defamation Act 1996 and the Electronic Commerce (E.C. Directive) Regulations 2002 (SI 2002/2013 as implemented).
4. Are blogs governed by the same laws as traditional publishing?
Essentially yes. In terms of defamation, the only significant distinction is the additional protection provided by the Electronic Commerce (E.C. Directive) Regulations 2002. In general, the approach of the English courts has been to mould longstanding authority to ‘fit’ the dilemmas thrown up by new media rather than consider the issues arising from fresh.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Mobile computing – some legal issues
Please note the Law may have changed since the publication of article.
In this article we give an insight into some of the major issues that arise. However, there are many more and for further information, you may contact us.
Driving and mobiles
This is clearly a major issue, and there is more to it than one might think in terms of what the legal requirements are?
The first thing to note is that where an employer requires its staff to drive as part and parcel of their job, the car becomes part of the workplace and is therefore covered by the UK Health & Safety legislation.
The employer therefore needs to do a risk assessment of the use of the car, and that risk assessment should cover the risk of using the telephone whilst driving as well as all other risks associated with the type of driving which might be required and the type of vehicle used. The risk assessment in relation to use of the telephone should take account of whether that be a hand-held phone or a hands free kit. The risk, whilst considerably higher with hand held devices (and of course now illegal if done whilst driving) is high for both types of use and therefore employers should make it clear in their policies that mobile telephones should not be used AT ALL whilst driving and that drivers will not be required to use the phone at all whilst driving.
If there is an accident where the driver was on the phone and it is proved that the employer required or encouraged this, then the company is likely to be prosecuted alongside the driver; either for breach of Health & Safety or the causing or permitting offence. It might be surprising for employers to realise that prosecution by the Health & Safety Executive in relation to the lack of a risk assessment or the failure to have appropriate policies in place is a far more serious for the employer than the risk of a fine to the employee for falling foul of the new driving regulations. The fines for breach of Health and Safety are unlimited in the Crown Court and directors can face personal liability for fines, imprisonment, and even disqualification from acting as a director. There will also be the civil claim against the company from any victim of such an accident based upon “vicarious liability”.
Data protection
A lot of confidential stuff is now carried around on mobiles, PC and phones.
The 8th Data Protection Act principle deals with restrictions on transferring personal data outside of the EU/areas with equivalent data protection regimes. If one stores personal information legitimately collected within the EU on a mobile device and then that device is taken outside of the EU/areas with equivalent data protection regimes, that might well constitute a breach of the 8th principle. If this is a distinct possibility, the data collector would do well to cover this issue in the data protection privacy policy subject to which it collects the data in the first place and obtain the opt-in approval of the data subject to any such transfers to other jurisdictions.
Working Time Regulations 1998
There is currently a 48 hour limit on the hours employees can be required to work by their employer each week. This is an average which is calculated over a 17 week period. Employees can opt out of this limit but if they don’t, or if they have opted out and then choose to opt back in, the employer is required to monitor hours worked and ensure that the 48 hour a week limit is not exceeded. Clearly the issue of monitoring is complicated if staff are working away from the office. It is therefore vital in circumstances where staff have not opted out that employers have in place an accurate method of time recording – and that includes working time both in and out of the office and includes travel time if travel forms part of the job.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Choosing an ISP
Legal considerations and FAQ
What should my firm do to protect itself legally?
Please note the Law may have changed since the publication of article.
Ultimately, the legal protection will be based on the contract between the parties. However, before you even get to that stage, you should check out the financial stability of the ISP by company search and other available means and put in place a proper contract with the ISP containing appropriate safeguards and comfort, including the factors set out later in this article.
What should our contingency plan consist of if things go wrong?
You should check out and be satisfied with the host’s disaster recovery plan and, ideally, have your own to ensure that there is no risk of shutdown.
What are the main issues for the contract with the ISP to address?
From a legal perspective, there are many issues. Some of the most important contractual issues to check are as follows:
- A guarantee of a suitable available level of Bandwidth which should be “burstable” to a higher level to cover possible increases in requirements;
- Provision of Detailed Website Use Statistics at regular reasonably frequent intervals;
- Provision of any other data which the host has agreed to provide in such format and at such times as suit you;
- Keeping your information and that of your customers as available from the website confidential (there may be personalised sections of the site only available to particular customers on use e.g. of a particular password);
- A guarantee of minimum average uptime in a service level agreement or schedule (99.5% per annum is probably the lowest acceptable in most cases);
- A commitment to make frequent, ideally daily, data backups;
- An undertaking to keep your information confidential;
- The provision of ancillary email services such as forwarding;
- A commitment not to increase the hosting fee for at least the first year of the agreement and thereafter by a modest index-linked percentage;
- A warranty to comply with the requirements of the Data Protection Act 1998, including without limitation, taking appropriate measures to avoid unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
End of road for Which Web Trader
Please note the Law may have changed since the publication of article.
Which? is reported had ditched the Which Web Trader Scheme (WWTS) set up in June 1999. The scheme established an accreditation scheme based on companies selling to consumers fulfilling a comprehensive set of criteria for online trading. Apparently, the costs of running the scheme were proving prohibitive.
WWTS and the Consumers’ Association (CA), which administered it have had their detractors. There was particular ridicule in 2001 when the CA failed to apply to have its own TaxCalc website included within the scheme. This came to light because the CA inadvertently exposed 2700 sets of credit card details. As a lawyer specialising in this area, I have often been asked by companies to deal with issues raised by the CA in relation to the company obtaining or retaining its WWTS accreditation. It is generally true to say that for a company to be accredited, it had to reduce the limitations and exclusions in its own Terms and Conditions and give consumers rights in excess of those that would otherwise have been on offer. Companies generally considered this reduced protection a worthwhile price to pay for the additional custom that they would derive from consumers whose reluctant approach to purchasing on line would be overcome once they saw the WWTS certificate on a website. If there is no replacement scheme, there could be a significant impact on the level of consumer online purchases in the UK. The question then arises as to which sort of body would be able and willing to take on the role. In order for the average consumer to derive sufficient confidence from a certification, the issuing body would have to be well known and respected. Entities which themselves have active online operations would probably not be seen as sufficiently neutral and would probably not wish to endorse goods or services offered by competitors. The most appropriate certifying authority would almost certainly have to come from the public sector and the most obvious candidate would have to be the Office of Fair Trading which is already heavily involved in the regulation of online trade.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Online Casinos
A New Era?
Please note the Law may have changed since the publication of article.
Following the report published by the Gambling Review Board (“the Budd Report”), the Government has produced proposals which could potentially make the UK one of the best and most responsible places to locate an online casino operation.
Currently, the legislation which regulates gaming does not cover online casinos, potentially meaning that all such activities are illegal. The reason for this lies in the fact that it is the casino premises which must be licensed under current law and gaming may only legally be carried out from such licensed premises. Obviously this simply does not work with online operations which do not have “premises” as such. In fact, all of the various ways of “having a flutter” – gaming, casinos, bingo, gaming machines, betting and lotteries, are regulated in different ways by different pieces of legislation – and none of the legislation addresses the issue of online gaming by phone, internet or via interactive TV.
Recognising the need for change, the Government commissioned The Budd Report. The Report recommended that the requirement for premises to be licensed should be removed and replaced with an obligation for those undertaking gaming operations to be licensed. This paves the way for online casinos to be licensed. The report also recommended that in order to be licensed in the UK, those establishing online casinos should at the very least have a company incorporated here, locate their server in Britain and use a UK country code as their domain name and that unlicensed sites should not be permitted to advertise in the UK, thereby reducing the visibility of them for UK punters. These proposals are designed to give the online gambler some local recourse in the UK if things go wrong.
The Budd Report also recommended that all gambling should be regulated by a single body, called the Gaming Commission. This would establish standards for obtaining a licence and oversee all gaming operations.
The Government seems to have adopted most of the recommendations and its proposals (see DCMS‘s “A Safe Bet For Success”) mean that UK sites offering online gaming will be able to do so legally by applying to the Gaming Commission for a licence. It is intended that by applying for a licence, legitimate operations can be established with a responsible approach to gaming online. This will include the obligation for operators to have their gaming software checked by the Commission to ensure it is fair, standards ensuring that the site operators are “fit and proper” people to be operating a gaming site and preventing access to the site by children. Punters will also know which sites are licensed as licensed sites will carry a kitemark assuring them that certain standards have been met. Publication of the proposals will now be followed by a consultation period when those in the industry and outside of it can comment on it. If you have comments you should mail them to gamblingreview@culture.gov.uk
There is currently no date by which it is anticipated that the new legislation will be enacted. Anyone considering adding an online casino to their website should get specific advice on the legality of it and ways to ensure as far as possible, compliance with the law until such time as the new legislation is enacted.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Call Centres and the Data Protection Act
Some Legal Points to Note
Please note the Law may have changed since the publication of article.
- Customers should be advised if their details are to be stored, by whom and for what purpose. So, if the call-centre is taking details on behalf of another company, the customer must be advised of the name of that company. The principle behind this is that a customer (a person who is a living individual and thus a “data subject” for the purposes of the Data Protection Act 1998) has the right to choose who they give data to.
- If the call centre collects data for its own purposes, the customer has the right to choose not to have their data used and stored by the call centre.
- A call centre can only use the data it has for the purposes it was collected. So, if a customer gives information in response to an “insurance survey”, those details cannot be shared with banks offering insurance products unless the customer has agreed to data about them being used and shared.
- Data cannot be shared or transferred to third parties without the customers consent and may not be transferred to a party in a country outside the EU unless the country has laws which provide equivalent data protection laws or such laws have been deemed “adequate” by the Information Commissioner.
- All EU countries have “adequate” protection as the DPA stems from a European Directive on data protection.
- Data must only be stored for a reasonable length of time. Call centres must therefore ‘fillet’ their records periodically.
- There has not been any data protection prosecutions so far, but the Commissioner has indicated that now the transitional phases are over, a tough stance will be taken against offenders.
All call centres should have a data protection policy in force and should ensure that the “legals” are read to customers at the beginning of the call so that the customer can choose whether to proceed. Some are still guilty of not doing this and of expecting customers to “opt-out” of having their details shared when in fact “opt-in” (i.e. a customer has to positively agree to have their details shared) is now the most legal approach. Call centres can also store data they collect from their clients and cross-seed the lists used for one “campaign” with another. Unless customers have agreed to this, such practices breach the DPA.
The “legals” used include giving the customer the choice of whether or not their details be retained and shared. Often the “legals” also include details of whether calls may be monitored and indeed if they are, customers must be made aware of this.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Email Marketing
Please note the Law may have changed since the publication of article.
Internet law specialist, Simon Halberstam says that companies considering email marketing campaigns need to consider some basic legal issues before spending money on such campaigns. “Ask yourself where the email address came from and whether the person whose email address it is agreed to be marketed to in this way. Under the Data Protection Act 1998, personal data which includes email addresses, can only be used for the specified purpose it was collected for. This means if a person hasn’t agreed to being marketed by email, you might find yourself in breach of the DPA.”
Spamming
But Data Protection is not the only issue to be aware of. Simon says that “From a legal perspective, bulk emailing may be considered spamming. Whilst there is no specific legislation in the UK against spamming, it can be considered a civil wrong under the Interference With Goods Act 1977 and damages may be awarded against you for it. In certain circumstances the Computer Misuse Act 1990 which carries criminal sanctions may also apply. Also, it is not always easy to ascertain the location of a person to whom you send bulk email and if you send it to a person in a country such as the US which does have anti-spamming laws, you may face prosecution under these.”
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Spam – the legal position
Please note the Law may have changed since the publication of article.
These days an average email inbox has more spam than a cold war bunker.
The Electronic Communications Privacy Directive reinforces the Data Protection Act 1998 (“DPA”) and prohibits the sending of email advertisements to individuals unless they have given their prior consent to be marketed to in that way.
The effect of the change is that an individual may only be marketed to by email if they have agreed to be marked to in this way – by “opt-in” to such mailshots. Previously a person plagued with spam would have had to reply on the DPA, the Interference With Goods Act 1977 (on the basis that a computer was “interfered with” by being used to receive spam and bulk mail) and in certain circumstances the Computer Misuse Act 1990, which carries criminal sanctions.
The Directive does permit businesses to be marketed to however if they have received emails previously on the same subject. This means a business must opt-out if it does not wish to receive further communications of that nature. No one in my firm admits to ever having bought Viagra, but I wonder whether the fact that everyone here is bombarded with several emails a day offering it at “unbelievable prices” or “excellent value”, would require us to opt out of receiving these and effectively let the spammer know the mail boxes they sent the mail to are active.
Of course new legislation is only as effective as the enforcement of it and bulk-mailers are notoriously difficult to catch. One of the main problems with spamming is establishing the source of it. If you have ever tried sending an “unsubscribe” message to such a ‘service’ you will know that it often simply results in increased spam and junk mail. We shall have to wait and see the effect this new legislation has on spam received in the EU from computers located outside it and whether ISPs become more inclined to block service to people who spam for fear of being implicated under the Directive.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Legal relationship between web designers and clients
Please note the Law may have changed since the publication of article.
Simon Halberstam looks at some of the most important contractual issues relating to Website agreements. The article is based on the template Website agreements prepared by the author.
The normal course of trade involves three agreements; Website Specification Agreement (WSA), Website Design Agreement (WDA) and Website Maintenance and Operation Agreement (WMA). Each of these agreements should cover a wide range of legal issues. In this introductory article, a general overview is given. The articles are based on the template Website agreements prepared by the author. All issues covered In future articles, the issues specific to each of the agreements will be examined in more detail.
The sequence WSA, WDA, WMA reflects the typical commercial order of events. Having concluded a WSA, it is anticipated that the parties will then enter a WDA. After acceptance under a WDA, the parties will normally enter into a WMA.
It is normal practice and advisable from the Designer’s perspective for the Designer to provide the agreements which are to form the legal basis of the transaction. Whilst it is difficult to generalise, the Designer should be particularly cautious before agreeing any amendments to clauses relating to terms of payment, additional charges, intellectual property rights, indemnities, limitation of liability, warranties and governing law. Any such changes could have adverse legal implications, often beyond the grasp of the Designer.
1. Website Specification Agreement
This covers the scoping exercise carried out by the Designer after preliminary discussions with a potential Client. The specification developed as a result of this agreement may or may not lead to a WDA for the design of a Website based on that specification. The Designer may choose whether to charge for the specification or not. Charging for this process will prevent the Designer spending a lot of time with timewasters.
In any event, it is worth having a signed contract to cover this exercise as this may give some protection from potential liability should relations between the parties deteriorate.
2. Website Design Agreement (“WDA”)
This should cover the creation of the Website on the basis of the agreed specification and encompass acceptance testing of the Website by the Client. By linking the design to an agreed specification, such an agreement seeks to define the agreed work and to prevent the sort of profit erosion caused by “shifting goalposts” when Clients change their minds and expect the Designer to alter the design without extra charge for the extra work.
WDA should enable the Designer to charge extra for additional work, falling outside the agreed specification. Intellectual property rights are a major focal point. Once the Website is completed, WDA will normally provide for relevant copyright to be transferred to the Client on receipt of full payment. However, WDA should include provisions which enable the Designer to retain copyright in the underlying computer code and scripts. This enables the Designer legally to re-use the same code and scripts in other Website design projects.
3. Website Maintenance and Operation Agreement
As is the case for software houses, it is very important to have a separate maintenance contract. WMA gives the Designer a separate recurring revenue stream for hosting, maintaining and updating the Website. It also enables the Designer clearly to separate out those tasks which are covered by the annual fee from those for which extra charges can be made. This clear separation may well help avoid the financial embarrassment arising from confusion as to which tasks are covered by the maintenance fees and which are not. WMA should also provide a mechanism for extra charges to be made for extra work. Another issue which WMA should anticipate is the situation where a Client wishes to move its Website to a different host. Typically, WMA should enable this transfer to occur but entitle the Designer to charge a fee for licensing the appropriate codes and scripts.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Website Specification Agreements
Please note the Law may have changed since the publication of article.
Simon Halberstam looks at some of the most important contractual issues relating to Website agreements and focuses specifically on the Website Specification Agreement. The article is based on the template Website agreements prepared by the author.
Making the Terms Effective It is most important that the Client is given the opportunity to consider the terms of an agreement and signs that agreement before the Designer carries out any work. Designers should adopt a standard procedure whereby any enquiry from a prospective Client is responded to by despatch of a copy of the relevant agreement, possibly incorporated into the Designer’s order form.
Limitation of Liability
No limitation/exclusion of liability clause is bound to be upheld by a court. It is always a question of reasonableness in the eyes of the court. The court will look at many factors in determining reasonableness.
It is thought best not to merge the provisions together into a single sub-clause but to leave them as separate sub-clauses. The rationale for this is that a court may hold certain elements of a limitation of liability clause to be unreasonable and, if so, it may delete them. If all the provisions are merged into a single clause and the court objects to one element of that clause, the whole clause may become ineffective.
As regards setting a contractual cap on its liability, the Designer must give very careful consideration to the figure chosen. If the figure set has an obvious rationale, such as being tied into the Designer’s level of insurance cover this is also likely to be taken into account.
Dispute Resolution
Another issue to consider is whether instead of arbitration, the agreement should provide for alternative dispute resolution. This is said by its supporters to be more time and cost effective than arbitration or litigation. Furthermore, because of its less confrontational approach, it is likely to enable a more amicable outcome, providing for an ongoing business relationship.
Intellectual Property Rights (“IPR”)
In most projects, the Client will provide material to the Designer to enable the Designer to create the specification. The material may comprise literary, photographic, video and other kinds of material. It is very important that the Designer obtains a warranty and, ideally, an indemnity from the Client to the effect that the Client owns or is otherwise entitled to provide the source material to the Designer.
This gives the Designer some protection in the event that it unwittingly infringes third party IPR in such material. It is quite possible that despite appearances, and maybe reassurances to the contrary, the rights may be owned by a different company in the same group as the Client or by an entity completely unrelated to the Client.
This would cover, for example, the situation where the Client gives the Designer a copy of its publicity brochure which includes a photograph which the Designer proceeds to incorporate in the specification. It then transpires that copyright for electronic transmission of the photograph over WWW has been retained by the photographer. The photographer sues the Designer for breach of his copyright.
The law provides that copyright and other IPR in a work belong to the author of that work. The two exceptions are where the author is an employee of another entity in which case the employer will own the IPR and where a document signed by the author transfers the IPR to another entity.
Thus, in principle, the Designer should end up owning the IPR in the specification and the Client cannot legally take away the specification for use by another Website designer. However, it is often wise for this to be spelled out contractually to avoid any implication to the contrary.
If the Client does want to have the specification implemented by another designer, then the original Designer would be at liberty to charge a supplemental fee for assignment of the IPR. Such a clause is particularly useful if the Designer has made little or no profit from creation of the specification.
If the Client balks at this clause and wishes it removed or altered, the Designer may ask itself why as it may well indicate an intention not to enter into a Website Design Agreement with the Designer and the Designer should in such circumstances price the specification work accordingly.
Fees
The Designer should issue the invoice for the Fees at the same time as it provides the specification to the Client. The contract should provide that the Designer is entitled to payment for provision of the specification to the Client, not that payment is conditional on the Designer delivering a document which meets with the Client’s absolute approval.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Website Maintenance and Operations Agreements
Please note the Law may have changed since the publication of article.
Simon Halberstam looks at some of the most important contractual issues relating to Website agreements and focuses specifically on WMA. The article is based on the template Website agreements prepared by the author.
Readers who have missed the previous three articles should refer back to them, as some of the issues covered are equally applicable in relation to WMA.
Data Protection
Both parties i.e. the host and the Client must ensure that they are appropriately registered under the Data Protection Acts 1984 and 1998. The Data Protection Registrar has already tracked down Websites which are not covered by appropriate registration and various prosecutions are already under way. Fines of up to £5,000 may be imposed.
Problem Levels
Whereas every problem experienced by the Client or its customers in relation to the Website is important to the Client, it is unreasonable for the Client to be able to make unreasonable demands of the Maintainer. For this reason, it is very important that the different types of problems be categorised in the WMA into different levels of gravity with corresponding levels of urgency. The Maintainer’s response and repair obligations will depend on the gravity i.e. level of the Problem.
Updates v Upgrades
Whereas the former will typically just cover revisions to existing Website data but not any design or other changes to the Website, the former will include enhancements to operation and functionality. It is important that these terms be defined separately and accurately. Whereas Updates will usually be included within the annual maintenance fee, the Maintainer should have the right to charge a supplement for Upgrades.
Working Hours
The contract should provide that the services will only be provided during the Maintainer’s normal working hours. Additionally, provision may be made for “out-of-hours” service but only on the basis of additional charging.
Third Party Dependencies
As the Maintainer will typically be dependent on a variety of third parties in order to be able to provide the contractual services, the agreement should expressly excuse the Maintainer for its failure to provide any services where such failure results from the “failure or interruption of services provided by third parties”. This would include interruption in the ISP connection or datastream information services.
The Client has a contract with the Maintainer and not the ISP or other third party and therefore any performance warranties given to the Maintainer by third parties will not be of any direct benefit to the Client.
Charging
The agreement should clearly provide what is being provided for the annual maintenance fee and should entitle the Maintainer to charge extra for any supplementary services. For example, in respect of Updates, there should be a provision which limits the frequency and extent to which the Client can require the Maintainer to update the contents of the Website without incurring additional charges.
If this is the case, WMA should stipulate that changes to the layout and format of the contents of the Website and changes to links fall outside the ambit of the Maintenance Fee and will be chargeable.
Transfer of Website to Different Host
The Maintainer should also consider including a provision allowing it to charge the Client a fee if the Client decides to transfer hosting to another operator. The clause should provide that if the Client decides to terminate the WMA but wishes to continue using the Website designed by the Maintainer, it must pay a one-off licence fee for use of any scripts or coding incorporated into the Website.
Defamation
Many readers will be familiar with the recent Demon v Godfrey case where Demon were sued because of defamatory material which had been posted on one of their usegroups and which was defamatory of a certain Godfrey. A similar scenario can arise with Website hosts who are contacted and required to “pull a site” because it contains defamatory or otherwise offensive material.
This is a “Catch 22” situation for the Maintainer who may become a party to the defamation if it does not comply but may breach its contract with its Client if it does. WMA should therefore include appropriate wording to enable it to suspend a Website with impunity if it has reasonable grounds for considering the contents to be defamatory or otherwise objectionable.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. The contents are intended for general information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Legal position of email disclaimers
Employers are responsible for the actions of their employees.
Please note the Law may have changed since the publication of article.
Norwich Union paid out £450,000 several years ago because of a libellous email sent by one of its employees. Defamation, unintended contract formation, misdirected emails all bring into focus the desirability of email disclaimers. The questions are what form should such disclaimers take and what is their likely effect.
In this article, Simon Halberstam considers these and related issues. The issues are considered more thoroughly in a guide to internet law available from Simon’s firm, details of which appear below.
General
The value of disclaimers is limited, since the courts normally attach more weight to the substantive content of the communication and the circumstances in which it is made than to any disclaimer. Having said that, disclaimers may possibly be helpful if an issue ends up in court in various respects such as those described below and, since disclaimers cost (almost) nothing, it is worthwhile to use them. Even though their effectiveness in court is doubtful, they may provide a useful argument in negotiations to resolve a dispute.
The comments below are based on the position under English law. It is likely that the position under the laws of most other countries is similar on most points, but specific consideration of the relevant laws of other countries would be an extensive exercise. One area where the laws of other countries is different is the compulsory disclosure of documents for legal proceedings. Many countries whose legal system is not derived from English law do not have compulsory disclosure, in which case the issue of exemption from disclosure does not arise.
Confidentiality
Under English law a recipient of a communication is obliged not to disclose its content or use it for a purpose other than the purpose for which it was communicated, if (but only if) the communication was expressly or implicitly confidential. Whether a communication is implicitly confidential depends on whether a reasonable person in the position of the recipient would regard it as confidential. Clearly this leaves room for argument and there have been differing decisions on whether information provided voluntarily for the purpose of interesting the recipient in doing business is confidential.
Therefore an express statement that a communication is confidential may well make the difference between its being treated as confidential or not. It could be argued that such a statement is not effective in certain circumstances, for example if it is in small type and liable to be overlooked, or if it is at the end of the message and only seen by the recipient after he has read the substantive content. A clear and prominent statement of confidentiality is therefore to be recommended. However, even in the absence of such clarity, a disclaimer may be effective in relation to a particular message, particularly if the recipient has received messages from the same sender with the same statement previously.
A practice of expressly stating that Emails are confidential may also make it easier to enforce confidentiality obligations on employees and ex-employees. In deciding whether information disclosed to an employee is implicitly confidential or within the scope of an express confidentiality provision of a contract of employment, one of the factors to be considered is whether information of the kind has been treated by the company as confidential.
A suitable statement might be: “Unless otherwise agreed expressly in writing by a [senior manager] of [company], this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately.”
Legal privilege
In English legal proceedings there is a general obligation to disclose relevant documents to the other party. For this purpose documents include information stored electronically and could include communications which have been erased but can be restored. This is, however, subject now to a requirement that the exercise of reviewing the documents which might be relevant should be proportionate to their likely value and the amount at stake in the litigation. Nevertheless, Emails required to be disclosed may provide significant relevant evidence in a commercial dispute.
Confidential communications passing between a company and its external and internal legal advisers for the purpose of giving or obtaining legal advice and communications which come into existence in preparations for legal proceedings are exempt (“privileged”) from this obligation of disclosure.
A confidentiality statement as discussed above helps to make the communication confidential, but its status as a communication made in circumstances attracting the privilege may be supported by a further indication to this effect and claiming the privilege. Such a statement will also warn a person who subsequently has the task of sorting out documents and deciding whether they should be disclosed or privilege claimed. However, such a statement will not confer privilege on a communication which is not in fact made in the circumstances described above. In addition, the statement would be devalued if it were used on communications not entitled to the privilege.
Subject to the above comments, a suitable statement on privilege might be: “This communication is made for the purpose of obtaining legal advice or preparing for legal proceedings and legal privilege will be claimed accordingly.”
Viruses
Computer viruses can of course be transmitted by Email, particularly in attached files. It is desirable to attempt to place the risk and responsibility for checking on the recipient. Whether this would be wholly effective to avoid or limit liability will depend on the circumstances, but it is worth a try. Suitable wording might be: “WARNING: Computer viruses can be transmitted by Email. The recipient should check this Email and any attachments for the presence of viruses. [Company] accepts no liability for any damage caused by any virus transmitted by this Email. This Email and any attachments may not be copied or forwarded without express written permission of [a senior manager of company]. In the event of any unauthorised copying or forwarding, recipient will be required to indemnify [the company] against any claim for loss or damage caused by any viruses or otherwise.”
Libel, infringement of copyright and other wrongful acts
Under English law a company is liable for wrongful acts (torts) of its employees in the course of employment. The informal but recorded nature of Email has made liability for defamation a real risk, and this has been well-publicised. The ease with which software, data, text, music and graphics can be copied on computers, and the increasing organisation and vigilance of copyright owners, have also made this area one of significant risk.
Adding a disclaimer will probably not make any difference if an Email is sent in the course of employment, and is unnecessary if it is not. Nevertheless, a disclaimer on the following lines might possibly affect whether wrongful acts are characterised as being committed by employees and might also concentrate the minds of the employees: “Employees of [company] are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by Email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liability arising.”
Contractual commitments
A binding legal contract can be formed by any exchange of communications passing between individuals who have actual or apparent authority to bind their companies. The communications can include Email, and there is a risk that this may bypass both internal procedures and any standard terms protecting the company. Again, this risk may be greater with Email than conventional procedures because it is both apparently informal, yet fully recorded.
An attempt may be made to limit the apparent authority of individuals to bind their company by wording along the following lines: “No employee or agent is authorised to conclude any binding agreement on behalf of [the company] with another party by Email without express written confirmation by [a director of the company].”
Sexual and racial discrimination and harassment
Nasty or even just careless internal emails may give rise to claims of discrimination and harassment. The importance of avoiding this should be drawn to the attention of all employees and covered in the company’s employment code of practice. It is unlikely that a company could avoid liability in this respect by virtue of a disclaimer.
© This article is copyright Simon Halberstam .2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. The contents are intended for general information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.
Defamation and the internet
Please note the Law may have changed since the publication of article.
In the second in our series on tort and computer law Simon Halberstam examines the tort of defamation and the internet.
Given its background as a forum for free speech and the dissemination of ideas it is not surprising that, now e-mail is in the commercial mainstream, its transfer to that forum has produced certain problems. The problem centres on the fact that when sending Emails, many users feel free to express opinions they would not commit to paper when writing a business letter or talking to a group of colleagues. As a result of this, users often make imprudent statements. The problem with the net is that once the button is pressed to send a message, or the information or view in question is uploaded onto a website, it is “published.” In defamation it is at this stage that an offence occurs.
The accepted legal definition of defamation is “the publication of a statement which tends to lower a person in the estimation of right-thinking members of society generally.” The “statement” can be words, visual images or some other method of signifying meaning. Defamation takes two forms, libel and slander. Libel involves (amongst other things) writing or printing a defamatory statement. Slander is speech or gestures of a defamatory nature.
A person who is defamed may feel understandably aggrieved and may decide to take action to prevent circulation of the statement. Normally, the person would approach the publisher or the author. The problem with the WWW is that the identity of this entity is often far from obvious. So who does the aggrieved person approach, and ultimately sue particularly if the person who made the statement is untraceable or financially, not worth suing? In a number of notable recent cases, ISP’s have been sued for defamatory newsgroup content on the basis that they as hosts of the newsgroup, are the “publishers” of the defamation.
In Cubby -v- CompuServe [1991] CompuServe were sued in respect of a message appearing in a local newsgroup. CompuServe had employed another company to edit and post information to the site and CompuServe argued that, as it employed a third party to edit information in the newsgroup, it was akin to a newspaper vendor who has no control over the content of the newspapers it sells. The New York court accepted this argument.
In Stratton Oakmont -v- Prodigy [1995], another American case concerning a defamatory statement made in a local news forum, despite the fact that Prodigy had employed “board leaders” to remove material after it was posted, Prodigy were found to be publishers of a defamatory statement. The reasoning for this was that Prodigy advertised itself as a “family orientated computer network” which could control site content and prevent publication of inappropriate messages. As such, it had assumed responsibility for the site and was obliged to prevent publication of defamatory statements.
At long last, we have a case in Old Blighty. In 1997 an unknown person made a posting in the USA in the Demon newsgroup soc.culture.thai. The posting was “squalid and obscene”. It purported to come from an academic whose name is Laurence Godfrey and invited replies to his email address. Mr. Godfrey does exist but was not the author of the statement. The effect of the statement was to defame Mr. Godfrey. When Mr. Godfrey became aware of the posting he sent a letter to the managing director of Demon informing him that the statement was a forgery and requesting that it be removed. The statement was removed by Demon approximately ten days later in the course of ordinary news filleting.
Mr. Godfrey claimed that this had been too slow. Demon claimed that under the Defamation Act 1996 they had a defence in that they were not the publishers of the statement. The court agreed that Demon was not the publishers. However, its defence failed as Demon could not show that it did not “know or have reason to believe that what [it] did contributed to the publication of a defamatory statement.
Whilst in the above case, Demon conceded that it had the ability to delete one message from a newsgroup, this is not always possible and in some cases, to prevent publication of one defamatory statement, a whole newsgroup would have to be deleted. It seems obvious that problems will arise in cases where a person claims a statement defames them and the ISP either has no way of knowing whether the statement is defamatory or whether the complainant is in fact the person defamed. Another concern for ISP’s must be whether, by deleting statements or whole newsgroups, they are breaching their contracts with the users who expect to participate in and receive news from newsgroups.
In light of the Demon case, ISP’s should consider monitoring sites they host and removing ‘offensive’ text and implementing a procedure whereby complaints made can be investigated. It would also be advisable for an ISP to review its terms of business so that it can remove or suspend postings without being in breach of its contract with users.
A slightly different variant of the problem comes with those who host client websites where a third party alleges that the website contains defamatory information. Who does the host believe and should it risk breach of contract with its client by removing the material or “pulling” the website?
For employers the problem is particularly acute as they are responsible for emails sent by their employees. A defamatory email cost Norwich Union £450,000 last year. It is therefore vital for companies to have proper email policies in place and to make appropriate changes to the contracts of employment in order to give the email policy teeth.
Simon Halberstam has produced a guide to the legal issues including a detachable email policy for employees and provide in-house seminars to companies on the legal implications involved in doing business on the WWW.
© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.