10. No Website DisclaimerSets stageInforms court You know what you are doingYou are proactiveAggrieved partyChanges perception of success at trialMay shift burdenScope of disclaimer varies with websiteIncludeNotice of errors and omissionsDisclaimer of contractual relationship (if appropriate)Website/industry disclaimersDo not includeRedundant disclaimersUnreasonable disclaimersDraft for typical website visitorConsider type of information on websiteCollectionDistribution Presentation Consider “standard in industry”Update as appropriateMake sure you understand disclaimer
9. Privacy BreachesYouEnd userCollected informationUse SecurityDispositionAvoid surprises for end userPrivacy PolicyDo not unnecessarily restrict yourselfEasy to narrowDifficult to broadenBe aware of industry specific requirementsGramm Leach BlileyCOPPAHIPAA
8. No Chain of commandEveryone thinking someone else is handling the problemCEOCIOOutside counselOfficers and directors Key to designating chain of commandMay be held personally liable Made aware of the problemFailed to take appropriate action
Develop a coordinated chain of commandRequireWritten reporting procedures and protocols Addressing of IT issues on a timely basis Designate Chief Information Officer (“CIO“)Coordinate directly with the Board of DirectorsReduce critical delays and failures
7. Losing Intellectual PropertyPrincipal asset of most online companiesTrademarksCustomer listsProprietary technology PatentsDue diligence What do they haveCollect documentation regarding ownershipMaintain IP portfolioDocument intellectual property transfer procedures before useInform appropriate personnel of policiesObtain protectionTrademarksPatentsCopyrightsUse an intellectual property attorneyHave a readily available portfolioIdentify potential IP revenue streamsLimited time to take actionAssess value ProtectDo not protectMake active decisions Easy once structure in placePrevents valuable IP being lost forever
6. Security BreachesAnnual cost is $1.5 trillionHackersDisgruntled/Careless employeesDOS AttackDefacing websiteVirusesHijacking bandwidthAllowing unsecured access to websiteDeleting sensitive dataFailing to back-up sensitive dataGiving out passwords over the phoneDo not thinkWe are not a targetFirewalls prevent all hackingPasswords prevent unauthorized accessIT Department will prevent any LossAll our employees are
TrustworthyVigilantIT savvyOur lawyers have it covered Our contracts transfer all liabilityOur Vendors have the ability to pay for their negligenceAssess dangerTake action Designate Chief Security Officer (CSO)Identify and prioritize risksAdopt written security policiesConduct Security AuditTrain employeesTake ActionRequire security from vendorsDeter hackersUpdate policies and technology just ahead of industryShare strategiesTailor security plan toType of information collectedUnique vulnerabilitiesBe able to trace intrusionAction plan for breachesIdentify quicklyIsolate breached areaHave disaster recovery plan in placeDo not be The WorstThe Best
5. Breaking the LawHundreds of laws governing online activityGLBHIPAACOPPAHaving your ducks in a rowReduces exposureReduces required remedial measuresDesignate internal regulatory compliance committeeKeep abreast of changing lawsEspecially in your industrySeverity of government enforcement probably as important as language of statuteAgencies were not as aggressiveGive business time to adoptLet market work outKinksVulnerabilitiesBest practicesNow agencies much more aggressiveAgencies know what to look forFew companies not in complianceBe prepared to respond quickly and thoroughly
2
Thousands of Things Can Shut
Down Your WebsiteHardware Failure
Software Failure
Employee Mistakes
ISP Mistakes
HackersForce
Majeure
Legal Oversights
3
5
Things to remember
Fixing every flaw is too difficult
No lawyer can find every flaw
No website is perfect
Perfect websites still get sued
Look for trends
Address issues quickly
General Advice
Look to others in your industry
Stay abreast
of changes in the
law
Open communication
with your lawyer
Share Strateg
ies
6
7
Address problems quickly
Have an action plan
Prepare for the
unexpected
A few hours can make
the difference
Have forensics in
place
Get an attorney that knows IT legal issues
• Nearly invisible on most lawyers’ radar
• Most lawyers avoid cyberlaw advice– Not sure what to look for– Would not know what to do with a problem
• Most attorney’s simply cross their fingers
8
9
10. No Website Disclaimer
Likelihood of a lawsuit
Scope varies with
website
Draft for typical visitor
Consider industry standard
Update as appropriat
e
You must understand disclaimer
7. Losing Intellectual Property
Patent, Trademark, Copyright, Trade Secret
Principal asset of most online companies
IP Audit
Register protection
Keep IP portfolio current
12
13
6. Security Breaches
$1.5 trillion/yr
Hackers/employees
Do not get complacent - share intel
Identify/prioritize risks
Written security policies/audit
5. Breaking the Law
Regulatory
compliance
committee
Hundreds of
cyberlaws
Criminal and civil penalties
Monitor legislatio
n
Do not be the worst in
your industry
Be ready to adjust quickly
Industry specific
14
16
3. Intellectual Property Infringement
Patent, Trademark, Copyright, Trade Secret
Teach employees
No fair use
Confirm ownership before you use it
Attorney fees3x damages
17
2. Ignoring Your Lawyer
Ignoring advice
Not using contracts
Failing to keep lawyer in the
loop
Letting IP lapse
Failing to train employees
18
1. No Formal PoliciesPolicy
specific to company
Use previous nine as outline
Followed by all
employees
Living document
Monitor change
Before a problem arises
Benefits
Less likely to get sued
Less likely to have website
shut down
Clients happier
Vendors happier
Employees happier
Board of Director happier
Lawyer happier
19
Top Related