Tech & Sourcing @ Morgan Lewis


With the world in various states of lockdown, your organization’s online presence is more important than ever…even more so with official enforcement of CCPA beginning last month. It may be a good time to spend an afternoon reviewing and updating the legal boilerplate on your organization’s website. Here is what we recommend for a basic three-part review to get you started:

  • Privacy Policy. Many clients updated their policy earlier this year to reflect changes required by CCPA. If you fall into this category, then ensuring that the proper version of your privacy policy is reflected on your website, typically in the footer, is a good idea. You would be surprised to know how many clients update their policy, but then fail to actually post the correct version publicly. If you did not recently review your privacy policy, it may be a good time to do so. In addition to seeking advice on changes recommended in light of CCPA, it is also good hygiene to pull the policy and give it a fresh read. Has your organization’s collection practices changed? Has your organization began using or disclosing data differently than it has in the past? A privacy policy only protects your organization to the extent that it is accurate and complete, so periodically spending an hour or so to ensure its accuracy is typically time well spent.
  • Terms of Use. In addition to the privacy policy, most websites also have a general boilerplate document called a Terms of Use that essentially operates as a “shrink wrap” license agreement for visitors. Making sure that this document contains the basics is a quick and easy step that establishes the baseline legal protection for the site. This document should have an express grant to use the content and features on the site, a statement that the site may be discontinued at any time, standard disclaimers of warranties and limitations of liabilities, an address or other contact for notice, copyright notices, and choice of law provisions.
  • Terms of Service (Transaction Mechanisms). The final aspect of our quick and dirty website review is to ensure that any transactional offerings on the site are operational and complete. For example, if your website contains an online store for the purchase of physical products, there should be a terms of sale agreement that is presented and accepted by customers during the ordering process. Unlike the Terms of Use mentioned above, Terms of Service are typically “click wrap” agreements that require some affirmative action on the user, such as clicking an “I agree” button or checkbox that demonstrates agreement. Any basic website checkup should include a review of the acceptance mechanisms to ensure that the proper document is being displayed and accepted by users in a clear and conspicuous manner.