1. 1 TOP TEN LEGAL OVERSIGHTS THAT CAN SHUT DOWN YOUR WEBSITE © 2007 Brett J. Trout www.bretttrout.com

2. 10. No Website Disclaimer Sets stage Informs court You know what you are doing You are proactive Aggrieved party Changes perception of success at trial May shift burden Scope of disclaimer varies with website Include Notice of errors and omissions Disclaimer of contractual relationship (if appropriate) Website/industry disclaimers Do not include Redundant disclaimers Unreasonable disclaimers Draft for typical website visitor Consider type of information on website Collection Distribution Presentation Consider “standard in industry” Update as appropriate Make sure you understand disclaimer 9. Privacy Breaches You End user Collected information Use Security Disposition Avoid surprises for end user Privacy Policy Do not unnecessarily restrict yourself Easy to narrow Difficult to broaden Be aware of industry specific requirements Gramm Leach Bliley COPPA HIPAA 8. No Chain of command Everyone thinking someone else is handling the problem CEO CIO Outside counsel Officers and directors Key to designating chain of command May be held personally liable Made aware of the problem Failed to take appropriate action Develop a coordinated chain of command Require Written reporting procedures and protocols Addressing of IT issues on a timely basis Designate Chief Information Officer (“CIO“) Coordinate directly with the Board of Directors Reduce critical delays and failures 7. Losing Intellectual Property Principal asset of most online companies Trademarks Customer lists Proprietary technology Patents Due diligence What do they have Collect documentation regarding ownership Maintain IP portfolio Document intellectual property transfer procedures before use Inform appropriate personnel of policies Obtain protection Trademarks Patents Copyrights Use an intellectual property attorney Have a readily available portfolio Identify potential IP revenue streams Limited time to take action Assess value Protect Do not protect Make active decisions Easy once structure in place Prevents valuable IP being lost forever 6. Security Breaches Annual cost is $1.5 trillion Hackers Disgruntled/Careless employees DOS Attack Defacing website Viruses Hijacking bandwidth Allowing unsecured access to website Deleting sensitive data Failing to back-up sensitive data Giving out passwords over the phone Do not think We are not a target Firewalls prevent all hacking Passwords prevent unauthorized access IT Department will prevent any Loss All our employees are Trustworthy Vigilant IT savvy Our lawyers have it covered Our contracts transfer all liability Our Vendors have the ability to pay for their negligence Assess danger Take action Designate Chief Security Officer (CSO) Identify and prioritize risks Adopt written security policies Conduct Security Audit Train employees Take Action Require security from vendors Deter hackers Update policies and technology just ahead of industry Share strategies Tailor security plan to Type of information collected Unique vulnerabilities Be able to trace intrusion Action plan for breaches Identify quickly Isolate breached area Have disaster recovery plan in place Do not be The Worst The Best 5. Breaking the Law Hundreds of laws governing online activity GLB HIPAA COPPA Having your ducks in a row Reduces exposure Reduces required remedial measures Designate internal regulatory compliance committee Keep abreast of changing laws Especially in your industry Severity of government enforcement probably as important as language of statute Agencies were not as aggressive Give business time to adopt Let market work out Kinks Vulnerabilities Best practices Now agencies much more aggressive Agencies know what to look for Few companies not in compliance Be prepared to respond quickly and thoroughly 10. No Website Disclaimer Sets stage Informs court You know what you are doing You are proactive Aggrieved party Changes perception of success at trial May shift burden Scope of disclaimer varies with website Include Notice of errors and omissions Disclaimer of contractual relationship (if appropriate) Website/industry disclaimers Do not include Redundant disclaimers Unreasonable disclaimers Draft for typical website visitor Consider type of information on website Collection Distribution Presentation Consider “standard in industry” Update as appropriate Make sure you understand disclaimer 9. Privacy Breaches You End user Collected information Use Security Disposition Avoid surprises for end user Privacy Policy Do not unnecessarily restrict yourself Easy to narrow Difficult to broaden Be aware of industry specific requirements Gramm Leach Bliley COPPA HIPAA 8. No Chain of command Everyone thinking someone else is handling the problem CEO CIO Outside counsel Officers and directors Key to designating chain of command May be held personally liable Made aware of the problem Failed to take appropriate action Develop a coordinated chain of command Require Written reporting procedures and protocols Addressing of IT issues on a timely basis Designate Chief Information Officer (“CIO“) Coordinate directly with the Board of Directors Reduce critical delays and failures 7. Losing Intellectual Property Principal asset of most online companies Trademarks Customer lists Proprietary technology Patents Due diligence What do they have Collect documentation regarding ownership Maintain IP portfolio Document intellectual property transfer procedures before use Inform appropriate personnel of policies Obtain protection Trademarks Patents Copyrights Use an intellectual property attorney Have a readily available portfolio Identify potential IP revenue streams Limited time to take action Assess value Protect Do not protect Make active decisions Easy once structure in place Prevents valuable IP being lost forever 6. Security Breaches Annual cost is $1.5 trillion Hackers Disgruntled/Careless employees DOS Attack Defacing website Viruses Hijacking bandwidth Allowing unsecured access to website Deleting sensitive data Failing to back-up sensitive data Giving out passwords over the phone Do not think We are not a target Firewalls prevent all hacking Passwords prevent unauthorized access IT Department will prevent any Loss All our employees are Trustworthy Vigilant IT savvy Our lawyers have it covered Our contracts transfer all liability Our Vendors have the ability to pay for their negligence Assess danger Take action Designate Chief Security Officer (CSO) Identify and prioritize risks Adopt written security policies Conduct Security Audit Train employees Take Action Require security from vendors Deter hackers Update policies and technology just ahead of industry Share strategies Tailor security plan to Type of information collected Unique vulnerabilities Be able to trace intrusion Action plan for breaches Identify quickly Isolate breached area Have disaster recovery plan in place Do not be The Worst The Best 5. Breaking the Law Hundreds of laws governing online activity GLB HIPAA COPPA Having your ducks in a row Reduces exposure Reduces required remedial measures Designate internal regulatory compliance committee Keep abreast of changing laws Especially in your industry Severity of government enforcement probably as important as language of statute Agencies were not as aggressive Give business time to adopt Let market work out Kinks Vulnerabilities Best practices Now agencies much more aggressive Agencies know what to look for Few companies not in compliance Be prepared to respond quickly and thoroughly 2

3. Thousands of Things Can Shut Down Your Website 3

4. 4 Legal Oversights Lots of Crossed Fingers Lawyers unaware Businessunaware Advisors Unaware

5. 5 Things to remember

6. General Advice Look to others in your industry Stay abreast of changes in the law Open communication with your lawyer Share Strategies 6

7. 7 Address problems quickly Have an action plan Prepare for the unexpected A few hours can make the difference Have forensics in place

8. Get an attorney that knows IT legal issues Nearly invisible on most lawyers’ radar Nearly invisible on most lawyers’ radar Most lawyers avoid cyberlaw advice – Not sure what to look for – Would not know what to do with a problem Most lawyers avoid cyberlaw advice – Not sure what to look for – Would not know what to do with a problem Most attorney’s simply cross their fingers Most attorney’s simply cross their fingers 8

9. 9 10. No Website Disclaimer

10. 10 9. Privacy Breaches

11. 11 8. No Chain of Command Board of Directors Chief Information Officer Employees

12. 7. Losing Intellectual Property 12

13. 13 6. Security Breaches

14. 5. Breaking the Law Regulatory compliance committee Hundreds of cyberlaws Criminal and civil penalties Monitor legislation Do not be the worst in your industry Be ready to adjust quickly Industry specific 14

15. 15 4. Contracts Bad Contract Good Contract Cheaper (in the long run) Easier (expert writes it) (expert writes it) Quicker(templates) Limits Your Downside Cheaper Easier Quicker

16. 16 3. Intellectual Property Infringement

17. 17 2. Ignoring Your Lawyer Ignoring advice Not using contracts Failing to keep lawyer in the loop Letting IP lapse Failing to train employees

18. 18 1. No Formal Policies Policy specific to company Use previous nine as outline Followed by all employees Living document Monitor change Before a problem arises

19. Benefits 19

20. What if you still get sued? 20