When:
Review copyright and privacy policy at least annually; check for broken links quarterly.
Why:
Legally protect your organization's Web content, ideas, logos and information. Because of cookies, IP-address harvesting and spyware concerns, your organization needs a privacy policy to govern its collection and use of information. This policy on policies will no doubt continue to be revised as European Union, Canadian and other cross-border laws evolve.
Strategy:
All primary Web pages and any page that collects user information should have a link to your privacy policy.
To put users on notice of your company's copyright, all "top-level" or primary Web pages should have a copyright notice such as "All Rights Reserved, (c) 2000-2004 ABC Company."
Every company Web area that allows outsiders to post content must have guidelines that detail prohibited conduct and reserve your right to edit, modify or delete content as you see fit. Your legal department can tailor appropriate guidelines for your site.
For trademarks owned by your company, the first use of any trademarks and service marks appearing on a publicly-accessible Web page should be designated with a (R) symbol for registered marks, a (TM) for trademarks or an "sm" symbol for unregistered marks, to provide specific notice to end users of your company's rights. Your company's trademark rights can also be stated in the "Legal Information" hyperlink at the bottom of a main, external Web page.
Ensure that your company has clear license rights to use any patented technology on any internal or external site. Such licenses should indemnify your company for the use of the technology against third-party claims of infringement.
If your company links to other associations or companies, don't use these links to suggest your organization endorses the site or the site's content or owner.
When "posting" cryptography-related software on a server, especially any server located in the United States, get approval from your legal department.
Constantly update content because outdated information on your company's Web site can expose you to liability. If your company places time-sensitive offers on its Web page, indicate when the offers expire. And broken links annoy potential customers looking for information; automated link crawlers can check the veracity of your site's links.
More information:
A short and sweet example of a copyright and privacy policy can be found on the U.S. Fish and Wildlife Service's site; for a longer example, see The American Bar Association's Web site.
If you need to copyprotect images, models and such, copy-protection tools can be found through a search engine by entering terms like "Digital Rights Management" or "protect Web content." You can also ask other large companies what they are using -- just be forewarned that some will tell you and some won't.
Get the latest on international encryption information from the Bureau of Export Administration's Office of Strategic Trade and Foreign Policy Controls, Information Technology Control Division.
About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to mailto:securityplanner@infosecuritymag.com
Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.
Last week: Are you throwing out company secrets? (Part 2 -- data destruction)
Next week: Social engineering
