Simple rules for protecting your domain name

We work with a lot of internet service providers, and one of the biggest headaches is determining who actually owns a particular domain name or account, particularly when the website is created by a third-party webmaster or other service provider. Here are a few tips which will help you protect your valuable online presence:

• Register the account yourself, in the company name, with a company credit card
• Don’t give out the password except as needed
• If your web designer or staff opened the account, make sure someone in management has the password as well (or, better yet, require that it be re-registered in the name of the company)
• Make sure you change the password before firing anyone who has access to the account
• Most registrars offer the ability to lock a domain name, use it!
• Make sure you are listed as both the registrant and administrative contact for the domain name
• Use an e-mail address for the account which you know you’ll keep, and which isn’t in a domain which is in the account
• Keep an offline backup of the website
• Address domain/password ownership in any contract for design or hosting (or, in the case of business partners, in the shareholder’s agreement

CNet offers up another excellent idea – maintain (or create) a copy of the company website on a second server if you think (or know) that your webmaster may not be around for long. This allows you to switch to the backup website quickly in the event of a problem.

California dreaming? Not for online businesses

Most online business have terms and conditions which require that litigation brought relating to those businesses be brought in the business’ preferred jurisdiction. That, of course, make sense for the business, particularly smaller businesses which don’t have the resources for lawsuits brought over the entire country. Of course, the flip side is that unhappy consumers end up with a lousy draw, and may be forced to bring any litigation in an unfriendly jurisdiction quite far away from home.

Apparently California is willing to take a second look at those clauses, at least where California public policy is concerned. In a case involving the massive disclosure of data by AOL, a California court has decided to permit the litigation to proceed in California, notwithstanding the jurisdiction clause in AOL’s contract with its customers. That clause requires that any litigation be brought in Virginia.

Given the outrage over this particular incident, the decision may not be surprising, but it may well pave the way for more discretionary application of online jurisdiction clauses

What good is a privacy policy?

Privacy is a tricky subject in the US, in large part because we don’t do much to protect it. On the consumer side, American consumers tend to opt for convenience over security, as anyone who has ever done online banking in Europe can attest. On the legal side, there is no overarching privacy law governing the protection of personal data. Instead we make do with a hodge-podge of state laws and federal laws intended to cover certain industries or limited ranges of data, such as e-mail communications or health information. Many of the state laws focus on notice after a breach, rather than protecting the data itself, leaving most consumer with two options: keep your data to yourself or enter into a contract to protect your information.

A recent case out of Louisiana illustrates the limits to the latter approach. In Pinero v. Jackson Hewitt Tax Service Inc., a Louisiana court decided that simply dropping old tax records in a dumpster doesn’t violate that state’s notification law, and that the plaintiff could not recover based on a signed “privacy policy,” at least absent actual damages. While the former is surprising enough, the latter decision would seem to allow businesses a fair amount of leeway in the handling of personal data even in the face of a clearly stated (and agreed to) policy.

It’s a somewhat chilling reminder that privacy protection is a do-it-yourself activity in this country.