SGH Martineau’s Andrew Brennan warns businesses that ignorance of the law is no defence when it comes to managing a website.

With an increasing number of customers choosing contractors through internet searches, an attractive, engaging website showcasing the services you offer and the quality of your work has never been more important. But while striving for a high Google ranking, have you given enough consideration to ensuring your website meets the minimum legal requirements?

Many businesses appear unaware of the laws governing corporate websites, or wrongly believe the laws only cover e-commerce sites or sites selling products to consumers.

The truth is, all UK-registered businesses must clearly display on their website the name of the organisation, the full registered address, place of registration and registration number and the VAT number, where appropriate. If a business undertakes regulated activities then it should also display details of any regulators.

For sole traders and partnerships, the address of the principal place of business must be shown. For businesses selling products, services or digital content to consumers through their website, detailed information about the offering and right to cancel must be provided.

In 2011 the law on cookies changed, with positive consent for their use now needed, but it appears many websites have still not made the necessary changes. Users could block cookies in their browsers if they are suspicious about an organisation’s policy, ruining the visitor experience, which could eventually require a costly re-design of the site for it to work without cookies. It’s better to explain which cookies are used, what information they’re gathering and what will be done with it.

The collection, storage and use of personal data, which includes the sharing or selling on of information obtained by sites, raise the most concerns regarding compliance.

To improve engagement with visitors, websites often exchange information for contact details, typically offering free reports or top tips, with details like email addresses, postal addresses and phone numbers secured. Importantly, if a visitor provides personal contact details, as far as the law is concerned, they have consented to being contacted.

However, whilst there is no issue with emailing them later, it must be in relation to their original enquiry or transaction and they must be able to unsubscribe from the communications and be removed from any list holding their personal contact details.

If a business wants to email individuals with general marketing information, unrelated to their original enquiry, they must obtain express ‘opt-in’ consent. This is often done by providing boxes to tick, but it is really important these boxes are not pre-ticked, as an individual must positively affirm consent and organisations risk enforcement action if they persist in using pre-ticked boxes.

These rules currently only apply to individuals (and, strangely, partnerships – but not LLPs) and not corporate visitors to a website, but businesses must still be careful, as corporate visitors might provide personal contact details and whether it’s for work or personal use is irrelevant.

Interestingly, if a website visitor provides address details and a phone number, the business is able to contact them by telephone or post for marketing purposes, unless or until they are told to stop.

When any business intends to use personal information captured through its website, it essentially becomes a data controller. As such, it must appoint a designated data controller and explain to those using the site whose information has been gathered, what data is being collected and why. A Privacy Policy should advise if this information is for direct marketing purposes and include a method of contacting the data controller – an email link will suffice.

The regulations governing websites are expected to be even tougher soon, with the introduction of new data protection laws. Failure to comply with the new rules could result in enforcement action and heavy fines, so businesses should put the work in now to ensure compliance and all the appropriate policies are in place.

Although not a legal necessity, a good set of ‘terms and conditions’ on a website can help prevent problems. These terms should define which activities a business undertakes and what Intellectual Property (IP) it owns on the site. A ‘disclaimer of liability’ is also prudent, advising visitors that whilst the information on the site is accurate to the best knowledge of the operator, it should not be taken as absolute fact.

It is fashionable for businesses to allow visitors to their site to leave comments and/or reviews, but in this case the business must have an ‘acceptable use’ policy that can easily be found on the site. This policy will protect the business if anyone posts illegal or offensive material, by allowing the site owner to take action, including removing posts, banning individuals and even reporting their activity – without this policy, the business could be the one in trouble.

Every UK business should check its site and ensure it complies; if in doubt, consult a lawyer that understand this dynamic area of law, then keep your eyes and ears open for future changes in the rules.

Andrew Brennan is an Intellectual Property and Technology lawyer at law firm SGH Martineau.