This article appeared in the June 2005 issue of Web Host Industry Review magazine. Click here to subscribe for free.
June 22, 2005 -- (WEB HOST INDUSTRY REVIEW) -- One particularly frustrating legal issue for many Web hosts is determining where liability to customers, vendors and the public begins and ends. The most frequent reason I hear for hosts not being up to speed on legal issues is "well, we haven?t been sued yet." Many believe that they are too small to be the targets of law enforcement or litigators. They may also believe that because they only provide "bandwidth and electricity," responsibility is pushed up the chain to vendors, or down to customers and the public. But ignorance, or lack of effort, is unlikely to remain a viable excuse for legal missteps.
Conduit Liability
The cornerstone of risk management for Web hosting companies is the Communications Decency Act. Although the Supreme Court has struck down almost all of the CDA as unconstitutional, the remaining provisions must be completely understood by you, your employees and your advisor, and be woven into every fiber of your business.
Under the CDA, liability is allocated based on the amount of influence you have over material passing through your network. Every member of your management team should have a thorough understanding of the CDA, and how your liability shifts as you move within its categories. Most hosts try to fall within the definition of a conduit. If you do, every member of your staff should understand what conduit liability is, and how it applies to your business. Think of yourself as the telephone company: you don?t create content, monitor it or comment on it. You are just a conduit through which content is disseminated.
Understanding the concept of your business as a conduit, or wherever you fit within the CDA, will move you closer toward fully assessing your upstream and downstream liability issues. A pure shared Web hosting company, in some situations, may be almost totally shielded by its conduit status. But as you begin to move along the value chain, providing services such as Web design templates, which are considered content, that shield erodes. Understanding how this works will help you make better business and risk decisions.
Incorporating CDA status into your business becomes easier once you?ve explained the fundamentals to your company. When negotiating a contract with a company that provides template driven Web site design, you can determine the extent to which this particular feature fits within your risk tolerance. By determining where you fall within the CDA, you can negotiate clauses into the agreement that help you better allocate risk with your vendor.
You may also consider using the CDA in your customer service training. If your service representatives better understand liability, they will be more likely to assume those customer problems for which you are truly responsible, and with knowledge will be more likely to pass on problems outside this area to vendors or other parties having a greater knowledge.
Initial strategies
The CDA is not a magic bullet for risk issues. It?s a rare host that provides shared Web hosting and nothing else. The true key to managing liability issues is understanding where your contracts ? and the law ? have allocated liability, keeping in mind your resources for addressing these issues.
One mode of addressing them is marketplace differentiation. Every Web host believes that its product has differentiating factors that will cause the marketplace to favor it. Certainly every business can identify when more of its resources are going to one area over another. So if you differentiate yourself by the strength of your bandwidth contracts, you may want to focus on telco compliance. Not only will this area be well understood within your company, it will also likely be the source of more outside scrutiny since you focus attention on it publicly.
Another method is resource allocation. While not having the resources to comply with a law is never a defense to having violated it, using economic factors to help prioritize your risk analysis is a good way to begin a compliance strategy. For example, you may find that the money you allot per quarter to compliance issues is insufficient to hire an attorney to revise your AUP and TOS. But it may be sufficient to have him review your privacy policy. By beginning to think of compliance as a necessary business expense, you will begin to chip away at areas of potential exposure.
One final method is to ask your lawyer for a compliance consultation. Lawyers are often willing to spend part of their day with your management team analyzing your business and identifying risk. Many lawyers who truly understand the laws that affect your business will do this at no charge. Once this review is completed, you?ll have an idea of where your areas of greatest risk lie. You will also have an idea, from your lawyer, of how to allocate scarce resources to deal with those issues that are most important.
