ocPortal Tutorial: Legal and social responsibilities
Written by Chris Graham, ocProductsIf you are running a website, in particular a large or corporate website, there are important legal and social issues that need to be understood, and procedures or rules need to be put in place.
Table of contents
- ocPortal Tutorial: Legal and social responsibilities
The default ocPortal 'rules' Comcode page if the Setup Wizard has not been run
It is inevitable that some members will break the rules, maliciously or accidentally, but they are still a powerful tool.
A good rules page will list offences of a balanced specificity, along with approximate associated punishments. It may also have a legal element, referencing law, and placing legal responsibility on the user.
ocPortal provides a number of default rules pages that can be chosen using the Setup Wizard. The rules page is linked into your menus, and is displayed for enforced agreement when a member joins the site. This page can be edited like any ocPortal Comcode page.
The default ocPortal 'legal' Comcode page
The sub-sections of this section briefly cover the main legal issues you are likely to need to consider.
PrivacyIf you are a commercial entity, or if you hold sensitive personal data, you are more likely to be affected by privacy laws than others.
ocPortal holds the following data:
- member profiles, including custom profile fields. Profiles are likely visible to any visitor to the site (depending on your zone access configuration), and you can define whether custom profile fields are visible.
- the 'online status' of all members. This is publicly visible.
- access statistics that allow you to see where-ever users have been on your site. This is not publicly visible.
- logs of user interactivity with the site. This is mostly not publicly visible, except for submitted and edited content.
- point transactions. The point 'giver' may define whether they are anonymous from the public, but they will not be from the staff.
- security logs for suspected hack-attempts. This is not publicly visible.
- personal topics. These are only visible between sender and receiver, and staff (when intentionally viewed).
- personal posts. These are only visible between sender and receiver, and staff (may be viewed unintentionally).
It is not necessary to state that submitted-for-publication content will be visible as the user will know this is not personal data at the point of submitting it.
Depending on your jurisdiction and situation, you may need to register with a 'data commissioner' for holding personal data.
You may also wish to include your policy with respect to deletion of publicly submitted content upon request by the submitter or another party.
AccessibilityIt is arguable that under discrimination laws, your website must satisfy the web-accessibility-initiative (WAI ), web content accessibility guidelines (WCAG ). Fortunately ocPortal complies to the highest level of accessibility under these guidelines (for all interfaces: user and administrator), which is rare, as the vast majority of web applications are not close to complying with the lowest level of accessibility.
As a site-maintainer however, there are accessibility guidelines that apply to content that ocProducts can not arrange-for on your behalf. Also, if you modify the default ocPortal templates, it is very easy to degrade the inbuilt accessibility.
For more information, see our accessibility tutorial.
SalesIf you use your website to drive 'electronic' sales, then it is likely there is legislature regulating your activities. In the UK, these are known as the 'distance selling regulations' and are essentially involved in making sure that adequate provisions are put in place to make up for the lack of personal communication that is inherent in a brick&mortar store.
Your website would, of course, also be party to legislation on all forms of business, including issues such as tax. International VAT/sales-tax is a particularly complex and situational-dependant topic, so I will not make any attempt to explain it here.
LiabilityUnless you disclaim liability, you may be liable for problems caused directly or indirectly by you or your website. For example, if you allow users to get downloads into your database without having them screened for viruses, it is possible someone could try and hold you legally accountable if they were infected by a virus from software from your download database, unless you made it explicit that you disclaim responsibility for this.
Please note that it is not usually possible to disclaim liability for everything that might affect you.
Illegal contentAs you need to avoid liability (unless you want it) for damage to 'persons', you also need to avoid getting into a position where you are held legally liable for the hosting of illegal content.
It is unlikely you can fully disclaim responsibility for content on your site: although many 'warez' and 'file sharing' websites (perhaps, laughably) claim a defence like this, it is very shaky legal ground, and you should not let yourself get into such a position.
Perhaps the best way to tackle this problem is a three-pronged approach:
- Perform cursory checks to make sure submitted data is not illegal
- Add member rules that prohibit uploading of illegal content
- Disclaim liability for such content (whilst this would likely not work if your website became littered with illegal content, it is perhaps more defensible for exceptions)
You may wish to add to your legal page that you disclaim liability for mis-use of registered trademarks, and that they remain the property of their respective owners.
Discussion of illegal activitiesThe advice for illegal content generally applies to the discussion of illegal activities also. There is, however, a fine line between discussing the merits of illegal activity and the incitement of it: this is very likely to be an issue on any active community, and you will need to consider how you will deal with it.
Computer mis-useIt is likely that you will suffer attempts to hack into your website by malicious users and 'bots' which automatically probe websites for vulnerabilities. Fortunately ocPortal is extremely sophisticated when it comes to 'hack attack' detection, and will block and log attempts. ocPortal provides a two-layer security approach: it is engineered to use secure practices, and pro-actively detects when it's interfaces are being abused, just in-case we have missed a vulnerability.
However, even with all this, there are one hundred thousand (at the time of writing) lines of code to potentially contain vulnerabilities. You therefore should keep backup's, and if you run a high profile website, know how to attempt to track down miscreants and subject them to legal action.
If a vulnerability is found, ocProducts would like to know about it, and will deal with it promptly and responsibly for the sake of all our users.
It is also possible that miscreants will attempt to use your website as a vehicle for mischief directed at others. There are not many ways to do this, and we know of no ways to cause serious abuses, but you should keep it in mind that it may be possible, and consider adding a disclaimer into your legal page for it.
SocialThe sub-sections of this section briefly cover the main social issues you are likely to need to consider. By running a website with community features, such as a forum, or chat-rooms, you are in essence making yourself or your team, community leaders, and therefore you hold the responsibilities that come with this.
Offensive content and moderationIt is unfortunate but inevitable that in most social climates, people will have strongly opposing views about what is appropriate behaviour. I have personal experience moderating forums, and know people may be explosively passionate about their views, and highly accusative of those who do not carry them.
Most opposing views are political in some sense, and usually related to the divide between traditionalism/conservatism and liberalism.
You need to make three main decisions:
- Are you going to reach a balance between extremes (if so, make some decisions on where the balance lies), or moderate against your-own or someone-elses personal/corporate views?
- Are you going to define a level of what is 'appropriate' for your community, not based on personal view, but merely what you think your community should be allowed to discuss?
- Are you going to limit discussion of topics related purely on relevance to a central topic?
When it comes to moderation, the words 'freedom' and 'offensive' very often get carried around:
- if you moderate someone, it is likely they will accuse you of 'removing their freedom' (even though your website is not public property)
- if you allow someone to be offensive to others, they will likely accuse you of building a website that is a vehicle to propaganda or an agenda they disagree with
Children and young teenagersThere is a US law, COPPA (Children's Online Privacy Protection Act), that you need to comply with if your (US) website targets children under 13 for membership, or if you know that members of your website are under 13. More information on this law is available here from the COPPA website (see 'see also').
If COPPA support is configured in OCF , then when visitors try to join they will be added as non-validated if they are too young, with a notice to send in a COPPA form to you via mail or fax.
Young members (or even older members) are often nieve, as they have less experience of the world and often have lived relatively sheltered lives. Therefore you should actively protect these members from:
- inappropriate exposure of materials by other members (such as pornography or other sexual content)
Freedom of discussion vs "off-topic"You should make a decision upon this:
- is it necessary to stick to discussing certain topics in certain places?
- or, should members be free to discuss whatever they wish anywhere?
- Or, will there be a compromise depending on circumstance and location
DiscriminationYou may wish to consider anti-discrimination clauses in your rules, possibly citing what you areas consider to be discriminatory (such as gender, race, appearance and sexuality).
AbuseYou may wish to make rules and policies regarding abuse between members.
DepressionAs a community-leader, you may become aware that certain members of your community have a high level of depression. It is actually very likely, in a high member community, you might actually come across suicidal or masochistic indicating behaviour.
Think carefully about how to deal with depressed members: do not harass them (such as immediately contacting an authority about them when they say they had a bad day), but do not be blind to their problems, because you might be one of the only people in a position to help, or ask for help on their behalf.
Handling feedbackYou should develop a policy about how you handle feedback. This is of particular importance to commercial entities:
- will you leave negative feedback visible and possibly have negative views on your very own website?
- will you moderate negative feedback and be accused of suppressing the truth?
- will you consciously make sure there is no publicly visible outlet for negative feedback on the site, and remove any that is found for being 'off-topic'?