Moving Toward Internet Compliance

Web Site Conception

In this stage of the process the organization has initiated the potential development of a website to meet a business need. A business case is developed to define the site objectives, the site’s target audience and the site’s intended function.

A site owner should also be identified and metrics established to measure the success of the site. The site owner should also identify the potential site developer(s) and the potential site host(s).

Once a business case and a decision is made to move forward with the site, the owner is responsible for registering the domain name through the proper channels within the organization.

He or she is also responsible for providing the site developer and host with the compliance policies, guidelines and procedures established to develop a compliant Internet website.

Access & Apply Policies

Domain name registration should adhere to an established corporate policy and procedure. In this stage of the process the internet compliance owner registers the domain names(s) following the established procedures.

Copyright and protection of site images must be reviewed to insure the website design will comply with their use. Legal notice(s), company name and logo use policies should also be reviewed to ensure they are properly incorporated on the site.

Corporate product and service trademark polices must be addressed to ensure appropriate use. A statement of responsibility to clearly identify the legal site owner is used when applicable.

Privacy and personally identifiable information (PII) must also be addressed in this stage of website development. There are several forms of sensitive information that may be collected or distributed via an Internet site. PII (via Email), information from children under the age of 13, employee ID information, etc. Financial transactions and medical information are good examples of sensitive information.

Email communications should be reviewed and approved in accordance with local and, if applicable, regional content review procedures including legal departments for all countries involved.

Linking and framing polices guiding the linking to acceptable sites must be applied to the new website. The use of framing technology to third party websites, linking disclaimers and links to blogs must also be reviewed in this stage of the process.

Any potentially patentable inventions or ideas described on or collected by the website must be reviewed by a local operating company patent attorney. Web content designers must also ensure that all product-related content is compliant with any applicable product registration requirements, promotional and advertising requirements set by the locale’s ministry.

A geographic disclaimer template may be required to ensure that the site is targeted to a country or countries where all content, including product information, applies.

The website developer and host must also confirm they are meeting information asset protection requirements. They must:

  • ensure secure firewalls and data storage comply with corporate information asset protection policies.
  • Ensure e-commerce interactions and connections are protected to assure confidentiality and integrity of all customer and vendor information.
  • Ensure the corporate information categorized as proprietary or confidential is protected.
  • Ensure that sites use personal identification numbers and/or passwords to secure information when applicable.
  • Resolve Design, Content & Technical Issues

    A company’s image must not be compromised. The credo principles a company has established and adheres to must not be violated due to content on websites. This applies to textual content, all other forms of static images, video and audio content and the presentation of content in context to other content.

    A website review with consideration to its content should address key questions. Does the website:

  • contain sensitive information?
  • contain or address medical advice or consultation?
  • process e-commerce or information transactions or contain pricing information?
  • contain information or transactions regulated by healthcare compliance requirements?
  • advertise product and/or services?
  • identify company employees?
  • Sensitive information, medical advice or consultation must be reviewed by the company’s copy clearance team. In general medical advice should not be given to consumers over the Net.

    Web content must also be reviewed to determine if the site contains information that must meet corporate healthcare compliance requirements.

    You may also consider:

  • false claims.
  • Food and Drug Administration advertising rules.
  • state professional practice laws.
  • industry standards.