General Practice, Solo & Small Firm DivisionMagazine
4 Checklist: Moving Into Business Commerce
The following is a checklist of questions to ask business clients as they begin their movement to electronic commerce; or to ask yourself as your law firm develops its own Internet strategies.
A. Computer and e-mail security
1.Who can access computer system?
a. Who can access Intranet and Internet e-mail?
b. Who can access Internet connection?
c. Who can access confidential data/files?
d. Who can delete or edit files?
2. Authorized access
a. How are Intranet and Internet e-mail accessed?
b. How is the Internet accessed?
c. Are confidential files kept separate from non-
confidential files? How?
d. Is the integrity of your files safeguarded (i.e., are some
files read-only, while others are editable or deletable)?
a. Of Intranet and Internet e-mail?
b. Of time spent on the Internet, and how the
time is used?
c. Of who accesses confidential files, when, and why?
d. Of who edits or deletes files, when, and why?
4. Unauthorized access. Can an unauthorized
person access your system:
a. While authorized users are away from their desks?
b. If an authorized user provides access information
to an unauthorized user?
c. Through "hacking," utilizing a correct password?
d. Through "hacking" into e-mail while it is being sent?
5. What data back-up and disaster recovery
procedures do you have in place?
6. What computer virus precaution and eradication
procedures do you have in place?
7. For e-mail messages sent and received, do you have
procedures to ensure:
a. Authentication (ascertaining the identities of
the parties to the message)?
b. Confidentiality (is the message accessible only to
c. Integrity (has the message been tampered with in
transit, is it the message the sender intended)?
d. Nonrepudiation (do markers exist that tie the
identity of the sending party to the substance of
the message at a certain point in time; is the
evidence strong enough to prevent parties from
later denying that they sent the message)?
8. What training do you give your employees
regarding the computer security procedures?
9. What procedures do you have in place for dealing
with terminated employees’ computer access?
B. Facsimile Security
1. Where are fax machines located?
2. Who has access to the machine(s)?
3. Does the company have a procedure for
wrongfully received faxes?
4. Does the company have a procedure for sending
and receiving a confidential fax?
5. How do you deal with signatures on important
documents sent via facsimile?
6. How and where do you store faxed documents?
C. Voice Mail Security
1. Who has access to the voice mail system?
2. Who can delete messages from the system?
3. How are confidential messages handled?
II. Intellectual Property Rights
1. What procedures do you have in place to
protect original work product?
2. Who owns the information you put on
your company website?
3. Who owns the product your employees produce
while working for you?
4. Do you have agreements or registrations to
prove ownership as described in points 2 and 3?
B. Trademarks and Servicemarks
1. Do you have tradename/trademark/servicemark
1. Do you have patent protections?
D. Trade Secrets
1. Do you have trade secret protections?
A. Copyright, Trademark, and Trade Secret Infringement
1. What rights do you have to information and
links included on your website?
2. What rights do you have to link to other
3. How many licenses for software do you own,
and how many do you use?
4. Do you have procedures in place to protect
your business from liability for an employee’s
copyright infringement or misappropriation of
trade secrets or trademark of another?
5. Do you have procedures in place to protect your
business from copyright, trademark, or trade
secret infringement via your website?
6. If your business does not own material used on your
website, what licenses have you been given to use the
information? Do the licenses specify use on the website,
or were they given for a different purpose?
B. Additional Infringements
1. Right of Publicity (image or sound of person used
to capitalize on reputation or imply endorsement):
Do you have procedures in place to address
company or employee infringement upon
someone’s right of publicity?
2. Right of Privacy (publication of protected data about a
person, placing person in false light, misappropriation
for commercial purposes, disclosure of embarrassing
private facts, or other intrusion upon the person’s
solitude): Do you have procedures in place to address
infringements of right of privacy?
3. Deceptive Trade Practice (violation of Antitrust
laws): Do you have procedures in place to
address deceptive trade practices?
4. Defamation (libel and slander of a person): Do you
have procedures in place to address defamation
charges against your company or an employee?
5. False Advertising (false or misleading statements
about your own or others’ products, services, or
commercial activities): Do you have procedures in
place to address false advertising on your website?
C. Other Areas of Potential Liability
1. Employee publication of obscene or indecent mat-
erial via the website or e-mail: Do you have proce-
dures in place to address such material being dis-
seminated via your company’s Internet connections?
2. Which online payment methods does your
3. Have you taken precautions to ensure that
employees do not enter into online contracts
without authority to do so?
4. Do you include disclaimers of liability on your website?
IV. International Law Issues: Have you taken
precautions to address international law
issues potentiated by your use of the Internet?
1. In agreements, do you specify which state or
country will have jurisdiction over the matter?
B. Choice of law
1. Do agreements specify which country’s laws
shall apply to the agreement?
2. Do agreements specify which country’s laws
shall apply to the resolution of any dispute?
C. Alternative Dispute Resolution
1. Have you provided for alternative dispute resolu-
tion techniques such as mediation or arbitration?
2. If so, have you chosen an arbitrator/mediator or
determined how one should be picked?
3. Have you determined where the arbitration/
mediation will be held?
4. Have you determined whose laws will apply to