General Practice, Solo & Small Firm DivisionMagazine4 Checklist: Moving Into Business CommerceThe following is a checklist of questions to ask business clients as they begin their movement to electronic commerce; or to ask yourself as your law firm develops its own Internet strategies.I. SecurityA. Computer and e-mail security1.Who can access computer system?a. Who can access Intranet and Internet e-mail?b. Who can access Internet connection?c. Who can access confidential data/files?d. Who can delete or edit files?2. Authorized accessa. How are Intranet and Internet e-mail accessed?b. How is the Internet accessed?c. Are confidential files kept separate from non-confidential files? How?d. Is the integrity of your files safeguarded (i.e., are somefiles read-only, while others are editable or deletable)?3. Record-keepinga. Of Intranet and Internet e-mail?b. Of time spent on the Internet, and how thetime is used?c. Of who accesses confidential files, when, and why?d. Of who edits or deletes files, when, and why?4. Unauthorized access. Can an unauthorizedperson access your system:a. While authorized users are away from their desks?b. If an authorized user provides access informationto an unauthorized user?c. Through "hacking," utilizing a correct password?d. Through "hacking" into e-mail while it is being sent?5. What data back-up and disaster recoveryprocedures do you have in place?6. What computer virus precaution and eradicationprocedures do you have in place?7. For e-mail messages sent and received, do you haveprocedures to ensure:a. Authentication (ascertaining the identities ofthe parties to the message)?b. Confidentiality (is the message accessible only toauthorized parties)?c. Integrity (has the message been tampered with intransit, is it the message the sender intended)?d. Nonrepudiation (do markers exist that tie theidentity of the sending party to the substance ofthe message at a certain point in time; is theevidence strong enough to prevent parties fromlater denying that they sent the message)?8. What training do you give your employeesregarding the computer security procedures?9. What procedures do you have in place for dealingwith terminated employees’ computer access?B. Facsimile Security1. Where are fax machines located?2. Who has access to the machine(s)?3. Does the company have a procedure forwrongfully received faxes?4. Does the company have a procedure for sendingand receiving a confidential fax?5. How do you deal with signatures on importantdocuments sent via facsimile?6. How and where do you store faxed documents?C. Voice Mail Security1. Who has access to the voice mail system?2. Who can delete messages from the system?3. How are confidential messages handled?II. Intellectual Property RightsA. Copyrights1. What procedures do you have in place toprotect original work product?2. Who owns the information you put onyour company website?3. Who owns the product your employees producewhile working for you?4. Do you have agreements or registrations toprove ownership as described in points 2 and 3?B. Trademarks and Servicemarks1. Do you have tradename/trademark/servicemarkprotection?C. Patents1. Do you have patent protections?D. Trade Secrets1. Do you have trade secret protections?III. LiabilityA. Copyright, Trademark, and Trade Secret Infringement1. What rights do you have to information andlinks included on your website?2. What rights do you have to link to otherpeople’s websites?3. How many licenses for software do you own,and how many do you use?4. Do you have procedures in place to protectyour business from liability for an employee’scopyright infringement or misappropriation oftrade secrets or trademark of another?5. Do you have procedures in place to protect yourbusiness from copyright, trademark, or tradesecret infringement via your website?6. If your business does not own material used on yourwebsite, what licenses have you been given to use theinformation? Do the licenses specify use on the website,or were they given for a different purpose?B. Additional Infringements1. Right of Publicity (image or sound of person usedto capitalize on reputation or imply endorsement):Do you have procedures in place to addresscompany or employee infringement uponsomeone’s right of publicity?2. Right of Privacy (publication of protected data about aperson, placing person in false light, misappropriationfor commercial purposes, disclosure of embarrassingprivate facts, or other intrusion upon the person’ssolitude): Do you have procedures in place to addressinfringements of right of privacy?3. Deceptive Trade Practice (violation of Antitrustlaws): Do you have procedures in place toaddress deceptive trade practices?4. Defamation (libel and slander of a person): Do youhave procedures in place to address defamationcharges against your company or an employee?5. False Advertising (false or misleading statementsabout your own or others’ products, services, orcommercial activities): Do you have procedures inplace to address false advertising on your website?C. Other Areas of Potential Liability1. Employee publication of obscene or indecent mat-erial via the website or e-mail: Do you have proce-dures in place to address such material being dis-seminated via your company’s Internet connections?2. Which online payment methods does yourcompany accept?3. Have you taken precautions to ensure thatemployees do not enter into online contractswithout authority to do so?4. Do you include disclaimers of liability on your website?IV. International Law Issues: Have you takenprecautions to address international lawissues potentiated by your use of the Internet?A. Jurisdiction1. In agreements, do you specify which state orcountry will have jurisdiction over the matter?B. Choice of law1. Do agreements specify which country’s lawsshall apply to the agreement?2. Do agreements specify which country’s lawsshall apply to the resolution of any dispute?C. Alternative Dispute Resolution1. Have you provided for alternative dispute resolu-tion techniques such as mediation or arbitration?2. If so, have you chosen an arbitrator/mediator ordetermined how one should be picked?3. Have you determined where the arbitration/mediation will be held?4. Have you determined whose laws will apply tothe proceeding?