General Practice, Solo & Small Firm DivisionMagazine

4 Checklist: Moving Into Business Commerce

The following is a checklist of questions to ask business clients as they begin their movement to electronic commerce; or to ask yourself as your law firm develops its own Internet strategies.

I. Security

A. Computer and e-mail security

1.Who can access computer system?

a. Who can access Intranet and Internet e-mail?

b. Who can access Internet connection?

c. Who can access confidential data/files?

d. Who can delete or edit files?

2. Authorized access

a. How are Intranet and Internet e-mail accessed?

b. How is the Internet accessed?

c. Are confidential files kept separate from non-

confidential files? How?

d. Is the integrity of your files safeguarded (i.e., are some

files read-only, while others are editable or deletable)?

3. Record-keeping

a. Of Intranet and Internet e-mail?

b. Of time spent on the Internet, and how the

time is used?

c. Of who accesses confidential files, when, and why?

d. Of who edits or deletes files, when, and why?

4. Unauthorized access. Can an unauthorized

person access your system:

a. While authorized users are away from their desks?

b. If an authorized user provides access information

to an unauthorized user?

c. Through "hacking," utilizing a correct password?

d. Through "hacking" into e-mail while it is being sent?

5. What data back-up and disaster recovery

procedures do you have in place?

6. What computer virus precaution and eradication

procedures do you have in place?

7. For e-mail messages sent and received, do you have

procedures to ensure:

a. Authentication (ascertaining the identities of

the parties to the message)?

b. Confidentiality (is the message accessible only to

authorized parties)?

c. Integrity (has the message been tampered with in

transit, is it the message the sender intended)?

d. Nonrepudiation (do markers exist that tie the

identity of the sending party to the substance of

the message at a certain point in time; is the

evidence strong enough to prevent parties from

later denying that they sent the message)?

8. What training do you give your employees

regarding the computer security procedures?

9. What procedures do you have in place for dealing

with terminated employees’ computer access?

B. Facsimile Security

1. Where are fax machines located?

2. Who has access to the machine(s)?

3. Does the company have a procedure for

wrongfully received faxes?

4. Does the company have a procedure for sending

and receiving a confidential fax?

5. How do you deal with signatures on important

documents sent via facsimile?

6. How and where do you store faxed documents?

C. Voice Mail Security

1. Who has access to the voice mail system?

2. Who can delete messages from the system?

3. How are confidential messages handled?

II. Intellectual Property Rights

A. Copyrights

1. What procedures do you have in place to

protect original work product?

2. Who owns the information you put on

your company website?

3. Who owns the product your employees produce

while working for you?

4. Do you have agreements or registrations to

prove ownership as described in points 2 and 3?

B. Trademarks and Servicemarks

1. Do you have tradename/trademark/servicemark


C. Patents

1. Do you have patent protections?

D. Trade Secrets

1. Do you have trade secret protections?

III. Liability

A. Copyright, Trademark, and Trade Secret Infringement

1. What rights do you have to information and

links included on your website?

2. What rights do you have to link to other

people’s websites?

3. How many licenses for software do you own,

and how many do you use?

4. Do you have procedures in place to protect

your business from liability for an employee’s

copyright infringement or misappropriation of

trade secrets or trademark of another?

5. Do you have procedures in place to protect your

business from copyright, trademark, or trade

secret infringement via your website?

6. If your business does not own material used on your

website, what licenses have you been given to use the

information? Do the licenses specify use on the website,

or were they given for a different purpose?

B. Additional Infringements

1. Right of Publicity (image or sound of person used

to capitalize on reputation or imply endorsement):

Do you have procedures in place to address

company or employee infringement upon

someone’s right of publicity?

2. Right of Privacy (publication of protected data about a

person, placing person in false light, misappropriation

for commercial purposes, disclosure of embarrassing

private facts, or other intrusion upon the person’s

solitude): Do you have procedures in place to address

infringements of right of privacy?

3. Deceptive Trade Practice (violation of Antitrust

laws): Do you have procedures in place to

address deceptive trade practices?

4. Defamation (libel and slander of a person): Do you

have procedures in place to address defamation

charges against your company or an employee?

5. False Advertising (false or misleading statements

about your own or others’ products, services, or

commercial activities): Do you have procedures in

place to address false advertising on your website?

C. Other Areas of Potential Liability

1. Employee publication of obscene or indecent mat-

erial via the website or e-mail: Do you have proce-

dures in place to address such material being dis-

seminated via your company’s Internet connections?

2. Which online payment methods does your

company accept?

3. Have you taken precautions to ensure that

employees do not enter into online contracts

without authority to do so?

4. Do you include disclaimers of liability on your website?

IV. International Law Issues: Have you taken

precautions to address international law

issues potentiated by your use of the Internet?

A. Jurisdiction

1. In agreements, do you specify which state or

country will have jurisdiction over the matter?

B. Choice of law

1. Do agreements specify which country’s laws

shall apply to the agreement?

2. Do agreements specify which country’s laws

shall apply to the resolution of any dispute?

C. Alternative Dispute Resolution

1. Have you provided for alternative dispute resolu-

tion techniques such as mediation or arbitration?

2. If so, have you chosen an arbitrator/mediator or

determined how one should be picked?

3. Have you determined where the arbitration/

mediation will be held?

4. Have you determined whose laws will apply to

the proceeding?

Back to Top