Make sure your corporate Web site is lawsuit-proof

Managing your corporation's Web site has gotten more complicated, thanks to a recent lawsuit from Planned Parenthood. Last month, a U.S. district court in Oregon ruled that a Web site run by an antiabortion group can't list the names of doctors who perform abortions. These lists included the following legend: "black font = working; grayed-out name = wounded; and strikethrough = fatality." (For example, the name of Dr. Barnett Slepian, murdered last year in his home outside of Buffalo, N.Y., had a strike through it.) In addition, the antiabortion group has been ordered to pay Planned Parenthood millions of dollars in damages.

The First Amendment to the Constitution guarantees freedom of speech. In the past, threats to individuals have been excluded from this protection, rightly so in my opinion. No one should be allowed to shout "fire" in a crowded theater. But we get into trouble when we try to extend this analogy to the World Wide Web.

The Oregon ruling indicates that naming an individual on a hate site constitutes a threat, and others seem to agree. Pennsylvania Attorney General Mike Fisher has said, "Free speech does not give you the right to threaten to kill someone, whether it be through the mail, in person or on the Internet." Fisher has his own lawsuit, still undecided at this writing, against another hate group publishing threats on the Web.

Both the Oregon and Pennsylvania cases spell trouble for corporate Webmasters. Here's why.

Most corporations have more than one individual posting information to their Web site. Few have any formal policy to educate these Internet authors as to what is and isn't appropriate information to distribute. And it's getting stickier to determine what is and isn't appropriate.

For example, several years ago a Webmaster was fired because he included at the bottom of the corporate Web page a link to his personal site. The entire link consisted of a single period at the end of a sentence - you had to look really hard to find the tiny blue line underneath that period.

But by and large, the vast majority of corporate Web sites are thankfully far from the Sturm und Drang of most hate sites. Your corporation probably doesn't incite people to take the law into their own hands, call for anyone to be brought to justice or post the home addresses of people it considers bad guys. That's great, but you need to take further steps if you want to avoid nasty legal battles down the road. Here are some suggestions.

Remind your Web staff that anything they post can and will be held against your company legally. So make sure anyone who is allowed to post information to your site understands what's harmful and what's not. I am not saying that every line of HTML needs a legal review, but just a few common-sense policies should help.

Have an explicit policy stating what type of information is and isn't permitted on your site. Make sure you are clear about how personal information can be displayed and what external sites you intend to link to.

Establish and maintain a regular schedule for updating pages to make it easier for management to review the changes.

Ensure you have tight control over who is allowed to update your site.

When I first heard about the Oregon ruling, I was initially elated to see those responsible punished for distributing hate speech. My elation turned into concern the more I thought about this case. As much as I detest hate sites, I think this ruling has dire implications down the road for corporate Webmasters, even if content is considered quite bland. It increases the chances that someone will sue you over information on your Web site, and that is nasty business indeed.

Strom is the founding editor in chief of Network Computing and co-author of the book Internet Messaging (Prentice Hall, 1998), and publishes his Web Informant essays at www.strom.com. He can be reached at (516) 944-3407 or david@strom.com.