creating-website-terms-conditions.jpgOn a scale of one to 10 -- with 10 being excruciatingly boring -- I'd rank website terms and conditions of use agreements as maybe a twenty. Dry as dust. The only thing less spellbinding than T&Cs might be the privacy policies that often accompany such gray type.

Why do companies insist on including them on their sites? After all, website owners aren't even required to create or publish these contractual agreements between the site owner and the end user.

Same goes for privacy policies, says Cynthia J. Larose, Esq., an attorney with the 500-member law firm of Mintz Levin Cohn Ferris Glovsky and Popeo PC, with offices throughout the United States and London.

If the website doesn't collect any personal information from its users, there's no need for a privacy policy, says Larose, who represents companies in information, communications and technology, including e-commerce and other electronic transactions.

She says only California requires a privacy policy under most circumstances. That law, called the California Online Privacy Protection Act of 2003, requires companies operating a commercial website to post a conspicuous privacy policy and disclose personal information that they share with third parties.

"In addition, if your website collects information from, or is targeted to users in other countries, the laws of those countries may apply and may present compliance challenges," Larose says. "And if a website collects certain types of information (financial, health), there may be federal laws that require that the information be protected, and site owners would generally want to disclose to the user how the site is in compliance with those laws."

Why then, if these dull documents are rarely required, is there a need to go to all the trouble of composing them and slapping them on your website? Larose says terms of use are advisable if you want to "enforce" contractual arrangements with end users, such as copyright and trademark, licenses, etc.

"Privacy policies are advisable if you collect and use personally identifiable information (pii)," she says, adding that in the U.S., the only restriction on collection and use of pii is that you accurately disclose what use you will make of the pii and how that pii will be shared, sold or licensed to unrelated third parties (such as list brokering).

And if you're contemplating adding T&C documents to your site, Larose suggests they be readable by the end user. "Terms and conditions that are difficult to read and navigate, [that] are lengthy and full of 'legalese,' are not helpful," she says. "Remember, the end user is reading this on a computer screen."

She says that if your website is more than static (for example, if the user is installing code or software and you need to enforce a license), there should be a "clickwrap agreement" and the user should be presented with the option to print out the agreement.  If you use headings, you should provide the user with an index and jump links.

In the case of a privacy policy, Larose suggests that the document state clearly what you collect, how it will be used and who else will see or use the information.

"If the information is to be shared, provide clear information as to how or whether the user will be able to opt out of sharing," she says. "Provide headings with jump links to pertinent information. Keep the policy current and update it frequently as the business model changes."

If you've decided that your website definitely needs T&Cs and/or a privacy policy, what you don't want to do is copy or repurpose another website's policies and make them your own.

"What most people don't realize is that website content is covered by copyright law, including terms & conditions and privacy policies," Larose says. "In addition, the operation of each site is different and the FTC has held companies to the 'promises' they make to consumers in their privacy policies.

"If your company is not equipped to comply with the Amazon privacy policy, for example, why then would you want to copy it," Larose asks? "And if your website doesn't not allow users to post to community sites, why would you copy the terms from a site that does?"

Publishing poorly worded or ill-advised conditions and policies could result in the documents being tossed out of court in the event you need to enforce terms of sale against a consumer. "Companies have been investigated by the Federal Trade Commission and have had to pay fines and penalties for misleading privacy policies," she says, citing Sony, BMG, Iconix Brand Group, Dave & Buster's and BJ's Wholesale as examples.

So where does an entrepreneur with a website go to learn more about creating online conditions and policies? Larose suggests you find an attorney who has experience with online policies and how they work and interact. "You need someone who is not learning on your dime," she says. "Someone who can easily and cost-effectively walk you through the issues and spot the traps."

They may not be able to take the dull out of such documentation, but your site -- and your butt -- will be covered.