Guest Post: Top 10 Website Liability Issues for Nonprofits (Part 2)

By Deborah Shinbein
Deborah Howitt Shinbein, LLC

This article is the second in a series describing potential liability pitfalls for websites owned or operated by nonprofits.  Click here to see part 1, covering website terms of use, privacy policies, copyright infringement, user registration, and full disclosure failures.  Please consult with an experienced Internet law attorney to evaluate the unique liability issues for your website, as this article only provides a brief overview, and should not be deemed legal advice.

6.    User-Generated Content. When a site enables users to post comments, photos, or other content on the site, it is possible that the user will post something violating a third party’s copyright, publicity or privacy rights, or content that is defamatory (a false statement of fact about a third party tending to harm that party’s reputation).  Fortunately, if a site is merely a platform enabling users to post content (without giving specific instructions to post something defamatory, infringing, etc.), certain “safe harbors” may protect the site from liability.  The Digital Millennium Copyright Act (“DMCA”) protects service providers from liability for infringing third party content posted on the site, as long as the site follows the procedures described here, including:

  • Register a designated agent to receive infringement notifications, using the form at the link above;
  • If you receive a DMCA “take down notice,” remove the infringing content promptly and follow applicable notification requirements; and
  • Follow other requirements of the DMCA such as terminating repeat infringers.

For liability related to defamation, privacy/publicity, and other matters, Section 230 of the Communications Decency Act may provide immunity from liability as long as the site did not specifically request the posting of defamatory or illegal content.   Be sure your site’s policies and features are set up to take advantages of these important safe harbors.

7.    Domain Names. Choosing a domain name can be tricky because the same domain registry is used by businesses in all industries.  This is different than trademark registration, as the United States Patent and Trademark Office prevents entities from registering confusingly similar marks for similar goods or services. When choosing a domain name, you should do a search on the USPTO site and via search engines, to see if the domain name may potentially conflict with a third party’s trademark or domain name.  You may want to consider adding another word to the domain name to differentiate it from other domains in order to avoid potential conflicts or liability.  If a third party has registered a domain in a bad faith attempt to divert another site’s traffic, the injured party can bring a proceeding under the Uniform Domain-Name Dispute Resolution Policy (“UDRP”). The party bringing the UDRP action typically must prove that the domain name was registered in bad faith with knowledge that it could cause confusion with the complainant’s mark.  The UDRP is faster and less expensive than litigation, and the victor will receive the domain name registration, but monetary damages are not awarded.

8.    International Users. If your site attracts users from other countries, you should be mindful of the different laws applicable to users in those countries.  Sites collecting and/or transferring personal information from international users must comply with data privacy laws and regulations, which may vary depending on the country from which the user/data originates and how the data is collected and used. Laws regarding contract formation and financial transactions vary among countries as well.  You may attempt to structure your site and its terms/policies to ensure that international users are agreeing to be governed by U.S. laws, but other steps may still need to be implemented depending on the nature of the site, particularly with regard to data collection and transfers.

9.    Data Security. Security breaches can cause public relations disasters, in addition to loss of donors and volunteers if your organization is viewed as untrustworthy.  Your site should take industry standard security precautions as necessary based on the nature of the data collected and other functionality on your site.  For example, sites collecting online donations via credit card will obviously need more substantial security than a site merely offering information on the entity.  Depending on your site and the nature of your business, you may need to consider the use of firewalls, data encryption, Payment Card Industry Data Security Standards (if you collect payments via credit cards), and other available security measures.  In addition, you will need to ensure compliance with differing state laws regarding encryption of personal data and security breach notification.  Your site may also be subject to industry-specific data security requirements, which can also vary depending on the nature of data collected, so be sure this complex area of law is evaluated based on your entity’s unique circumstances.

10.    Contract Formation. Be sure that your site is structured so that your users can clearly find and agree to your site’s terms and policies.  Recent cases have found that in certain circumstances, when sites have failed to obtain affirmative consent from their users to the site’s Terms of Use (or when the Terms are difficult to find), the users were deemed not to have agreed to the Terms.  This left the sites without any contract by which to govern disputes with their users.  A recent lawsuit involving Zappos invalidated their entire Terms of Use because a court found that it was not fair to require the users to be subject to the mandatory arbitration provision when the users had likely never reviewed the Terms of Use, as the link was difficult to find (a similar case was recently decided against Barnes  Noble, proving that even the major sites get this wrong at times).  Both situations however, involved circumstances where the users were clicking to complete a transaction on the site, and it would have been easy (and advisable) for the site to include a checkbox or other procedure by which the users would have affirmatively agreed to the Terms of Use during the transaction.  Accordingly, if a site is accepting donations online or selling any materials or products online, it should ensure that the user gives affirmative consent to its terms during the checkout process or otherwise.

This concludes our current “top 10” list.  However, there are numerous other potential traps, which can vary depending on the nature of the site and its products or services.  Be sure to consult an attorney and update your site’s terms, policies, and practices as needed based on changes to your site and practices over time.  In addition, this area of law tends to evolve rapidly, so you should have your site reviewed every few years to evaluate necessary revisions.

Deborah Shinbein has been helping clients with Internet, technology and media law matters for over 15 years. She held legal positions at The Walt Disney Company and, as well as at major law firms, before recently forming her own Denver, CO based law firm.  She has no affiliation with Schauble Law Group LLC. Feel free to send questions to or visit   

See Our Services