Mistake 1: Choosing Style Over Substance
This does not mean that your policies should be long-winded and hard to read. Clarity should be your goal. You just need, at a minimum, to keep two core tenants in mind:
You shouldn't be afraid to let inject your start-up's voice into your online policies—but don't let style trump substance.
Mistake 2: You Don't Ask Your Lawyer to Review the Policies
The two core tenets mentioned above are the general "rules of thumb," but there are going to be many other, more subtle issues relating to you business model that need to be addressed in your online policies. This is where your lawyer comes in. I am not telling you to recreate the wheel. It is OK to model your policies after those that have worked in the marketplace—but you should take the time to carefully tailor the policy content to your business.
You also need to be sure that you are following industry best practices. Any good start-up lawyer has an internal checklist of the "must-haves" for online policies—and she monitors the market to keep that checklist current. Company counsel can also help you stay mindful of policy provisions that are more likely to be affected through the corporate lifecycle, like those relating law enforcement inquires and acquisitions of the company.
Finally, your counsel can also help you deal with nuances of changing law. For instance, she can help you make appropriate updates that are legally enforceable and comply properly with specific legal parameters, such as the Children's Online Privacy Protection Act and the European Union Data Protection Directive.
Mistake 3: You Never Update the Policies
Mistake 4: You Don't Have an Effective Response System in Place
As I am fond of point out, legal documents don't solve problems by themselves. Creating the perfect set of online policies is meaningless if your users can't reach you to discuss or enforce them. In fact, user disputes and public-relations headaches are often a result of the inaction of the company in handling inbound requests for attention. I once worked with a client who let user emails over inappropriate content, disputes and privacy issues pile up for months at a time. The results? A frivolous lawsuit that took countless hours and tens of thousands of dollars to settle, and left many unhappy users and negative vibe throughout the blogosphere. That company now has a 24-hour response procedure in place. Don't insist on learning this lesson the hard way!