After incorporation, one of the first "legal projects" for any start-up is crafting its terms of use and privacy policy. Recent high-profile news items dealing with online policy mistakes have made entrepreneurs nervous about this process. Avoiding these four blunders can help prevent a what could be both a legal and a public-relations nightmare. 

Mistake 1: Choosing Style Over Substance

Yes, contracts are boring and Web pages jammed with legalese violate every notion of community and simplicity that you've been working long hours to build. Why not go with a lightweight terms of use and privacy policy that touches on the big-picture issues without offending user sensibilities? Bad idea. You craft online policies to protect your company. These policies will fail to provide adequate cover if they are ambiguous, sloppy, or filled with loopholes. Terms of use can't be reduced to a small infographic and still properly address user conduct. A privacy policy can't be boiled down to two sentences and fully disclose how you handle data.

This does not mean that your policies should be long-winded and hard to read. Clarity should be your goal. You just need, at a minimum, to keep two core tenants in mind: 

  • First, your terms of use should thoroughly outline how your site, app, or service operates, what user conduct is prohibited, and how you can terminate user accounts for violating conduct restrictions.
  • Second, your privacy policy should thoroughly describe each and every way in which you'll be handling user data. 

You shouldn't be afraid to let inject your start-up's voice into your online policies—but don't let style trump substance.

Mistake 2: You Don't Ask Your Lawyer to Review the Policies

The two core tenets mentioned above are the general "rules of thumb," but there are going to be many other, more subtle issues relating to you business model that need to be addressed in your online policies. This is where your lawyer comes in. I am not telling you to recreate the wheel. It is OK to model your policies after those that have worked in the marketplace—but you should take the time to carefully tailor the policy content to your business.

You also need to be sure that you are following industry best practices. Any good start-up lawyer has an internal checklist of the "must-haves" for online policies—and she monitors the market to keep that checklist current. Company counsel can also help you stay mindful of policy provisions that are more likely to be affected through the corporate lifecycle, like those relating law enforcement inquires and acquisitions of the company.

Finally, your counsel can also help you deal with nuances of changing law. For instance, she can help you make appropriate updates that are legally enforceable and comply properly with specific legal parameters, such as the Children's Online Privacy Protection Act and the European Union Data Protection Directive. 

Mistake 3: You Never Update the Policies

Online policies are dynamic documents. You simply cannot draft them once and then forget them. There are too many moving pieces: the legal landscape, your business model, and the demands or identity of your user base. Check in with your counsel periodically (at least once a year), as well in connection with any product or business model changes, to see if your policies need an update. Keeping your terms of use and privacy policy current can go a long way in keeping the company protected.

Mistake 4: You Don't Have an Effective Response System in Place

As I am fond of point out, legal documents don't solve problems by themselves. Creating the perfect set of online policies is meaningless if your users can't reach you to discuss or enforce them. In fact, user disputes and public-relations headaches are often a result of the inaction of the company in handling inbound requests for attention. I once worked with a client who let user emails over inappropriate content, disputes and privacy issues pile up for months at a time. The results? A frivolous lawsuit that took countless hours and tens of thousands of dollars to settle, and left many unhappy users and negative vibe throughout the blogosphere. That company now has a 24-hour response procedure in place. Don't insist on learning this lesson the hard way!