Disclaimers: What They Do and Don’t Protect You From

Disclaimers: What They Do and Don’t Protect You From

Disclaimers: What They Do and Don’t Protect You From

Disclaimers: What they do and don’t protect you from 

As a business owner, it is likely that you run a website, blog or social media to help people find you, advertise and promote your products or services. It is the most effective way of attracting potential customers or clients in this digital age.

When someone visits your website, you are offering them information of some sort. Are you always 100% certain that all the information on there are accurate and up to date?

Even if your answer is yes, do you know how your customers or competitors are using or interpreting that information? The best you can do is hope they are using it the way you intended, but really it is out of your control.

This is why having a disclaimer is always a good idea. It can better protect you and your business.

What is a disclaimer?

Almost all websites have disclaimers. You must have seen one before. Sometimes disclaimers are hidden in terms of use, and sometimes they have their own individual link in the footer, and sometimes they appear in every footer, whether that is on a website or email.

A disclaimer is a notice that you display to protect you from potential legal issues; it is a statement that you are not responsible for something. To give you an example, here is Wikipedia’s no guarantee disclaimer:

Wikipedia cannot guarantee the validity of the information found here. The content of any given article may recently have been changed, vandalized or altered by someone whose opinion does not correspond with the state of knowledge in the relevant fields.”

 

So, why is it important to have a disclaimer?

Well, consider the case where someone claims that they have relied on your information and suffered loss as a result. Let’s look at an example.

A marketer promotes pre-sales of a real estate development through a website. (A common cause of claims in court.)

The website has some images that are ‘artist’s impressions’ of what the development will look like when it’s finished and might contain other information like a copy of a survey diagram. It might also contain a list of finishes to be included in the final development.

Survey diagrams are really things you should check with a surveyor, engineer or other professional, rather than take from a marketing brochure, but that might also depend on who is providing the brochure and what expertise they say they have.

The website should clearly caution the buyer that the artist’s impressions might not be true to the end result and that a buyer should make their own enquiries to verify information before they decide to buy; like checking the inclusions in the contract with the builder. If there are no clear statements, it is possible that a buyer could claim they were misled by the information on the website and would not have bought otherwise. Then if the property turns out being something they don’t want or doesn’t have the value they expected it to have, they sue the marketer to try and recover their losses.

You do not want to put yourself in a situation like this, where your business reputation could be damaged, and you could be found liable to pay legal costs to defend yourself and possibly someone else’s losses.

Some other common examples we see are:

  • people who have a lived experience with a physical condition or disease, but no formal medical training
  • people who have successfully built a business without any formal qualifications
  • people who have successfully overcome an adversity and again, don’t have any formal qualifications

Out of a genuine desire to help others and share the benefit of their experience, a person like this might establish a business around coaching or educating others on how they achieved what they did.

The thing is, not everything works for everybody consistently, and there is a risk if you put yourself in this kind of position that you will encounter a person your services don’t work for, and they say the relied completely on what you said. In that situation, a disclaimer might just help you avoid costly court proceedings.

And for something completely different…

Now consider a completely different situation where your website makes it possible for other people to post comments, reviews or advertisements. Forum sites and advice sites like Quora are like this.  All the information posted by third parties could mislead your customers, clients, or visitors of your website, and you could be the one exposed to liabilities because of their actions.

By having a clear and comprehensive disclaimer for your websites, and building behaviour and processes consistent with the terms of your disclaimer, you put yourself in the best possible position to:

  • protect your rights;
  • limit your liability; and
  • disclaim third party liability.

 

Do you need a disclaimer?

Yes, and no.

Being in business involves a certain level of risk and some types of business are riskier than others, and some types of business people are happy with more risk than others.

We need to look at your business, your background, your products and your customers to form an opinion on how important it is for you to use disclaimers.

Generally speaking, we will suggest you do use a disclaimer on your website.

This is because any member of the public that has internet access can see the content on your website, and you are responsible for all the content you put on there. Even if you are not making money from these websites (for example, you might be posting a blog simply for informational purposes), you must still take reasonable steps to ensure that visitors of your website will not be misled by any information you share.

However, if your business is fairly straight-forward and well understood, like a barber or hairdresser for example, you probably don’t need a disclaimer. Everyone knows what barbers and hairdressers do. The worst that can happen is probably a bad haircut, or a bad colour, or a clumsy shave. The risk to the business is the cost of the service, and maybe the cost of fixing the problem, or the customer having someone else fix the problem. The problem probably won’t cost the business more than $300. So, will a disclaimer make any difference? Probably not.

On the other hand, coaching can be a really interesting area where you as a coach should be careful about what you say you can do for someone, particularly when results are going to be dependent on how much effort and application your client invests in doing what you have advised them to do.  If you are offering a high-end coaching package with a purchase price over $10,000, we would recommend a disclaimer.

If you run a website or email list that provides information which is likely to be relied on by visitors  to your website, or subscribers on your email list, you are strongly encouraged to have a disclaimer in place. Particularly if you provide specialised information, in areas such as health, managing money or an industry that is regulated.

If your website provides specific steps in a process or a guide for people to follow, you could also increase your legal risk.

An example might be if you are an online fitness trainer and you post videos that step your clients through a workout. If someone who watches and follows your video injures themself, then you run the risk that they sue you for their injury. But if you have a disclaimer in place which covers your legal obligations and placing some responsibility for your clients behaviour back on to them, you give yourself a much higher chance of avoiding liability.

 

What kind of disclaimer do you need?

You may run different types of websites, and the type of disclaimers you need will vary.

  • Websites

What disclaimer you need depends on whether you use your website to sell products or services, or merely to publish information. If you use your website to sell a product, someone could get hurt when using your product. Whereas if you post information on your website, someone could misconstrue that information and suffer loss as a result.

You might need a ‘no responsibility’ disclaimer which states that you are not responsible for any damages people suffer as a result of using your products or services. Or you might need a ‘views expressed’ disclaimer to inform readers that the information is only your view or opinion and is not intended to be relied upon without advice specific to their circumstances. 

  • Blog

If you intend on giving information on your blog which you are not qualified to give, you need to have a disclaimer to explain the limits of your qualifications and to recommend that people seek professional advice relevant to their circumstances.

If you are not a health professional but provide information about a health conditions, you need to make it very clear that readers should not rely on your information without seeking their own independent medical advice. The same applies for other types of expert advice including financial or legal advice.

If you are merely passing on information, you should indicate that it is work of another and that you are not endorsing it by making it available on your website. 

  • Emails

You may need a disclaimer in your emails, depending on the type of business you run and how you use your email. 

For instance, if you email contains advice that you are not qualified to give, you should include a disclaimer to the effect that you are not an expert in that field, that you are only offering a suggestion and that readers who act on the information do so at their own risk.

A confidentiality disclaimer can also be beneficial if you are sending confidential information. The disclaimer should state that the recipient must not use, reproduce, copy or disclose this information other than for the purposes for which it was supplied. 

  • Social media (eg. Facebook, LinkedIn, Instagram)

Again, this will depend on your business and how you use social media.

One of the biggest risks with social media is that third parties can comment, post, or advertise on your page. A disclaimer to limit your liability for any actions or errors of third parties will be of assistance if you are also monitoring your social media pages and removing posts or qualifying posts and comments that could be misleading.

 

How do you write a disclaimer for your website?

It is not possible to have a disclaimer that could work for all types of businesses or websites. Each disclaimer is different depending on what you do and how you do it. Like we said earlier, we need to look at your business, your background, your products and your customers to form an opinion on how important it is for you to use disclaimers.

To help you decide what you should include in your disclaimer:

Step 1 – Think about what rights you want to protect

Step 2 – Think about what liabilities you might be exposed to

You need to identify the possible risks and scenarios that could expose you to legal liability.

Consider:

  • Warning your readers that your content is merely an opinion and not a fact
  • Alerting your readers to the potential mistakes and inaccuracies in the information
  • Informing your readers that you are not offering professional advice and your content is only informational, and that they should consult a professional before making any decisions
  • Disclaiming liability for any errors in the information that third parties post on your websites (together with a process for reviewing the accuracy of information shared, or making it clear that older posts might not be accurate.

 

When are you not protected by a disclaimer?

If your disclaimer contains terms that attempt to exclude a legal liability that cannot be excluded, your disclaimer will not shield you from liability. If it is contrary to law, it might be void, but if it is legally compliant, it might still limit your potential liability.

Most people get in trouble when they say or do things that are inconsistent with their disclaimer.

Always keep in mind that your disclaimer must be consistent with your behaviour and business processes and any representations that you make, whether on your website or through your conduct. If anything on your website or your conduct creates a different impression for your customer or client, your disclaimer will not protect you.

Your disclaimer also needs to be placed somewhere where it can easily be seen either by customers using your website or receiving your emails or communications in any other way. If your disclaimer is too hard to find or too small that is can be easily missed, it will not protect you.

Conventional website design will usually have a link to your disclaimer in the footer of your website.

 

 

do you still need insurance when you have a disclaimer?

Yes.

Even if you have a disclaimer in place, you should still hold adequate liability insurance to protect business activities. Having a disclaimer does not mean you are guaranteed to be protected from all liabilities. If a claim is brought against you, it is up to the courts to determine the effect of your disclaimer and to what extent your liability is limited. The more vague or confusing your disclaimer is, the more unlikely that it will protect you.

 

 

Want more information?

 A well-drafted, quality disclaimer can help you to effectively manage your customer or clients’ expectations and set the boundaries for your responsibility and liability.

Contact Onyx Legal so that we can work with you to identify the most appropriate form of disclaimer for your business and your customer base. 

Privacy Policy: Collecting and Managing Personal Information

Privacy Policy: Collecting and Managing Personal Information

Privacy Policy: Collecting and Managing Personal Information

Privacy Policy: Collecting and managing personal information

As a business owner, how many times a day do people give you their personal information? Do you think about protecting it, or do you just assume that the systems you have in place will do that? 

Or maybe you don’t think about it at all. 

Does a small business need a privacy policy?

You must comply with Australian privacy laws unless you run a small business with $3 million or less annual turnover. However, you will still be bound by privacy law if your small business does any one of the following:

  • are a credit reporting body (e.g. Equifax, Illion) or
  • are a contracted service provider under a contract with the federal government; or
  • provide a health service or otherwise hold health information (e.g. health practitioners, life coaches, personal trainers, childcare centres); or
  • collect or disclose personal information for a benefit, service or advantage (e.g. operating a lead generation website where you sell the leads).

If you have any customers or suppliers overseas and you collect their personal information, you may now also have to comply with what are called ‘extra-territorial’ provisions of laws from overseas. For example, if you have customers in the European Union, you are required to comply with the General Data Protection Regulation (GDPR), regardless of the size of business. If you have a medium enterprise with customers in California, you now must consider the California Consumer Privacy Act (CCPA).

Some other countries with privacy laws that have an extraterritorial scope include New Zealand, Brazil, Thailand, the Philippines, and Canada.

 

From a practical perspective, can not having a privacy policy really make a difference?

Apart from the legal obligations, there are practical consequences of not having a privacy policy too.

If you want to advertise on social media, or through Google Ads or other platforms, you are required to provide a link to a privacy policy before your advertising can go live.

A lot of international service providers include in their terms and conditions that you must comply with privacy laws to use their services, and they have the right to end your ability to use their services if you don’t.

For example, if you use PayPal you agree with the following terms of the PayPal User Agreement:

You must comply with all your obligations under applicable Australian consumer law, including as a seller by publishing a refunds and returns policy as well as a privacy policy, where required by law.

… you must not: Infringe PayPal’s or any third party’s copyright, patent, trademark, trade secret or other intellectual property rights, or rights of publicity or privacy.

…To the extent that you (as a seller) process any personal data about a PayPal customer pursuant to this agreement, you agree to comply with the requirements of any applicable data protection laws. You have your own, independently determined privacy policy, notices and procedures for any such personal data that you hold as a data controller, including a record of your activities related to processing of personal data under this agreement.”

What difference would it make to your business if you couldn’t process payments through PayPal?

 

So, what is the point of a privacy policy?

One of your many obligations under Australian privacy laws is that every time you collect personal information from an individual, that person must be able to find out why you are collecting it, and what you are going to do with it.

Posting a privacy policy that you understand and know you can apply, on your website where it is easy to access, is by far the easiest way to share with people what you are doing with their personal information.

 

So, what is personal information?

Under the Privacy Act 1988, personal information means any information or opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

And what does that really mean?

Well, for a start, it doesn’t cover information about people who have died, which is interesting considering the legacy profiles some social media platforms are now making available for the families of the deceased, but that is not the topic for today.

It does cover information you collect about your employees and contractors. Many businesses only think about customer information and forget that you also have to protect the privacy of employees, contractors and suppliers.

But what about a practical example:

Imagine a gym where someone is leaving and their trainer turns to another trainer and says something like “She’s never going to lose weight, you should see her mum, she just has fat genes”.

The comment is verbal, it’s an opinion, it refers to a person who can be identified visually, and whose name and other details could be found by looking at the trainer’s schedule. That makes it personal information.

Is there a risk of violating privacy law – Yes. Is it likely to be a big risk to your business? – No. Why not? – Because it probably wasn’t recorded and is therefore difficult to prove, but if another patron overheard it, or the trainer repeated it to someone else, it does start a chain of infringement.

Imagine the same gym has list of all their trainers with their phone numbers on a clip board, and that clipboard gets left on the front reception desk, where anyone coming in could take a quick photo with their phone.

Is there a risk of violating privacy law – Yes. Is it likely to be a big risk to your business? – Possibly. Why? – Because once that information is recorded in a different form, like a photo, your business has disclosed personal information without permission.

Can you see why it is important to understand what you are doing in the process of collecting personal information?

 

When are you ‘collecting’ personal information?

You collect personal information in your business all of the time.

Any time you confirm someone’s name over the phone, whether or not you write it down.  Every time someone fills in a contact form on your website. Every time you add someone’s details to a database. Every time you prepare a proposal for someone or take payment details. Every testimonial. These are all examples of collecting personal information.

This is a broad concept.

It includes getting personal information from any source and by any means, such as the people themselves, social media profiles, other businesses, or even surveillance cameras. In practice, all personal information that you hold will generally be considered information that was collected by you.

Bear in mind that if you generate personal information from some other data you hold, collection may also take place. For example, if you generate a sub-set of information from your database for promotional purposes, you’re effectively collecting that information again. And the practical consequence? – Your privacy policy and procedures should be broad enough to include that kind of activity in what you do with personal information.

How should you manage personal information?

This is where a lot of people get lost and think that having a privacy policy by itself is a cure for all ills. It isn’t.

You are required to manage the personal information you collect in an open and transparent way. What this means is that you must take reasonable steps to establish and maintain internal practices, procedures and systems for your business to ensure its compliance with privacy laws.

Do you have any sort of privacy checklist for small business to help your team navigate what they can and can’t do with personal information? If not, that is a good place to start. What is considered as reasonable would depend on your business.

Think about what type of personal information your business holds, how much information you collect, how your customers might be affected if their personal information was not handled properly, the size of your business, and the time and cost involved in implementing appropriate procedures.

What you are required to do in Australia is comply with privacy law to a degree that is commercially proportionate to your business. So, if you run an online marketing agency with a team of four people, your procedures are not likely to be as complex as a business supplying services to the defence force.

Here are some examples what you could consider implementing:

  • understand what privacy obligations you have as a business;
  • work out when you collect personal information, and why (avoid collecting more than you need for your business);
  • work out what you will do if someone wants to be anonymous, and if you can still deliver products or services if you allow that;
  • work out where you store personal information, and how you use it (do you use a commercial database, or excel, or your phone contacts list?);
  • work out if you share personal information (eg. with a distributor or courier service);
  • decide whether the systems and procedures you use in your business protect, or put personal information at risk of being disclosed, lost or stolen (eg. leaving a mobile phone in an Uber);
  • check that you have faith in the online systems you use and there is limited risk of unintentional access by someone outside your business (eg. information on a white board visible when you are on Zoom, unintentional disclosure of a Google form);
  • work out what you will do if you get a complaint from a customer about the use of their personal information;
  • work out what you will do if someone asks you for a copy of their personal information, or a change to that personal information (eg. change of name or address);
  • include privacy training as part of your induction process for new staff; and
  • annually review and audit your business’s privacy practices, procedures and systems.

 

How do you write an effective privacy policy?

Your next step then is to write a clear and up-to-date Privacy Policy about how your business manages personal information, or get us to prepare it for you. At a minimum, it must contain the following:

  • the type of personal information that you collect and store (eg. contact details, educational qualifications);
  • how you collect and securely store personal information (eg. collect directly from your customer and their public social media accounts, then add to a CRM);
  • the purpose for collecting, keeping, using and disclosing personal information;
  • how your customers can access and correct any their personal information and who to contact in your business;
  • how your customers make a complaint about a breach of privacy laws, and what happens when they do; and
  • whether you are likely to disclose personal information to overseas recipients, and if yes, the likely countries.

Your Privacy Policy will be more comprehensive depending on the complexity of your business and should be tailored to match your internal systems and procedures. A well-written, easy-to-understand Privacy Policy can add to your credibility and help build rapport with your customers.

If your Privacy Policy is made available online, you can provide a condensed version to outline key information, but a direct link to the full policy must be provided.

 

What if you get it wrong?

Privacy law is regulated by the Office of the Australian Information Commissioner (OAIC). The Commissioner can require your business to put in place systems, procedures or training, pay compensation, or apply to the court for fines to be made against your business.

Compensation is usually ordered where information has been disclosed, or where a person has requested access to their information, and it hasn’t been provided in a timely manner.

 

Protect your customers and your business

Having the right systems and procedures in place with a clear and comprehensive Privacy Policy is your opportunity to reassure your customers that you can be trusted, that you are aware of and care about their privacy and information security. In doing so, you are not only complying with your legal obligations but are also working towards building a reputable business.