With all of the attention given to upgrading cybersecurity, it can be easy to forget that outdated content on a company’s website also can be a source of risk. Nearly all company websites include information regarding the company and its products. These are representations that the company is making to the world and, in some circumstances, the company may be considered bound by such statements. Some issues that can arise in connection with information on a company website are obvious, such as the need to comply with applicable advertising and consumer protection laws. However, when this information is not kept up to date, it can give rise to an entirely new set of headaches.
For example, out of date information on a company website potentially may result in the company being subjected to jurisdiction in states where it no longer operates. Many company websites contain a list of locations where the company maintains facilities. If a company fails to update this list when it closes a facility, it potentially may find itself subject to jurisdiction in a state where it no longer does business.
Out of date information also may give rise to unintended warranties. Generally speaking, warranties may arise from many sources including, for example, descriptions or pictures of the goods. If a company changes the characteristics of a product without updating the description of the product on its website, the company may be found to have breached a warranty by failing to deliver what was advertised on the website.
A third example of an issue that can arise from outdated information on a company website involves the authority (or apparent authority) of a company’s employees. Some companies post information on their websites regarding individual employees and their position within the company. If such information is not updated when an employee leaves the company, or even when an employee moves to a new position, the company may be at risk of being bound by representations or agreements made by the individual in question even if the individual no longer had authority to speak for the company on a particular issue. Many jurisdictions recognize a legal doctrine known as “apparent authority.” Under this doctrine, a company that creates an impression an individual is authorized to speak for the company will be bound by that individuals actions. For example, if a company lists one of its employees as having a title such as vice president or director of purchasing, other entities likely will be entitled to assume that the individual is authorized to enter into purchase contracts for the company, even if the individual in question has been moved to a non-purchasing role under which he or she no longer has such authority.
In addition to the examples listed above, there are many other ways in which outdated information on a company website can create legal headaches. Even if a company ultimately is able to convince a court or opposing party that the information on the website is not accurate and should not be binding on the company, doing so is likely to involve significant time and expense. In order to mitigate the risk of such issues occurring, companies should periodically review and update the information on their website. Companies also should ensure that decisions that may impact on the content of the website, such as product or personnel changes, are communicated to the individuals responsible for maintaining the website.
Let’s Talk Compliance | Provider Relief Fund: Reporting Requirements and Compliance Concerns