This module discusses some important legal aspects for consideration for your business' website.
Key learning outcomes:
Please note that the information presented in this section is general information only and not to be acted on. If you have a particular problem to your circumstances, please seek professional advice.
Hi, my name is Jeanette Jifkins from Onyx Legal. And today we're going to be talking about website ownership basics, and working with web developers from a legal perspective.
Now a little bit about Onyx legal. We are a local, commercial law firm. We're based in North lakes. We've got a small team of people and all of the senior members of the team have been business owners themselves. So we understand the challenges and, the things that you face as a small business owner. Now we've all done lots of studies, so we've all got lots of letters after our name, but we do try to be practical and make dealing with legal matters easy for you. I've also written a book called Cover Your Arse Online to help you to better manage the legal aspects of doing business online.
So getting back to the topic at hand, website ownership. Now this is just general information. So whatever we share today, don't go and take action on the basis of this information. You need advice specific to your circumstances and it goes to the same, what you learned from this presentation today, if you share it with other people, it's on the basis, you're raising their awareness, but they need to go in, get their own advice. Don't you try and advise them as to what they should or shouldn't do.
The topics we're going to be looking at. What are domain names versus hosting? Cause they are quite different things. What is, what does it mean to be a registrant of a website? What do you do with privacy settings on your website? In terms of transferring websites from one owner to another, or one person to another. You know, what do you need to know about that? And some very basic things about working with web designers or web developers. And this is legal aspects, not technical things. So the technical ‘how to do a lot of this stuff’, you need to speak to an it professional to do that. We can't help you with that. We can help you with the legal aspect or the legal side of things.
So the first thing's first, domain name versus hosting. And you might know that a domain name, is also called a URL, which is a uniform resource locator. All that means is the domain name is your address. It is unique to you. It is registered. So you don't own it.
What happens is it's a bit like renting a house. You're renting that domain name. You have a license to use it. And if you forget to pay that license fee, you lose it the same as if you didn't pay rent on your house. You would lose it.
The license is transferable. So as long as you're the registrant and you're the registrant for 60 more days, you can transfer that domain name to someone else. Or if you're sorting out your legal structures in your business, you might transfer that domain name to a non-trading entity in your structure.
The domain name is the address, a little like a post office, or the way you write a street address. It's the postbox that you're sending it to. That's all the address is about. And that's all the domain name is about. It's not the whole website behind it.
So it's not the website. It's not the hosting. It's not the content management system and it's not owned by you. Okay. It is just the address where people find you and you have to pay to keep it.
Hosting is looking after your information. It's a paid service. It's also transferrable. So you can move it from one company to another. Hosting. What happens is all of the data, so this is what people see on your website, all the information that becomes visible and accessible to the public, that information is hosted somewhere.
And that's the server. And that's either a cloud-based server, which still means that there's a physical backup somewhere, or it's a physical server that you have. Now, most people nowadays use cloud hosting. But that just means that the cloud hosting provider has a building full of servers somewhere or in multiple places around the world.
Hosting is about content storage and delivery. It's a bit like having the block of land. So where the domain name is your postbox, your hosting is your block of land. It's where it sits. And where it's kept. It's not the website. It's not the website building tool. It's not the content management system for your website and it's not the internet. It's just the, the storage and delivery of that information.
So actually looking at that analogy. If you look at the postboxes that domain name and you look at the hosting as the land. Then the website is the house that sits on the land. And the internet are all the streets. Okay. So that, that's the kind of analogy to the way it all fits together.
For your website to be visible to the public, you must have the domain name. So you must have the address. You must have the hosting. You must have a content management You just need to have the programming behind the website. And nowadays, most people do that through a content management system, because that is the easiest way to do it. So common systems are WordPress. WordPress is used by over 25% of the world's websites apparently.
Squarespace is another one. 10x Pro is one. Wix is another one. They're all content management systems that make it easier for you to build a website without actually having to know how to program. You don't have to do the HTML, or PHP, or any of those background systems yourself, or coding.
Now you also need website content. So building a website's one thing. You get a framework. So for example, with WordPress, our websites built on WordPress. We use a WordPress theme and that theme provides all of the structure of how the website is presented. But then we have to source or create all of the images. We have to source or create all of the words, or the videos, or all of the content that you access when you come to our website. We've got to provide that as well. So there's all of those aspects in having a website.
Now being the registrant, the registrant is the person who owns the license to use the domain name. So you have the license to use that address. What you're going to see on the next couple of slides, some, you know what it looks like if you go and search that information. So we used to be able to look in the yellow pages to find people's addresses.
Nowadays, you just do a Google search.
To find the domain name, the details, the ownership of who is at that domain name. You look on, whois searches. So for Australia, whois.auda.org.au/. That's how you do a, who is search of a .com.au or any sort of domain name with.au at the end of it.
The most common provider that I use to search .com addresses is domain tools. So again, that's whois.domaintools.com/. I go in and I put in the website address there and I see what information they make available about the registrant. Another one is lookup.icann, which is the international convention of assigning names and numbers. That's the international organisation. So it's lookup.icann.org. That's another one place where you can search, but if you type in whois into your browser, you should be able to come up with a number of different providers.
When you do a whois search for a .com.au address, the example I’ve got here but here is for businessmoretonbayregion.com.au. Now you can see at the bottom of those results. The top of the very first line is that, that domain name. The very bottom of the results, the last three lines are the registrant. So it shows that that's Moreton Bay Region Industry and Tourism limited, and the registrant's got their ABN there. And the type of registrant that they are, which is a company. So that data is down the bottom, and that data should be visible for every .com.au website that you search or .net.au. ,any .au website that you search in outer should disclose that information.
Just above the register and information, you've got name server information, and it's got addresses like, ns2, ns3 or ns1. The name servers are where your hosting is. So, you know, we were talking about the hosting being the land. That's where it is. And that's how you find it.
Now, when you do a, whois search on, for example, domaintools of a .com address, they have different rules outside of Australia about the amount of information that's visible. And for.com addresses, you can hide a lot of the data. So you'll go on to some websites and you'll see that instead of getting the registrant's details, it's privacy protected. Now. I'm not aware of any way to get past those privacy guards. You used to be able to get past them, but the law changed a couple of years ago, and now it's very hard to get past those unless you get a court order to access that information. Well, the one, one way I have been able to find some of that information in the past is if you go to the wayback machine, and you search historical data. You might be able to find historical data for web registrant's before they applied privacy settings. It doesn't always work that way. Aomain tools also provides you with historical, you can purchase historical searches of a website and that information may or may not be there.
Now, the responsibilities of a registrant. You must keep paying your registration fees. If you don't, you risk losing your domain name, and I've had people come to me and say, this was my domain name five years ago, and then we had some problem in the business and they say, you know, we let the domain name go, but now we want to get it back. And one of our competitors has it. What can we do? Nothing. Okay. The rules around domain name registration internationally, or all around the world. The rules are first in first served. And the only sort of way to counter those rules is to have a registered trademark. That gives you a reasonable argument as to why you should own that domain name instead of the person who currently has it registered. Other than that, if they registered it first or you dropped it and they registered it, there is no obligation on the registrant's to transfer, registrars, to transfer it to you and getting it back apart from paying the current registering a great deal of money is unlikely. So don't have unrealistic expectations of getting something back if you drop it.
Again to keep your website visible, you have to keep paying your hosting fees. And I've seen this happen as well, where people go, “Oh, I don't know what's wrong with my website. It was fine yesterday”. And all that's happened is their credit card has expired or something like that, and they haven't updated their payment details. And as a result, they no longer have hosting. So their website's no longer visible. So you must keep paying your hosting. You must keep your content management system up to date. And the reason you do that is for security.
So for example, WordPress. There's WordPress updates. You know, at least every week, you've got to keep those updates current because they do, you know, security fixes and all sorts of things in the background all of the time to reduce the possibility of hackers getting into your website.
And you must keep your contact details up to date. Now what happens with ICANN, which is where all, ICANN is the international governing body over all registrars around the world. And there are multiple registrars around the world who have the ability to sell you a license for a domain name. You've got to keep your contact details up to date. And most of the registrars will give you an annual reminder to check your details.
Not all of them do, but a lot of them do and it is worth going in and checking your details because what happens is when you change register details, there's a 60 day moratorium before you can change more registered details. So if you wanted to sell your website as part of selling your business, and you've updated your details in less than 60 days ago, you may not be in a position to transfer that website until after that time has expired. So make sure you have a date in your calendar every year, where you update your website, and you know when that needs to be done and don't mess around with it in the meantime, because you may impact your ability to sell your business, if that's what you are going to do.
Registrant checks. Things like when you go into, so if we go back to that slide we had before, which showed the Whois results for Business Moreton Bay Region. You can see about, a third to a half the way down there is line that says ‘status’ and it says ‘Server renew prohibited’ and some other data. Now that means that the website's effectively locked. And it can't be transferred unless you go in the backend and you change some settings and that's what you want to do.
So again, this is technical. You need to speak to the technical people. The legal perspective is lock your domain name. That's it. Make sure it's locked so that it can't be easily transferred and it can't be accidentally transferred.
Auto pay your renewals. And again, this depends on how UpToDate your credit cards or whatever payment terms you have. You know, if you use PayPal or Stripe or something else attached to it, just make sure all the details are up to date, and current, and easy to renew or go in and check them. Diarise checks.
Your 60 day moratorium. Just remember that. And protect your passwords. Please be sensible with passwords when you build a website. Particularly using WordPress as an example, cause I'm familiar with it. When you first set up a WordPress account, ‘admin’ is the username and then there's a generic password, which it asks you to change as soon as you log in. You should also change the username immediately, as soon as you log in. Do not keep an admin username for accessing your website. Because if you do a browser search on ‘what is the most commonly used password to hack domain names? ’Now it is admin or WP admin or administrator, or any of those sort of variations, because that's what people use. So don't use something common. Okay. Pick something that's going to be a lot harder to guess, because otherwise you have a very strong likelihood of your website being hacked. People say to me, but, you know, there's nothing on there yet. Why would anybody hack my website?
People don't care what's on there. They set up these automated bots that just go and go, Oh, new website. Let's go and see what we can do there and hack it. And then you don't know what's built in the back end. You don't know what trap doors or back doors there are there that could allow people to, you know, you can build your website over 10 years and then suddenly it's vulnerable because some backdoor was put in when it was hacked when you first built it. So be very careful around that. Do not use ‘admin’ as a username for anything.
Passwords should be at least 12 digits long. So this is information that's been told to me. This is not legal advice or legal information. This is information that I found out from people in the cybersecurity space. Apparently there is light years difference between the ability to, work out the variations of an 11 digit password to a 12 digit. Light years. And the time that it can take to hack a website is significantly different between the two. So 12 digit passwords. And if that is a problem for you, get a password manager.
So there are lots of password management systems around Dashlane is one, Lastpass is one. They help securely store all of your passwords for access to all of your websites. And they can be really, really useful. You only have to then remember one quite detailed, significant, long, interesting password. Longer than 12 characters. And then you can access everything you need to access, but you don't have to remember the passwords for every single site. And those kinds of systems can help generate secure passwords. So, use a password management system if you're worried about remembering passwords.
Now privacy settings on website. I'm not talking about privacy policies, you know, that you should have linked in the bottom of your foot, in the footer of your website. What I'm talking about is privacy settings. So that registration details we're talking about, that you find in Whois. As I was saying in for international domain names, like .com and shorter domain names like that, that don't have the .au, you can apply privacy settings to those domain names. And when you do that means people can't access any of the data. They have to go through your privacy management system. And I mean, it could be GoDaddy privacy settings. They have to go through that, or whoisguard, or any of those before they can get to you. So all the information is filtered.
If you can't use privacy settings. So if you've got a .com.au website, and you can't apply privacy settings, and you don't want to get a you know, a whole inbox full of junk mail, because people are scraping your email from your domain name registration, some of the tips that we've given people in the past.
For example, if you are a sole trader, register a business name with your ABN. Apply that business name as the registering with that ABN, because most people don't search your ABN details. So apply that business name and that ABN to your domain name registration, and create a single email address for that registration. And then you can do settings on that email address, so that junk mail, everything that you suspect to be junk mail and then you don't have to worry about it. And it doesn't clutter up your day to day email system. Now you're going to have to have particular email contact details in there for admin contact and so on.
There's no rule, there's no laws against using aliases in Australia, unless it's intended to be misleading and deceptive. So your tech contact for your domain name registration might be Chuck Norris, and that's fine. You know, you can use an alias. It doesn't have to be your name. So if you're wanting to protect your personal information or you're wanting to limit the amount of your personal information associated with your domain name registration, then look at what data is required, and think about what you can apply using aliases and specific dedicated email addresses, post office boxes and business names to reduce the amount of your personal information that's out there, and better manage spam. Okay. So there's some hints for you.
So that's part of the privacy settings. Now the security of your website. You might find that you're browsing the internet and you might get a message flash up and say, this website's insecure. Do you really want to go here? That could be the difference between whether or not someone has an SSL certificate or not on their website and you'll know because the domain name address will be HTTPS for secure website, or HTTP for an insecure website. A SSL certificate is a standard security technology certificate. Aand you have to purchase them and then they get applied to your website and you have to renew them. Again, get a techie to help you with this. It's not something that we can do for you. It is somebody who understands the technical sides of websites that can do it for you.
It adds to your credibility of a business and it makes your website more secure and communications, particularly if you're taking emails and names for newsletter lists or allowing purchases through your website, you really should have an SSL certificate and make it secure.
Okay. there is a slide here that again shows you, registrant details. This particular slide shows that it's protected by Namesilo. So what that's about is that's privacy settings. So you can’t actually see who the registrant is on that email, on that website.
Okay. Proxy servers and privacy settings may be used to hide that registered data. That's what we're talking about there. .au domain names under AUDA, you can't apply that because it's part of AUDA’s rules that it has to be publicly available information. That's something to do with transparency, and the AUDA rules that currently, or they have been open for consultation in the last year, so they're currently under review. So there may or may not be changes in the future.
And what I was just talking about, use post office boxes, registered business names, aliases and specific email addresses to protect your privacy.
If you are transferring a website, you should have a written agreement for the transfer, because you are transferring intellectual property as well as content and a domain name.
A proper contract will give you an email trial to show that the transfer has actually occurred, because it's not uncommon to have a circumstance that we had for a client recently, where, when we went and looked at their website, they purchased it two years ago, but the transfer didn't go through. So it's still registered in the name of the person they purchased it from. They've got a contract. So they're able to go to the registrant and say, here's our contract. Here's what happened? Why is it not in my name? And remedy it that way. If you don't have that evidence, it's a much harder exercise to get the registration transferred.
Go into your registrars details. So wherever you have the domain name registered, and that might be GoDaddy, it might be crazy domains. They're two of the most popular here in Australia. Go and have a look at their rules and their ‘how to’ transfer a domain name. Cause there are different ways to do it. If the purchaser is also using the same provider, so if it's Go daddy, or if it's crazy domains to crazy domains, and it's a different system, if you're shifting it from one to another. So if you're moving it from GoDaddy to crazy domains or vice versa. So go in and look at the rules and check them out and make sure you have someone technical who's able to help you in that process.
The person who takes the transfer of website also has to have their own hosting. So when we're talking about name servers, the NS addresses, what happens is to change where the website's visible, you change the name servers, and that can happen before the transfer process. Just so that they pointed at a different spot and you don't lose any data.
In terms of taking actual website data, you can do backups. There's C panels, there's all sorts of technical things in the backend. You do need technical know how, and you do need help in that process unless you understand what you're doing.
It's a good idea to do a complete backup of a website before you transfer it. Whether that's transferring from one host to another, or transferring a domain name from one to another, or transferring a whole of a website in a sale to another person. Do a complete backup and make sure that backup can be right loaded before you do the transfer. And definitely get technical help.
The person taking the transfer may have to set up their own content management system. So for example, with our website on Onyx.legal, we use a particular premium theme and it's called Divi. So we have a paid license to use that theme. So if we're transferring that website to someone else, they would need to purchase a license to use that theme as well. Otherwise they'd have to refill format the website, or it would lapse, like the updates wouldn't be secure and all of that sort of thing that wouldn't happen. So that may need to be covered in the transfer agreement.
All right. So that's some basic things that you need to think about. It can be a lot more detailed. It's much, much easier if you've got a technical person to help you transfer a website. What we do from a legal perspective is we help people write agreements around the transfer website, whether that's a sale or a joint venture, or shifting between entities in their own business to provide some protection. We do that side of things. And we helped people check off at the end to make sure that actually are registered as the owner.
Now working with web developers and marketers, couple of things you need to know there. And I've made these mistakes myself.
Understand the contract. So I've received proposals from web developers in past and gone. Oh, that looks great. And then in trying to work it out and match it with the work that they've actually done, the project management was missing. So when, and you're working with a web designer or developer, make sure you understand what their project management approach is and how they're going to report milestones to you on the way.
So one of the mistakes I've made in the past is that I've just said yes. Every time they've sent me an email and said, you know, this has happened, blah, blah, blah, would you like us to do this? I've gone. Yes. And then at the end gone, why is my bill double what I thought it would be? That's why. Because the proposal it had in the first place is different from all of the changes that happened, and they didn't actually let you know that those changes that happened were going to cost you more money.
It might've been in the agreement they said at the front that, you know, “if we do stuff not included in this proposal”, but it wasn't clear to me that that stuff wasn't included in the proposal. And I'm the legal person, you know, I looked at these contracts, but that doesn't mean I understood how it worked because it's not my industry. So. Understand the agreement. Take the time to get your web developer to work you through the agreement. If you don't understand what it means, make sure you know what the milestones are, and if they offer to do something in the process of building the website, just double check back and say, is this included in the cost of the original proposal? Simple question. Worth asking. Believe me.
Okay. Know what you want. Check references, not referrals. So I have worked with people in the past via a referral. That means the people involved are friends. It doesn't necessarily mean that the work is the quality that you want. But if you go to a reference, somebody who has had their stuff designed or developed by this company, they're really good people to talk to.
Get a contract you understand. Make sure you understand that and make sure you know how it's going to work. Make sure you know, who's going to do the project management, because I personally can't do project management on a website. I don't know enough about building a website. I have some vague ideas on how it works. And I don't, I just don't need to be doing that. Okay. So make sure you understand how they're going to project manage it.
Check invoices against deliverables. So every invoice that comes in check against the proposal, and if there's something there that wasn't in the proposal, double check it and query it then.
And make sure you request security on your website. And by security I mean, like talking about using password management systems. Password management systems can allow you to give developers access to your systems without handing over data that you can't take back. So a password management system might allow you to give them access and then take away that access. That's going to give you more security over what you have, than if you just give them a password and I use a name that you can't then delete. So check those things.
Make sure you ask questions, make sure you own copyrights. So for example, there are a lot of people out there who say, “Oh no, my web developer just put up terms and conditions that they found”, or “just put up a privacy policy that they found”. They're not legal advisors. They have no idea how that's going to legally impact your business. That is a risk. And it goes to the same if they are sourcing images for you from the, you know, from wherever you need to know that there is a license attached to those images that will be passed to you when the website's handed over.
If they prepare content for you, you need to be sure that that content becomes your copywriter as soon as it's paid for, and doesn't remain their copyright. So there bits and pieces.
Be responsive to web developers, they're business people like you. If they ask you for information to be able to move forward on a project, then give it to them and give it to them in a timely manner. It helps keep their business running. And if you don't, you might mess up them workflows, and they might have to hold your work for weeks before they can fit it back in again. Because they have technical people able to do so much in a day. And if they've got other projects that are coming in at different streams, and you mess up the project system, you might have your work delayed and it's not their fault. It's your fault for not being responsive when they ask for information.
Pay on time. You like being paid on time. Pay the people who supply work to you on time and learn how to manage the backend of a website, or else hire someone to do it for you. Because you can do all of the simple changes like that, changing a date, changing and address, putting up a blog post, all of those sorts of things, things with most content management systems. Now you should be able to do that yourself. And if you can't do it yourself, find someone who can do it for you. There are a lot of people graduating from high school right now who are really good at that. It's second nature to them. So it give someone a job if you can't do it.
How we can help you. We can help you in transferring a domain name. So if you are buying or selling a business that has a website component or an online component, we can help make sure that you get all of what you need to get.
We can help you prepare agreements with web developers or web designers. We can help you prepare agreements to work with technical people who are going to manage your website for you, or, you know, content people who are going to make sure your posts go up all of the time. We do all of the contract side of things, but we also check and make sure that you are the registrant on your domain name, and you have control over your domain name, that if you ever wanted to sell your business in the future, you have the ability to do that before the time comes that you want to.
To check us out, come and have a look Onyx.legal or give us a call and have a quick chat to find out how we can help you. Thank you for today.