Connecticut and national companies doing business online may not be sufficiently protected by their Terms of Service agreements. In the ongoing In re, Inc., Customer Data Security Breach Litigation, the defendant,, Inc., lost a major decision preventing its arbitration and anti-class action provisions from taking effect. notified its customers of a major data breach in January 2012. Several of the customers brought lawsuits against, which were joined in the federal district court in Nevada. sought to apply its Terms of Service appearing on its website to force the Plaintiffs into individual arbitrations. The Court denied that request.

The court, relying in part on a Second Circuit precedent (which governs Connecticut), found that the Terms of Service was unenforceable. Instead of being a “clickwrap” type of agreement, forcing a consumer to manifest express assent, merely had the Terms of Service buried as one of many links on its website. Simply having a link, without requiring the consumer affirm their assent, is known as “browserwrap” and may be insufficient to ensure the consumer had notice of its terms.

A second reason the agreement was unenforceable was that the Terms of Service gave the right to change the agreement (including the agreement to arbitrate) at any time without notice. In effect, it meant there was no actual agreement since it was not fixed. While could always change the terms and apply them to new consumers (assuming it was in the clickwrap variety), existing customers would not have had a means of notice and acceptance.

Businesses engaged in online activities wishing to protect themselves from cyberliability by way of contract should consult with experienced counsel.