educational

Working With a Third-Party Record Keeper

Of all the recent revisions to the 18 USC '2257 federal record-keeping statute, none was so welcome to amateur adult website and other small-scale/home-based operators as the allowance of third-party record keeping — a move which can dramatically increase the personal safety and privacy of these operators. Larger organizations can also benefit from these outsourced business services, so their appeal is becoming increasingly widespread.

But many questions remain about these new services and how they'll operate. Obviously, cost is a concern in today's economy, especially for the smaller sites and solo girls who may be most likely to use these services, but what about other considerations?

To date, there has been a small handful of companies announcing their entry into the record-keeping field, but two stand out due to their support by adult industry attorneys — the services offered by Dan Pepper of Pepper Law Group (www.adultwebsitelawyer.com), and those of Michael Fattorosi of 2257Safe.com.

I recently asked these two attorneys about their new record-keeping services. Here's what they had to say:

XBIZ: What are the pros and cons of using a third-party record keeper?

Fattorosi: Obviously, the pros are that your name, identity and overall personal safety will be protected. With the changes to 18 USC '2257, there is much less intrusion by the government into a primary or secondary producer's privacy. The other pro is that the clients of 2257Safe.com will know that an attorney is handling their inspection process. As lawyers, we are adept at interacting with law enforcement, as well as investigative personnel. Often clients do not understand that they should not make certain statements to the DOJ/FBI during the inspection. We anticipate that an inspection of 2257Safe.com will be smooth and a less complicated situation for all parties.

Pepper: A primary advantage for many smaller producers is the privacy benefit; by having a third-party record keeper, the producer need not use his or her own name as the custodian of records on their publicly available '2257 compliance statement. Other strong benefits are having the peace of mind that the third-party record keeper is maintaining the producer's records in conformance with the regulations, and will be the party working with any justice department audit of the producers' records. Potential drawbacks of using a third-party record keeper involve trusting a third party to effectively manage a complicated record-keeping obligation, with the producer ultimately responsible for any non-compliance. Choosing a custodian who doesn't fully understand the regulations places the producer at risk of fines or jail time.

XBIZ: How much does your recordkeeping service cost? Do you charge a monthly fee, a per-record fee, database access and update fees? Is there a sliding scale that will help smaller operators who need this service?

Pepper: We have three levels of monthly maintenance fees, depending on the size of the producer. For smaller producers with fewer than 100 records, the program costs $12.95 [per] month. Our mid-tier program for up to 500 records is $19.95 [per] month. For larger producers, an unlimited number of records is $99.95 [per] month. A one-time $99 set-up fee applies to each program.

Fattorosi: The price structure for 2257Safe.com is actually based upon the amount of content we are hosting for each client. One of the provisions of 28 CFR 75 is that a copy of the depiction must be held with the corresponding records. Since 2257Safe.com is a web-based solution, all the content must also be housed on our servers for true compliance. However, we have developed compression software that will achieve a 90 percent compression rate for all videos and photographs, ensuring compliance, but also assuring our clients that their content will not be of a quality necessary for commercial purposes. All of our accounts are billed monthly to a credit card on file with our billing company. The basic service is $9.99 for up to one gig, the next level is $29.99 for up to 10 gigs, and then $49.99 for 15 gigs, $99.99 for 25 gigs and over 25 gigs is $149.99 per month. Custom packages and competitive prices can be negotiated for sites larger than 100 gigs. There are no fees to update or access the site, and each company can keep as many records as their storage will permit.

XBIZ: What do you need from new clients in order to begin custodianship of their records? Is there a service contract or a minimum time commitment or a month-to-month agreement? And what about confidentiality, liability or other contracts between you and your clients?

Fattorosi: There is a basic service contract that is required, and that is a month-to-month contract. A customer can cancel his or her membership prior to the next month's billing cycle. There is no minimum time agreement. As for liability, all liability rests with the client. We are not organizing or reviewing their records. We are simply providing off-site digital storage. All responsibility for the maintenance of the records remains with the client. Of course all records are held with full confidentiality, except for the fact that the compliance notice will indicate that 2257Safe.com is their custodian of records.

Pepper: All new clients sign a service agreement, which describes the various obligations we undertake for our client producers. Confidentiality is paramount, and the identities of our clients are never disclosed unless required as part of a justice department audit. The service is month-to-month, and the client can cancel at any time.

XBIZ: How do clients transfer a copy of their records to you? Is it by an online upload utility or FTP, shipped hard drive or other means?

Pepper: Records are sent via a SSL-secured browser, or at the client's option, by shipped hard drive or DVD.

Fattorosi: We have two [ways] they can transfer their records. For smaller to midsized producers, upload will be the easiest. For the very largest of clients, we can have them ship hard drives via registered and insured U.S. Mail directly to our hosting company, Fortress ITX, so they can up load them directly into their account.

XBIZ: Are clients required to keep a copy of the documents that they send to you and if so, for how long? Do you provide database dumps to make these client backups easy?

Fattorosi: We recommend that all of our clients retain hard copies of all their records, as well as digital copies of all their content. 2257Safe.com servers are PCI-DSS compliant and are well shielded against hack or threat; however, nothing is guaranteed when it comes to a server. Also, the client's account is backed up more than 100 times per day by our hosting company, Fortress ITX.

Pepper: We ask that clients keep duplicate copies of all documents they send to us for so long as we are maintaining the records for them. Clients can remotely and securely access their records at any time from our service if they wish to make additional backups.

XBIZ: Do you review the documents sent to you in order to verify their apparent completeness? If this is not a part of your standard service, do you offer such reviews as an additional service and if so, what does that process involve/cost?

Pepper: We review the documents to ensure the necessary documents have been provided to us. Our standard service does not include reviewing the documents for completeness or for conformance with the federal regulations. We do provide this optional service at rates tailored to the individual client.

Fattorosi: No, we do not provide a review service. However, the software powering 2257Safe.com does walk a user through each step so that they will know whether they are missing anything that may cause them to be non-compliant.

XBIZ: If a client's records are inspected, what will your involvement be with that process, and will a separate representation agreement be required?

Fattorosi: All inspections will be directed to and handled by me, Michael Fattorosi, at our offices in Los Angeles. [I am] an attorney with more than 12 years experience including six years within the industry. While not a First Amendment expert, I have experience with 18 USC '2257 and 28 CFR 75 in regards to compliance counsel and actual litigation.

Pepper: As part of our standard record-keeping services, our records are open for inspection by the U.S. Attorney General's office and/or its designated agents during normal business hours. In the event of discovery of a client's non-compliance with the federal regulations as a result of an audit, a separate representation agreement would be required of the client.

XBIZ: How often should a client update their records?

Pepper: Updates depend upon when the producers add or modify their content.

Fattorosi: Every time a client adds content to their site or publishes a depiction that would fall under the requirements of 18 USC '2257 and 28 CFR 75. With 2257Safe.com, records can be updated in real time so there is never a worry as to a delay. Unlike other third-party record keepers, our clients maintain their own records and have access to those records 24 hours a day, 7 days a week, and 365 days of the year. Updating should never be an issue.

XBIZ: And finally, what do you see as the unique competitive advantages of your service over similar offerings?

Fattorosi: With 2257Safe.com you have the power of the operating software. 2257Safe.com is based upon the Y-Tracker software, which has been commercially marketed since 2005. Y-tracker had hundreds of users, and their feedback helped design 2257Safe.com. First developed by Dan Underhill, it has now been reworked to be web-enabled. Dan has done a tremendous job taking a great piece of software and making it that much better. Since the software has been in use for five years, it is already field tested and has already been refined several times. Also, with 2257Safe.com, our clients have the security of knowing that an attorney is handling all inspection issues. Our clients also know that they have the ability to access their own documents so that they can be assured they are compliant. Finally, 2257Safe.com is hosted on PCI-DSS servers. Our level of server security is the same as banks and credit card companies use for their hosting. No other company can match that at this time.

Pepper: Our third party record-keeping services are overseen and managed by lawyers well-versed with the complexities of 18 USC '2257 and its attendant regulations, with fees at or below our competitors, who don't offer such legal oversight. Records are transferred to us quickly and securely, with easy-to-follow instructions. Unlike other services, we do not use FTP, which transfers files and passwords in clear text for anyone to see, and files are sent unencrypted across the Internet. All records are backed up in dual off-site locations, in a data center featuring the following computer network security measures: a ballistic-proof exterior (including doors and windows); fingerprint scanners and ID checking for all entry and exit of the facility; double man traps that force double verification and provide extra secure data center entry; redundant off-site monitoring of all security systems; plus locked cabinets and cages. We also offer unlimited email and telephone customer service during normal business hours at no additional charge to our clients.

While both of these attorney-backed record-keeping companies offer similar services, there are differences within the details of their implementation of these services that may make one more suitable than another for a particular operator. Talk to both of them to see which one is the right fit for you and your record-keeping needs, and then help protect yourself and your privacy by signing up with the service that will suit you best. It'll help keep over-zealous fans at bay and help you sleep better at night.

Related:  

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

profile

WIA Profile: Reba Rocket

As chief operating officer and chief marketing officer of Takedown Piracy, long at the forefront of intellectual property protection in adult entertainment, Rocket is dedicated to safeguarding the livelihoods of content creators and producers while fostering a more ethical and sustainable industry.

Women In Adult ·
opinion

Protecting Content Ownership Rights When Using AI

In today’s digital age, content producers have more tools at their disposal than ever before. Among these tools, artificial intelligence (AI) content generation has emerged as a game changer, enabling creators to produce high-quality content quickly and efficiently.

Corey D. Silverstein ·
opinion

How Payment Orchestration Can Help Your Business

An emerging payment solution is making waves in the merchant world: the payment orchestration platform (POP). It’s quickly gaining traction as a powerful tool for managing online payments — but questions abound.

Cathy Beardsley ·
opinion

Fine-Tuning Refund and Cancellation Policies

For adult websites, managing refunds and cancellations isn’t just about customer service. It’s a crucial factor in maintaining compliance with the regulations of payment processors and payment networks such as Visa and Mastercard.

Jonathan Corona ·
profile

WIA Profile: Laurel Bencomo

Born in Cambridge, England but raised in Spain, Laurel Bencomo initially chose to study business at the University of Barcelona simply because it felt familiar — both of her parents are entrepreneurs. She went on to earn a master’s degree in sales and marketing management at the EADA Business School, while working in events for a group of restaurants in Barcelona.

Women In Adult ·
profile

Gregory Dorcel on Building Upon His Brand's Signature Legacy

“Whether reflected in the storyline or the cast or even the locations, the entertainment we deliver is based on fantasy,” he elaborates. “Our business is not, and never has been, reality. People who are buying our content aren’t expecting reality, or direct contact with stars like you can have with OnlyFans,” he says.

Jeff Dana ·
opinion

How to Turn Card Brand Compliance Into Effective Marketing

In the adult sector, compliance is often treated as a gauntlet of mandatory checkboxes. While it’s true that those boxes need to be ticked and regulations must be followed, sites that view compliance strictly as a chore risk missing out on a bigger opportunity.

Jonathan Corona ·
opinion

A Look at the Latest AI Tools for Online Safety

One of the defining challenges for adult businesses is helping to combat the proliferation of illegal or nonconsensual content, as well as preventing minors from accessing inappropriate or harmful material — all the more so because companies or sites unable or unwilling to do so may expose themselves to significant penalties and put their users at risk.

Gavin Worrall ·
opinion

Know When to Drop Domains You Don't Need

Do you own too many domains? If so, you’re not alone. Like other things we accumulate, every registered domain means something to us. Sometimes a domain represents a dream project we have always wanted to do but have never quite gotten around to.

Juicy Jay ·
opinion

Understanding 'Indemnification' in Business Contracts

Clients frequently tell me that they didn’t understand — or sometimes, even read — certain portions of a contract because those sections appeared to be just “standard legalese.” They are referring, of course, to the specialized language used in legal documents, including contracts.

Corey D. Silverstein ·
Show More