E-business Security, Privacy and Legal Requirements

E-business has issues that you are less likely to find with more traditional means of doing business. Entire relationships are built in e-business without any kind of face-to-face communication. However, e-business does expose you and your customers to risks, such as theft of your customer lists and customer credit card information, fraudulent purchases, misunderstanding with suppliers and customers due to lack of personal communications, and loss of customer trust.

Do not consider the risks as reasons to give up on e-business. There are strategies and methods that can help you reduce the risks to yourself and your customers. Be aware of the risks and take steps to deal with them before they become problems.

Develop customer trust

Give your customers the protection and confidence they require to use your e-business.

• Your Internet Business: Earning Consumer Trust
  
  http://www.ic.gc.ca/eic/site/oca-bc.nsf/eng/ca02232.html
  Find advice and guidance on ways your e-business can earn consumer trust and confidence so that your customers become repeat customers.

Security

Just as a "physical" business takes security precautions, such as locking doors and using a safe for money and important documents, so too does an e-business need to take security measures.

• SME Direct: Security
  
  http://www.ic.gc.ca/eic/site/dir-ect.nsf/eng/h_uw00207.html
  Security is probably your biggest concern about conducting e-business. SME Direct offers good advice about online security.
• Payment Card Industry Security Standards Council
  
  https://www.pcisecuritystandards.org/index.shtml
  The PCI Data Security Standard (PCI DSS) must be followed by anyone that handles credit card information. If you do not follow the PCI DSS you could be fined and not be able to accept credit cards as payment.

Privacy

When you do business with a customer over the Internet, you will collect quite a bit of information which can be useful outside of the transaction. If you use any of that information, in a way which can be linked back to the customer and without the customer's knowledge or consent, you are violating their privacy rights. It is up to you to properly destroy that information or to keep it secure.

• Privacy and your Business
  If you collect, use or disclose personal information about individuals, you need to understand your privacy obligations and find out how to implement appropriate privacy policies and procedures.

Privacy policy

In addition to the way privacy laws apply in the "real" world, there are some special things to think about when dealing with the Internet and e-business.

You should fully understand how your website fits into privacy law requirements.

• If your website collects personal information, you should develop a proper and legally compliant privacy policy and post it in a readily visible location on your website.
• If you use cookies or similar means to track visitors, depending on how you do that, you may still need to develop and post a policy.
• Online profiling may require the consent of the individual depending on the circumstances.

Keep in mind that people do look for privacy policies so, without a policy, you may lose prospective customers. A properly drafted privacy policy or statement will not only minimize your legal exposure, it can serve a marketing function as well, allowing you to attract and retain customers who otherwise might not be as inclined to deal with you.

Do not create a policy and then fail to follow it precisely. This is an invitation for disaster, including not only possible legal problems, but also injury to your reputation and goodwill.

It is important to not just let the policy sit once it has been posted. It should be revisited regularly to determine whether or not it is still accurate and to evaluate whether or not it should be revised to assist you in your business goals and objectives.

Credit and debit card handling

Your e-commerce business depends on trust between you and your customers. Violating that trust can have disastrous effects, not only on you, but on your partners in e-commerce, such as your bank, payment gateway, or credit card companies.

• Payment Card Industry Security Standards Council
  
  https://www.pcisecuritystandards.org/index.shtml
  The PCI Data Security Standard (PCI DSS) must be followed by anyone that handles credit card information. If you do not follow the PCI DSS you could be fined and not be able to accept credit cards as payment.

Legal requirements for e-business

In general, all existing laws that apply to traditional commerce, such as laws governing business incorporation, business name registration, taxation, consumer protection, deceptive advertising, importing/exporting, product safety, product standards, criminal code, inter-provincial trade treaties, intellectual property and liability, apply equally in an electronic environment. A business, regardless of size, must comply with the law of any jurisdiction, both in and outside of Canada, where it is deemed to be conducting business.