“E-commerce” is a catchall phrase that refers to business conducted over the Internet. The Internet provides a relatively cheap and fairly reliable communications platform that allows a company to conduct business transactions electronically. Many companies are using the Internet to streamline operations that once required people to communicate over the phone or even meet face to face. The Internet can facilitate transactions between a business and its customers (often referred to as “Business to Consumer” or “B2C” transactions) or between a business and other businesses that it deals with (often referred to as “Business to Business” or “B2B” transactions).
Business to Consumer
In the B2C arena, one of the chief concerns that a potential customer visiting your Web site may have is the privacy of the information that he or she would have to provide in order to complete the transaction. Polls that have been conducted by various organizations indicate that privacy concerns are one of the main reasons that people hesitate to provide information for a transaction over the Internet. For this reason, many companies post privacy policies, informing the Web site visitor what is done with the information, and with whom it may be shared. Such privacy statements should accurately disclose the type of information that you collect, how you collect it, what you do with the information, and with whom that information may be shared. The policy, however, needs to be flexible enough to accommodate changes that you may make in the way you operate your business. Also, it must accurately reflect your business practices, as the Federal Trade Commission and various states' Attorneys General have penalized companies whose privacy policies were inconsistent with their actual practices.
There are also statutes dealing with financial information, credit reporting information, educational records, and even video rental information.
Since a Web site is accessible to anyone around the world, you may also be subject to other countries' privacy requirements, particularly if you are collecting information about Web site visitors from other countries. Most notably, the European Union ("EU") has the most stringent data protection statutes in effect right now, and other countries, such as Canada, have modeled their data protection laws on the EU's model.
There are also sales tax issues involved with B2C sites. Whether you have an obligation to collect sales taxes for goods sold in other states depends upon the law of each state in which a sale is made and the nexus that you have with that state. The legal landscape in this area may also change. States believe that they are losing millions in sales tax revenues because many Web sites do not collect sales tax, so they are working together and with Congress to try to get legislation enacted that would require Web sites to collect sales taxes.
Business to Business
Many companies are taking advantage of the Internet to move ordering and other routine interactions onto the Internet. As a result, contracts are being formed without people talking to one another. Some of these transactions are handled entirely by computer, without any human involvement. If your business decides to move in this direction, you should ensure that you have an initial contractual agreement with the companies with which you will be dealing that discusses how the system is going to be used, who is authorized to conduct the electronic transactions, how the parties will know that the transactions are authorized, how the transaction will be verified, and under what circumstances transactions are void. In the event of a disagreement over a particular transaction, you may be able to avoid expensive litigation if you have an initial agreement that spells out many of the key issues.
Your agreement with other companies should also address privacy issues relating to the transactions. For example, if you are using a company to collect and analyze data for you, you probably don't want that company selling your data to third parties – particularly your competitors. Therefore, your agreement should also spell out what can be done with the information and with whom it can be shared.
Whether you are using the Internet for B2C or B2B transactions, you must be concerned about the security of data that you collect from those with whom you do business. If you do not take precautions to secure your data, others will be reluctant to do business with you. Moreover, your business could face liability if unauthorized parties obtain access to the data. You should secure personal information and business data behind firewalls or on servers that cannot be accessed from the Internet. You should have policies in place that limit access to the data within your company so that only those employees who legitimately need to use the information have access to the information. You should also audit your system on a regular basis to make certain your security has not been compromised.
If you share information with third parties, or if you have information stored on servers operated by third parties, you should have a contract that identifies who will have access to the information and under what circumstances, sets forth the security measures the third party will take to safeguard the information, and defines your remedies and rights in the event security is breached.
Intellectual Property Issues
With the Internet, it is very easy to copy information from another Web site and post it on your own. The information you are copying, however, may be protected by copyright—even if there is no copyright notice. Therefore, you need to have policies in place limiting the information that can be posted on your company Web site either to original material created by your company or to material that has been cleared for copyright issues.
There are also trademark issues involved with Web sites. For example, registering a domain name address using a competitor's name will likely violate the Anti-Cybersquatting Consumer Protection Act and may also constitute an unfair trade practice. Some courts have also found that using a competitor's trademark as a meta-tag (a hidden code that search engines use to determine whether your Web site is responsive to a particular search request) constitutes unfair competition or trademark infringement. Policies prohibiting these kinds of practices will help limit your liability exposure.
If you have any questions regarding e-commerce, call Norbert Kugele at 616.752.2186 or your WN&J attorney.