Selling online is more than just posting pictures on your website of a few products and taking in the money. There are online business laws and regulations that you must follow.
The laws for online shopping are different from the regulations for brick-and-mortar stores, and violating any of them can put you in serious financial and legal trouble.
Online business law is intended to protect consumers. Ecommerce laws deal with issues such as collecting sales taxes, privacy protection and marketing ethics. Let’s look at the most important internet business laws that you must consider when setting up a website.
Privacy and Security: Payment Card Industry Compliance
Your website will have to request and retain a lot of data from your customers, including Social Security numbers, bank accounts, credit card numbers and personal contact information.
Protecting the personal information of your customers and maintaining their privacy is one of the most important issues to address when running an ecommerce website. Just one data breach can put you out of business.
Your website must be PCI compliant. PCI is a set of standards developed by the credit card industry to ensure the security of payments with credit cards. It is a series of technical and operational standards that businesses must follow to protect credit card data and the processing of credit card transactions.
If credit card companies, such as Visa and MasterCard, find out that your business isn’t PCI compliant, you could be fined or have your relationships terminated.
The safest policy is not to store any customer’s personal information, including any conversations that are recorded. However, this is not always practical, so you must make sure that the data is encrypted and protected.
To be PCI compliant, you must meet the following requirements:
- Maintain firewalls – Firewalls are your most effective defense against unauthorized access by hackers.
- Create password protection – Point-of-sale systems, modems and routers often have generic passwords that can be easily accessed by anyone. A more secure approach is to make a list of all these devices and change their passwords.
- Protect cardholder information – Card data should use encryption algorithms.
- Encrypt data transmission – Any cardholder data that is sent to a payment processor or other locations must be encrypted.
- Install antivirus software – All devices that interact with cardholder data should be protected with antivirus software that is updated regularly.
- Restrict access to customer data – Only personnel with a “need to know” should be allowed to access customer data.
- Create unique identifications for data access – Individuals with authorization to access cardholder data should have unique credentials to log in. Don’t create a single login of username and password for use by multiple individuals.
- Restrict physical access – Cardholder data must be stored in a physically secure location. This could be a room or cabinet that is locked with keys only available to authorized employees. In addition, you should keep a log to record any time this data is accessed by anyone.
- Maintain access logs – All activities with cardholder data should be recorded with log entries. Lack of record-keeping and documentation is the most common PCI noncompliance issue.
- Conduct regular scans for vulnerabilities – Devices and software frequently malfunction or go out-of-date. All these items should be scanned regularly to ensure proper operation.
- Create documentation for compliance – All equipment, software and employees with access to data should be documented in a policy manual. The documents should include a description of information flow through your company, how it is used and where it is stored.
In past years, you only had to collect sales tax in the state where your business had a physical presence. However, as a result of recent legal decisions, states now have the right to collect sales taxes even if you don’t have a physical presence in their state. States also have the right to set their own rules on what products to tax and when.
As an internet business owner, you must be familiar with the ecommerce tax laws on a state-by-state basis. For example, some states don’t impose sales tax unless you sell over a certain amount. Other states expect you to collect sales tax, even for small dollar sales. Some states impose sales taxes on clothing, but others don’t.
The good news is that there are plenty of software applications to deal with calculating all the different state sales taxes. If you get into legal trouble by not collecting sales tax, the courts have held that ignorance isn’t a defense, since there is enough software to help you.
You’ll need a seller’s permit from your jurisdiction to collect sales taxes.
The federal government regulates how products are sold on the internet. These regulations prohibit making false claims about products and services and require websites to disclose any paid endorsements. Boasting about the superior qualities of your products and services is acceptable, but making false statements on your website about a competitor could open you up to a defamation lawsuit.
You must make sure that your email marketing campaigns comply with the Controlling the Assault of Non-Solicited Pornography and Marketing Act. The CAN-SPAM Act defines the requirements for commercial emails and messages. It gives recipients the right to opt out of receiving emails and sets up harsh penalties for violations.
According to the Federal Trade Commission, the act can penalize websites up to $43,792 for each email violation.
Under the CAN-SPAM Act, online sellers can be fined for the following violations:
- The subject line in an email is deceptive.
- The headers in an email contain false or misleading information and doesn’t identify the person or business initiating the message.
- The email isn’t clear that the message is an advertisement.
- The email doesn’t have the location of the business.
- Recipients aren’t given the option to opt out of future emails.
- Your website doesn’t execute an opt-out request within 10 business days.
- You fail to control the activities of your email marketing service or any third-parties working on your behalf.
Trademarks and Permits
The internet makes it easy to download images of products and post them on your website. But if they are copyrighted or trademarked, you’ll be in violation of the law.
You can’t sell products that are protected by trademarks or copyrights, such as tee shirts with images of comic book characters. You also can’t use the likenesses of celebrities.
Movies, images and other forms of artistic creation are protected under the Digital Millennium Copyright Act of 1998. This law stipulates that:
- Devices cannot be manufactured and sold to copy software illegally.
- Internet service providers can be held responsible for copyright infringement by transmitting data over the internet.
- Companies can be subject to criminal penalties for evading anti-piracy measures installed in commercial software.
- Record companies will receive licensing fees from webcasters.
Even though you don’t have a physical location, you may still need a business license. You should check with your state and local laws to find out what type of business license or permits you may need.
You may have to apply for certain permits to sell food products or medical devices.
Using a fictitious name for your business can be a problem. Some state laws require that the business register the assumed name in every location that it does business. That could be a big problem if you sell in numerous states. You could solve that problem by incorporating your business and using the corporate name in all locations.
Terms and Conditions
The best way to prevent misunderstandings and disputes is to clearly state your company’s policies under terms and conditions that are legally enforceable. Pricing and payment terms must be clear.
Your terms and conditions should be clear regarding returns, exchanges, cancellations and shipping policies to reduce legal liability in the event of disagreements with customers. In case of a legal dispute, your terms and conditions should specify the jurisdiction and the limitations of liability.
Shopping online is not an exact science, so returning merchandise is a common occurrence. Your terms and conditions should clearly state your policies for returns, refunds and exchanges.
Shippers have different rules for restricted items. These can include explosives, perishables, ammunition, animals, alcohol and aerosol cans. You have to check with each shipper to determine which items they will handle and which they may restrict.
Some shippers may let you ship items that are usually restricted but require additional paperwork and fees.
You may start running your online business out of your home and keeping your inventory in a closet. But at some point, as your business grows and your inventory gets higher, you may face zoning issues with your local jurisdiction that prohibit running a business out of your house or apartment. Violations of local regulations could result in fines.
If you are leasing your home, you could have restrictions in your lease about using the space for commercial activities.
Age Restrictions: Privacy for Children
Without exception, websites are required to comply with the Children’s Online Privacy Protection Act. While COPPA has a number of restrictions, the most important one is that you can’t collect any personal information on your site from a child under the age of 13.
If you’re planning on selling products or services targeted at young audiences, you’ll need to comply with COPPA regulations. You should check the regulations for your country to determine which age verification tools you need to use before allowing a child to purchase products or services and to check out.