Your business must comply with the same privacy and security laws for customers whether it operates in a brick-and-mortar building or online, or both. However, there are some additional requirements for those who conduct business on the Internet.
Firewalls Are Not Enough
If your business sells its products or services online, customers probably enter their credit or debit card numbers to your website. Your computer system most likely has a firewall in place to prevent unauthorized access by outside hackers to this information in your customer databases. However, your business is also responsible for your employees' access to the data. Identity theft is often an "inside job." It's important to screen new hires before trusting them with the information. You can also limit employees' access to the data on a "need to know" basis. Your receptionist doesn't need access to your customers' credit card numbers, but your billing department does.
Give Your Customers Options
Special Laws Apply to Children
If your website markets to children, your business is subject to the Children's Online Privacy Protection Act (COPPA). Child-related websites are obligated to post a privacy notice on their home pages. You can't share or use any data collected from a child without parental consent.
You Must Cooperate With Identity Theft Investigations
If your system is breached and someone gains access to your computer databases, the Fair Credit Reporting Act gives your customers certain rights. No matter how large or small your business is, you're obligated to turn over your electronic files to the customer and to law enforcement if customer credit card or debt card information has been accessed and used without authorization. Nearly half of all states require that you notify customers if you realize your system has been breached and personal information on customers has been compromised.
A Business Lawyer Can Help
The law surrounding your customers' online privacy and security is complicated. Plus, the facts of each case are unique. This article provides a brief, general introduction to the topic. For more detailed, specific information, please contact a business lawyer.