The Internet opens up a whole new source of revenue for retailers, but it involves a lot of legal considerations as well. As the power of the Internet grows, state laws and the federal government struggle to keep up. If your business sells products or services online, it may not be enough that you knew what the laws were yesterday. They change frequently.
Online Sales Are Taxable Income
Your business must pay income tax on all revenues it collects from Internet sales, just as if you sold the merchandise over the counter. The Internet is global, so the income tax rule also includes international sales. If your business is located in the United States, and if you sell to someone in China, you must report this income. Sales tax is a bit more complicated. Companies that have a physical presence within a state must charge sales tax on online sales within that state. They need not charge sales tax for out-of-state sales, although the purchasers of these items are expected to (but rarely do) report the sale.
Protect the Privacy and Security of Your Customers
Customers often enter their credit or debit care information into an online website that sells products or services. Your computer system should have in place a firewall to prevent unauthorized access to this information in your customer database by hackers. You should also take steps to limit access by your own employees to this information. Access should be strictly "need to know." Any breach of online security must be reported to customers and law enforcement.
The Cloud Presents More Legal Concerns
If your business uses application service provider (ASP) information you receive from your Internet customers, such as credit card numbers or Social Security numbers, this information is stored off-site, not on your own computer system. All this data is stored on your provider's system in "the cloud," along with information from other businesses. This presents a whole new area of legal concern because you can't personally protect the confidentiality of this information. If you're thinking of using the cloud to store information for your business, speak with an attorney so you fully understand your liability for customers' personal information.
You Must Usually Disclose Cyber-Attacks
No matter where you store your company's data, most states have laws requiring you to disclose any security breaches. If your system is hacked and your customers' information is stolen, or even if someone in your own employ accesses the information for a reason that's against the law, you must usually report this to your customers. You're legally obligated to let them know that someone else has their information. In most states, you must also notify your attorney general.
A Business Lawyer Can Help
The law surrounding sales of products over the Internet is complicated. Plus, the facts of each case are unique. This article provides a brief, general introduction to the topic. For more detailed, specific information, please contact a business lawyer.