Your small business has certain obligations to its customers, regardless of whether you're selling to individuals or other businesses, whether you're selling products or services, and regardless of what your industry or profession is. Consumer rights and consumer protection are the general terms used to describe the laws that protect all customers.

There are a number of federal consumer-protection laws that apply to companies and business transactions regardless of industry.

If your company accepts credit cards: The Fair and Accurate Credit Transaction Act requires that a receipt contain no more than the last 5 digits of the customer's credit-card number and cannot include the card's expiration date.

If your company accepts orders by mail, fax, internet or phone: The FTC's Mail or Telephone Order Merchandise Trade Regulation Rule requires you to ship orders within 30 days or the time originally promised to the customer, whichever is less. If your company is unable to ship the product within that time frame, you must notify the customer and give them the option of cancelling their order for a full and prompt refund.

If your company handles sensitive customer information: Your company has a legal and ethical obligation to protect sensitive customer data - including Social Security Numbers, credit card numbers, banking information and contact information - from loss, theft and inadvertent disclosure. Your company may be required, under the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act and the Federal Trade Commission Act, to take reasonable steps to protect sensitive customer information. In addition, if you accidentally or intentionally cause customer data to be compromised, your company may face lawsuits and bad publicity.

If your company advertises: The Federal Trade Commission Act forbids advertising that is unfair, misleading and/or deceptive. If your company's advertising makes a claim about its products or services, you must be able to substantiate, or prove, the claim. If your advertising includes disclaimers, those disclaimers must be clear and conspicuous to customers.

If your business sends promotional email: The CAN-SPAM Act requires businesses that send advertising or promotional emails to include instructions so that recipients can opt out of future messages. In addition, the law bans companies from using deceptive subject lines and false return addresses, and requires senders to include their physical mailing address in all emails.

If your company guarantees the quality and performance of its products and services: A warranty or guarantee is a pledge made to customers to stand behind the product or performance of a service. When you offer a warranty or guarantee, you are promising that the product or service will perform as advertised and you are promising to correct the problem in the event of sub-par performance. Warranties may be explicit - formal promises made verbally or in writing - or implicit - an implied promise that the product or service will do what it's supposed to do.

If your company sells door-to-door: The Federal Trade Commission's Cooling-Off Rule allows consumers to cancel contracts and purchases of $25 or more within 3 days if the contract is signed or the item is purchased at the customer's home or a location other than the business's physical location.

Check with your state's Small Business Administration to learn whether there are state-specific consumer rights laws that your company must follow. Industry-specific associations and trade groups should offer resources that describe the specific customer-protection laws that apply to your business.

Questions for Your Attorney

  • Are you familiar with consumer-protection laws that affect my business?
  • What steps must I take to comply with these laws?
  • Are there reports or records I should keep that show I'm complying with these laws?