Business Law

Ensure Your Customers' Private Information Is Secure

Your business must comply with the same privacy and security laws for customers whether it operates in a brick-and-mortar building or online, or both. However, there are some additional requirements for those who conduct business on the Internet.

Firewalls Are Not Enough

If your business sells its products or services online, customers probably enter their credit or debit card numbers to your website. Your computer system most likely has a firewall in place to prevent unauthorized access by outside hackers to this information in your customer databases. However, your business is also responsible for your employees' access to the data. Identity theft is often an "inside job." It's important to screen new hires before trusting them with the information. You can also limit employees' access to the data on a "need to know" basis. Your receptionist doesn't need access to your customers' credit card numbers, but your billing department does.

Give Your Customers Options

Unless you're selling to children, no law requires your business to post your privacy policy on your website. However, doing so may please your customers. A privacy policy gives your customers a voice in whether you share certain information you collect from them with third parties. You can allow them to "opt out," prohibiting you from sharing their personal data, or to "opt in," allowing you to use it or exchange it with others for marketing purposes. Privacy options are especially important if your site sends cookies to customers' computers to monitor how frequently they visit. This is the sort of information businesses commonly share to monitor marketing trends. If your e-commerce customer opts out, it's important that you comply. Otherwise, you may leave your business open to a Federal Trade Commission investigation and penalties.

Special Laws Apply to Children

If your website markets to children, your business is subject to the Children's Online Privacy Protection Act (COPPA). Child-related websites are obligated to post a privacy notice on their home pages. You can't share or use any data collected from a child without parental consent.

You Must Cooperate With Identity Theft Investigations

If your system is breached and someone gains access to your computer databases, the Fair Credit Reporting Act gives your customers certain rights. No matter how large or small your business is, you're obligated to turn over your electronic files to the customer and to law enforcement if customer credit card or debt card information has been accessed and used without authorization. Nearly half of all states require that you notify customers if you realize your system has been breached and personal information on customers has been compromised.

A Business Lawyer Can Help

The law surrounding your customers' online privacy and security is complicated. Plus, the facts of each case are unique. This article provides a brief, general introduction to the topic. For more detailed, specific information, please contact a business lawyer.

Have a ecommerce question?
Get answers from local attorneys.
It's free and easy.
Ask a Lawyer

Get Professional Help

Find a ECommerce lawyer
Practice Area:
Zip Code:
How It Works
  1. Briefly tell us about your case
  2. Provide your contact information
  3. Connect with local attorneys

Talk to an attorney

How It Works

  1. Briefly tell us about your case
  2. Provide your contact information
  3. Choose attorneys to contact you