When you have a product to sell online, it’s not difficult to find web hosting or software that enables you to quickly set up a shopping cart feature on your website. Before you add eCommerce to your website though, it’s important for you to know the security and privacy laws that your website will have to follow, which will help you avoid business litigation and a public relations nightmare.
The Laws Your Seattle Business Lawyer Wants You to Follow
As online transactions have become commonplace, legal protections have been established to shelter consumers from business fraud, like a Seattle-based online shopping website that sells credit card numbers to identity thieves, as well as the far more common practice of online thieves targeting a website that is poorly or inexpertly secured and stealing critical financial and personal data without the company’s knowledge. The laws your Seattle business lawyer will want you to be aware of include:
- Financial data – the Gramm Leach Bliley Act, Fair Credit Reporting Act, Fair, and Accurate Credit Transaction Act, Red Flags Rules
- State data security laws and regulations – many states, such as Massachusetts, have established their own guidelines that businesses must comply with if they are located in or sell to people in that state
- Industry standards – such as security breach disclosure laws and reporting guidelines
Depending on the type of goods and services you provide on your website and the nature of the information you collect, you may also be subject to laws and regulations about securing and disposing of company records, protection of private health information (such as privacy protections spelled out in the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA), and rules about when information about minors can be collected by a website. When you work on website management and business planning, a Seattle attorney can help you establish practices and policies to protect you from liability while also protecting your customers from identity theft.
Best Practices Help You Avoid Business Litigation
In this day and age, it’s not enough to do the bare minimum when it comes to eCommerce website security. Being able to demonstrate that you go above and beyond to protect your customers will give them the confidence to buy online from you, and will provide you with more solid legal footing should the worst happen. Here are some of the best practices for eCommerce, as recommended by leading IT experts:
- Take SSL to the next level. Secured Socket Layer or SSL certification is required for eCommerce, but savvy website owners spend the extra money for EV or external verification from a reliable third-party source. Consumers are learning to look for this EV-SSL, so it makes sense to adopt the practice now. And when you invest in this, make sure to prominently display a “trust seal” image on your site so that your customers can easily see that you are invested in protecting their data.
- Do more than just PCI reporting. Quarterly PCI compliance reports are necessary, but you should take it a step further to do ongoing PCI and vulnerability scanning that will alert you to any potential problems you may have with malware being embedded on your site.
- Follow the banks’ lead. If you are especially concerned about protection, consider adding multi-factor authentication, like what banks and other financial institutions offer. When passwords are changed or are incorrectly entered, the website sends a code to the user’s private email or cell phone that must be used in order to access account data. This makes it much less likely that a hacker can infiltrate the system.
Remember: Security Isn’t Just Legally Important
Yes, it could mean a serious financial hit if you are held legally liable for the loss of your customer’s data, but even worse than potential business litigation, a bad online shopping experience can permanently drive away business from your site. The Aberdeen Group discovered that if a page load exceeds 3 seconds, 57% of users will abandon the site, which means that a long delay between clicking “buy it now” and the shopping bag appearing could cost you sales. Even worse, 8 out of 10 consumers will not return to an eCommerce site after a bad experience. You will likely have a difficult time establishing a positive brand identification if the first time consumers remember hearing about your company is in a news story that details how your customers’ financial data was stolen.