A constantly changing world requires business owners to stay on their toes, keeping abreast of the latest developments, not only in their field but in the larger system in which their entity exists. Changes in society and the law can impact the bottom lines. One rapidly changing area is e-commerce and protecting customer privacy as technology better connects everyone.
Violations can cost organizations significant cash and disrupt production. Knowing what to avoid increases profits and ensures ongoing success. Here’s what e-commerce business owners should know about privacy laws.
Business is, in the words of Lee Iacocca, a series of human relationships after all. Think of the customer as a new acquaintance you recently met. Mentally assume their position — what would put a reasonable person at ease when revealing deeply personal information, such as credit card numbers, in an online form? What would they hope to avoid?
Fortunately, business owners don’t have to become the next Shakespeare. They can look at models of privacy policies from other companies, evaluating what they want to include. They can also find samples and purchase tools that compose the basic language, allowing them to tweak it. Check the apps the organization currently uses for this functionality before investing in a new program.
2. Understanding Why You Shouldn’t Skimp on Protection
While business owners don’t want to waste money replicating functionality they already possess, they should be careful of the tendency to skimp in other areas. They need to back up privacy policies with security measures that protect proprietary data. Further muddying the waters is the conflicting legal landscape, meaning large companies may need to comply with the laws of 50 different jurisdictions, as well as international ordinances.
Therefore, owners must take proactive steps to avoid security vulnerabilities and protect customers by implementing the following security solutions:
- Secured payment gateways
- Malware detection
- Regular security assessments, including intrusion and detection processes
- Ongoing training on security and requiring strong passwords, encryption and VPN use when connecting virtually
- Maintaining PCI compliance
- Controlling system access
- Protecting the server in a secure environment
A significant part of security is training all team members and ensuring everyone is on the same page regarding its importance. After all, one individual can’t be everywhere at once — that’s why corporations have employees.
Be careful of the mindset that taking time for training detracts from production goals and instead accept the need as an integral part of doing business in the modern world. The average cost of a breach is $4.45 million in 2023, a fraction of an afternoon of work effort. Instead, welcome these events as an opportunity for team building, making them enjoyable while educational.
3. Outlining Clear Terms and Conditions
Just as businesses need certain information from their customers to properly address their needs, clients need to know what they can expect from a merchant. When will the company deliver their order? What is their recourse if it doesn’t conform to their expectations? How can they continue an ongoing supply of a product or maintain a service connection once they delight in it?
Terms and conditions protect business owners and customers alike by doing the following:
- They set the rules for how customers use a company’s products or services: For example, social media companies may limit what users can post.
- They can allow businesses to enforce these rules in court: For example, the Ashley Madison website breach resulted in doxing or revealing highly personal information against thousands of users. Those revealed often lost jobs and marriages, and the owners of the site paid millions in the resulting class action lawsuit.
- They can limit the damages businesses owe if found liable: Properly worded terms and conditions protect owners from liability by demonstrating a conscious effort to protect user safety. For example, in the Ashley Madison case, affected users paid $19 for a total deletion of their data, which did not occur. Would terms and conditions that more fully explained the risks of using their service have changed the case outcome?
Terms and conditions protect businesses from legal action beyond doxing, although that’s the first item that often comes to mind when discussing what e-commerce owners should know about privacy laws. They also protect against claims of negligence in other areas.
For example, those who create unique, hand-crafted goods should mention that the final product may vary slightly from that pictured on the website. The artist’s hand makes human-made things rare and valuable, but one can never tell why a customer may find fault. Clearly outlining shipping practices safeguards against refund requests when customers don’t receive their order on time through no fault of the business.
4. Maintaining Accuracy in Advertising
While companies need to broadcast their product or service to the public, they must ensure they don’t make misleading claims that cause their customers to rely on untrue information to their detriment. Financial harm is only one possibility — what if a person takes unsound health advice? Technology makes it easy to compose a message and broadcast it to millions of people simultaneously, which can result in increasing harm and losses to a business’s bottom line.
Business owners don’t need to emphasize the limitations of a product or service, but published materials should mention them clearly to avoid customer misunderstandings. For example, someone who owns a fleet of five limousines for hire might include a first-come, first-served disclaimer during high-demand times, like wedding and prom season. That way, those booking reservations aren’t surprised when their desired ride is already taken.
5. Adhering to Accessibility Standards
Finally, people vary in their physical and mental abilities. Can someone sue a business if they can’t access its e-commerce site using accessibility devices they use to manage a health condition? Yes. Robles v. Dominos is one example, where plaintiffs alleged a lack of alternative text, and missing and misleading hyperlinks baffled customers who relied on screen readers.
Fortunately, business owners can also purchase tools with an accessibility audit function. For example, WordPress has several plugins devoted to accessibility, such as:
- WP Accessibility
- One Click Accessibility
- WP ADA Compliance Check Basic
Putting It All Together: What E-Commerce Business Owners Should Know About Privacy Laws
There is a lot that e-commerce business owners should know about privacy laws. Fortunately, smaller organizations will most likely do okay relying on software solutions under the guidance of a trained technology security specialist. Larger enterprises often keep a team of attorneys and technical advisors on staff or contingency to manage emerging issues that have no clear precedence.
Remaining aware of what business owners should know about e-commerce laws protects them and guides decision-making. Companies can continue to expand their knowledge of privacy protections to stay on top of a changing world.