There are many compliance issues associated with e-commerce websites. While the pace of change for regulating e-commerce websites is very fast and businesses should obtain independent advice for their website, there are major issues to consider even in the planning stages. From web application security, to information obligations, we take a quick look the major compliance issues that new e-commerce entrepreneurs should be aware of.

e-commerce key
Photo: electroniccommerce101.com

1. Contracts Via the Internet

E-commerce companies must meet the requirements of privacy laws, trade practices, consumer-protection laws, as well as electronic transaction legislation. The Electronic Transactions Act 1999 (Cth), which has been enacted by most states and territories as local law, specifies that transactions completed via electronic devices are valid if they meet the minimum requirements set out in the Act. The Act covers requirements in relation to record keeping, electronic signatures, and production of documents.

2. Trade Practices and Consumer Law

When representing yourself and your business, make sure you adhere to trade practices and consumer legislation. You should be careful not to misrepresent your products, and remain truthful and transparent with respect to all issues. You can find out more about the specific consumer protection requirements from the ACCC website as well as the consumer protection bodies in your state or territory.

3. Terms and Conditions of Use

Most websites contain terms and conditions as well as disclaimers. They are an essential element in communicating with your customers, providing a single source which can be consulted in case of any doubt. Ensure that you cover the following issues:

  • Accuracy of the content provided
  • Liability for content and information
  • Privacy, security, and information policy. Outline how you protect any user’s privacy, the kind of security systems you have in place to safeguard their information, how they can access and verify this information for accuracy, and whether any information is shared with third parties and the circumstances in which this occurs.
  • Sales and returns policy
  • User registration policy where applicable

4. Data Security

Data security and privacy is surely one of the top concerns when it comes to e-commerce websites. Your IT consultant will be able to provide you with the technical means of achieving this, from web design to secure passwords, to encryption, setting up appropriate firewalls, and even conducting penetrating testing to assess and fix system vulnerabilities. Generally, to mitigate legal liability in circumstances of data theft, website owners need to demonstrate that they have taken all reasonable steps to safeguard private and sensitive information such as credit card details and home addresses.

5. Privacy

The Privacy Act 1998 (Cth) mandates compliance with the National Privacy Principles (“NPPs”) for the collection of information for any purposes by any non-government entity. The NPPS set standards for the collection of information and the following issues:

  • Use and disclosure of information
  • Data quality
  • Data security. Includes provisions for personal information that is no longer required
  • Openness
  • Access and Correction
  • Commonwealth Government Identifiers (“CGIs”). Tax file numbers, medicare numbers, and other CGIs cannot be adopted, used as the only identifying label for a client, or disclosed.
  • Anonymity. Where it is possible and lawful to do so, individuals can choose not to identify themselves.
  • Transborder Data Flows. Cross border data flows can occur only where the recipient of the information is subject to a law similar to the NPPs, or where the customer has agreed, or if the transfer is necessary for completion of the sales contract.
  • Sensitive Information. Cannot be collected unless the customer has agreed.