Setting up your business on the Internet can be a lucrative way to attract customers, expand your market and increase sales. View free Online E-Commerce Course to learn how to build a website and manage an online business. For the most part, the steps to starting an online business are the same as starting any business. However, doing business online comes with additional legal and financial considerations, particularly in the areas of privacy, security, copyright, and taxation.
Rules and regulations for conducting e-commerce apply mainly to online retailers and other business that perform consumer transactions by collecting customer data. However, even if you do not sell anything online, laws covering digital rights and online advertising may still apply to you.
The Federal Trade Commission (FTC) is the primary federal agency regulating e-commerce activities, including use of commercial e-mails, online advertising and consumer privacy. FTC's E-Commerce Guide provides an overview of e-commerce rules and regulations.
The following topics provide further information on how to comply with laws and regulations related to e-commerce.
Most businesses collect and retain sensitive personal information from their customers and employees such as names, addresses, social security numbers, credit card numbers and other account numbers. Protecting personal information not only makes good business sense, it can also help you avoid legal problems. Depending on the type of data you are collecting, and who you are collecting it from, you may be subject to federal and state privacy laws. This guide explains which privacy laws apply to your business and how to comply with them.
Using its authority under The Federal Trade Commission Act, which prohibits unfair or deceptive practices, the Federal Trade Commission (FTC), enforces companies' privacy policies about how they collect, use and secure consumers' personal information. The FTC provides the following resources the help you develop privacy policies that take reasonable steps to secure your customer' data:
If one of your customers or employees is a victim of identity theft as a result of personal information you collected, you are required to provide information that assists the victim. The following resources explain the business owner's responsibilities, and provide practical advice on how to protect personal information against identity theft.
The Fair Credit Reporting Act regulates the collection, dissemination and use of consumer credit information. If your businesses uses credit reports to extend credit to your customers; as a pre-employment check for potential employers; or furnishes customer information to credit reporting agencies, there are rules and regulations you must follow to ensure privacy of credit information.
The Gramm-Leach-Bliley (GLB) Act protects consumers' personal financial information held by financial institutions, including band non-bank companies engaged in consumer loans, mortgages, tax preparation and returns, debt collection, credit counseling, and related businesses that deal with personal financing. There are three principal parts to the GLB's privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions enforced by the Federal Trade Commission.
The Financial Privacy Rule requires financial institutions to give their customers privacy notices that explain the financial institution's information collection and sharing practices. In turn, customers have the right to limit some sharing of their information. Also, financial institutions and other companies that receive personal financial information from a financial institution may be limited in their ability to use that information.
The Safeguards Rule, enforced by the Federal Trade Commission, requires financial institutions to have a security plan to protect the confidentiality and integrity of personal consumer information.
Pretexting is the use of false pretenses, including fraudulent statements and impersonation, to obtain consumers' personal financial information, such as bank balances. This law also prohibits the knowing solicitation of others to engage in pretexting.
The following resources provide information and assistance for businesses engaged in banking and consumer finance activities:
The Federal Financial Institutions Examination Council (FFIEC)'s Authentication in an Internet Banking Environment describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using online products and services. Examiners will review this area to determine a financial institution's progress in complying with this guidance during upcoming examinations.
The Children's Online Privacy Protection Act (COPPA) requires businesses to follow specific rules and regulations when collecting online data from children. The Rule applies to any commercial website or online service directed toward or collecting information from children under the age of 13.
The Federal Trade Commission offers several publications providing guidance to online businesses writing a COPPA compliant policy.
When consumers open an account, register to receive information or purchase a product from your business, they entrust their personal information to you, believing that you will take steps to protect their information. Threats to the security of information are varied - from computer hackers to disgruntled employees to simple carelessness. Protecting your computer systems with the latest security software is only part of the process of securing your customers' and your company's data. You need to take additional steps that protect information stored in these systems from falling into the wrong hands.
The following resources provide guidance to help your business develop an overall information security plan, that not only protects your computers, but information your company collects and stores.
If you a run business with a physical storefront, collecting sales tax is pretty straightforward: you charge your customers the sales tax required by the jurisdiction where your business is located. So, if you operate a retail store in Nashville, Tennessee, you collect both state and local sales taxes from customers buying merchandise at your store.
Now, suppose you start selling your products online. Does mean you charge them the same sales taxes on those coming into your store? It depends.
If your business has a physical presence in a state, such as a store, office or warehouse, you must collect applicable state and local sales tax from your customers. If you do not have a presence in a particular state, you are not required to collect sales taxes. In legal terms, this physical presence is known as a "nexus." Each state defines nexus differently, but all agree that if you have store or office of some sort, a nexus exists. If you are uncertain, whether or not your business qualifies as a physical presence, contact your state's revenue agency. If you do not have a physical presence in a state, you are not required to collect sales taxes from customers in that state.
This rule is based on a 1992 Supreme Court ruling (Quill v. North Dakota, 504 U.S. 298, (1992)) in which the justices ruled that states cannot require mail-order businesses, and by extension, online retailers to collect sales tax unless they have a physical presence in the state. The Court reasoned that forcing sellers to comply with over 7,500 tax jurisdictions was too complex for sellers to manage, and would put a strain on interstate commerce.
Keep in mind that not every state and locality has a sales tax. Alaska, Delaware, Hawaii, Montana, New Hampshire and Oregon do not have a sales tax. In addition, most states have tax exemptions on certain items, such as food or clothing. If you are charging sales tax, you need be familiar with applicable rates.
Determining which sales tax to charge can be a challenge. Many online retailers use online shopping cart services to handle their sales transactions. Several of these services are programmed to calculate sales tax rates for you
Selling your products online allows for immediate entry into the global marketplace. However, shipping your product overseas presents a few challenges if have little experience with taxes, duties, customs laws, and consumer protection issues involved with international commerce. If you are just getting started, the following resources will help understand legal and regulatory requirements when shipping overseas:
Certain types of merchandise are restricted for export such as nuclear, chemical, various electronics, computer, and telecommunications / information security equipment. These are subject to the Department of Commerce Bureau of Industry and Security's Export Administration Regulations Requirement.
An old cartoon in the New Yorker showed two dogs in front of a computer, and had the caption "On the Internet, Nobody Knows You're a Dog." The inherent anonymity of the Internet has fostered a number of shady advertising and marketing practices, such as unsolicited e-mail spam. Over the past decade, federal and state governments have passed additional advertising laws that protect consumer privacy and ensure fair and truthful advertising practices online. If you plan to advertise online -- whether you're buying ads on search engines or direct marketing through e-mail -- you'll need to understand some basic rules.
Personal data is not the only thing protected on the Internet. Digital works, including text, movies, music and art are copyrighted and protected via the Digital Millennium Copyright Act (DMCA). The DMCA offers a number of protections for information published to the Internet, as well as other forms of electronic information. Among its many provisions, the DMCA