by Eric D. Morton
In today’s evolving digital landscape, the Internet offers incredible opportunities but also presents unique legal challenges. I am frequently asked by business owners how to stay compliant and avoid financial consequences. Unfortunately, I have also dealt with the legal fallout of missteps by companies.
I am writing to share some insights into common legal and practical issues that may be relevant to your business. Keep in mind that laws governing privacy and other matters are dynamic and vary from state to state as well as at the international level. Moreover, such laws cover a broad spectrum of issues, including marketing, taxes, security, and privacy.
1. Sales Tax Collection
This is often overlooked by businesses since sales tax for online sales were not collected for many years. Sales tax and state tax on sold items vary by destination. For example, an e-commerce business must collect sales and state tax if it has a presence in a state, like a store or warehouse. However, if the business sells to customers in a state where it has no physical presence, it’s not required to collect sales tax there. A notable exception is if a business leverages a third-party fulfillment service (such as Fulfillment by Amazon) with a presence in the state; this is considered a physical presence and sales tax must still be collected.
Many states also exempt certain items, such as food and clothing, from tax. While managing different state sales taxes may seem daunting, many e-commerce platforms offer shopping cart software that automatically calculates sales tax rates.
2. Privacy and Data Security
Privacy laws in the U.S. differ by state, with varying levels of protection. It is vitally important to understand the laws that specifically apply to your business. These laws will depend on your business’s location, industry, and size. If a business has a website, it must have a privacy policy. All privacy policies must, generally, inform the public what data the website collects and what it does with that information.
If a business is selling products or services online, it must have a detailed privacy policy that states what data is collected and how it is use. California law and other state laws also require a process in which consumers can obtain their data from a company and have it deleted if they so desire. Any company with an ecommerce site must have a plan for security breaches and theft of data.
All businesses that store, process, or transmit payment cardholder data must adhere to the Payment Card Industry Data Security Standard (PCI DSS), designed to protect consumers’ payment data and avoid severe penalties. PCI compliance is achieved by adhering to practices like installing firewalls, encrypting data, and using anti-virus software. This not only safeguards data but also helps in building trust with customers. Non-compliance can result in significant financial and reputational damages, including fines, lawsuits, and reduced sales, especially if a data breach occurs.
3. Marketing and Advertising Laws
Online marketing is subject to strict federal regulations to maintain ethical practices. Key among these is adherence to the CAN-SPAM Act, which governs the rules for commercial emails. This act outlines specific requirements for commercial messages, grants recipients the right to opt out of emails, and imposes severe penalties for non-compliance. Additionally, marketers must avoid making false claims and ensure transparent disclosure of endorsements or testimonials. As I have written in the past, having your friends post false testimonials on a company website or social media page violates Federal and state false advertising laws.
If you’re using email marketing software, it’s crucial to verify that the platform complies with the CAN-SPAM Act. Ensuring compliance not only aligns with legal requirements but also fosters trust and credibility in your marketing efforts. Use a reputable email marketing service that has automated systems for unsubscribes.
4. Copyrights
Under no circumstances should a business use images, photos, written text, music, or other copyright protected works on their websites or social media that are owned by others. Do not let copy and paste such content from else where on the Internet and put them on your site or social media pages. You will be discovered by web crawlers and you will receive a cease and desist and demand for money from an attorney for the owner. Ensure that personnel that are maintaining websites, or handling social media thoroughly understand this. All content on a website or social page should be owned or licensed.
4. Keep control
Business owners need to understand the issues around maintaining a website, online advertising, social media, and ecommerce. Do not allow one employee or outside consultant to control these things. Such personnel must have clear direction. It is very important that the owner must know keep administrative control of all relevant online accounts, domain names, website logins and the like. Most the problems that I see result from owners not controlling this important aspect of their business.
Eric D. Morton is the principal attorney of Clear Sky Law Group, P.C. He can be reached at 760-722-6582, 510-556-0367, or emorton@clearskylaw.com.
