E-business security, privacy and legal requirements 

There are several strategies that can help you reduce the risks you and your customers face when doing business online. Be aware of these risks and take steps to deal with them before they become problems.

Protecting your clients

It is important to earn consumer trust online because your customers want to be protected against fraud. Make use of security certifications and encryption technologies that make your website safer to use, and display any accompanying logos that signify that yours is a safe website. Alert your clientele to any breaches in security at once.

Consumers also want to protect their privacy, so avoid asking them for more information than you require. By the same token, unsolicited emails can damage the trust you have worked hard to develop. Make sure you conduct any follow-up in a way that cannot be construed as spam.

• Credibility Campaign: Consumer Reports Webwatch Guidelines

  This list of five policies could help you develop a credible website.

Security

Just as you would protect your physical business, you need to protect the online security of your operations and your customers.

• Get Cyber Safe – Protect Your Business

  Learn how to protect your business and safeguard private information.

• Payment Card Industry Security Standards Council

  If you handle debit and credit cards in your business, learn about applying information security best practices outlined in the Payment Card Industry Data Security Standard.

Privacy

When you do business with a customer over the Internet, you will collect quite a bit of information which can potentially be useful outside of the transaction. Make sure you have the customer's knowledge and consent if you plan to use any of that information in a way that can be linked back to them. If you use any of that information, in a way which can be linked back to the customer and without the customer's knowledge or consent, you are violating their privacy rights. It is up to you to properly destroy that information or to keep it secure.

• Privacy and your business

  If you collect, use or disclose personal information about individuals, you need to understand your privacy obligations and find out how to implement appropriate privacy policies and procedures.

Privacy policy

In addition to the way privacy laws apply in the offline world, there are some things to think about when dealing with the Internet and e-business.

You should fully understand how your business carries out relevant privacy law requirements.

• If you collect personal information via your website, you should develop a proper and legally compliant privacy policy and post it in a readily visible location on your website.
• If you use web cookies or similar identifiers to track visitors, you will probably want to let visitors know by posting a policy on the website.
• Depending on the circumstances, you may need to get consent before profiling someone online.

Keep in mind that some people do look for privacy policies and might not want to do business with you if you do not have one in place. A properly drafted privacy policy or statement will not only minimize your legal risk, it can serve a marketing function as well, allowing you to attract and retain customers who you are looking for security.

If you create a policy, follow it precisely. Failing to do so is an invitation for disaster, including not only possible legal problems, but also injury to your reputation and goodwill.

It is important to review the policy even after it has been posted. It should be revisited regularly to determine whether or not it is still accurate and to evaluate whether or not it should be revised according to your business goals and objectives.

Credit and debit card handling

Your e-commerce business depends on trust between you and your customers. Violating that trust can have disastrous effects, not only on you, but on your partners in e-commerce, such as your bank, payment gateway, and credit card company.

• Payment Card Industry Security Standards Council

  If you handle debit and credit cards in your business, learn about applying information security best practices outlined in the Payment Card Industry Data Security Standard.

Legal requirements for e-business

In general, all existing laws that apply to traditional commerce apply equally in an electronic environment. These include things like laws governing business incorporation, business name registration, taxation, consumer protection, deceptive advertising, importing/exporting, product safety, product standards, criminal code, inter-provincial trade treaties, intellectual property and liability. Your business, regardless of size, must comply with the laws of any jurisdiction, both within and outside of Canada, where it is deemed to be conducting business.

• Inter absentes contracts in French only
  Applies only to: Québec

  Find out about your business requirements and certain conditions related to contracts for sales made at a distance, via Internet, telephone or email.

• E-Business and Selling to Customers Outside of Ontario
  Applies only to: Ontario

  Get information about the requirements for selling products over the Internet to customers outside of Ontario.

• Taxes, GST/HST

  Learn how to manage and understand the many forms of taxation that may affect your business.

• Canada's Anti-Spam Legislation

  Get information on anti-spam laws and how they affect your business.

• Conducting business on the Internet

  Find out about tax rules, regulations and requirements when doing business online.