Monday, April 6, 2020


Businesses have been forced to close their brick and mortar stores. We are all practicing safe distancing. People are working remotely. COVID-19 has already had a significant impact on how we conduct business. 

While the digital transformation was well underway before COVID-19, the transition to more vigorous and expansive e-commerce has never been more apparent. Amazon was set to hire over 100,000 new employees by April 1. Zoom has replaced all face-to face business meetings. Virtual interactions are the new norm. 

Nearly all companies now use some form of online or mobile websites and social media to promote their businesses, sell goods or services, conduct business transactions, and connect and communicate with customers, clients, or other businesses. 

For businesses that already enjoyed a robust e-commerce presence, now is a good time to review and enhance e-commerce strategies. For those businesses with a limited or non-existent online presence, their very survival may require a fresh look at e-commerce.

If you do not have a website, or if it has been a few years since you last gave your site a facelift, now is the perfect time to work on your e-commerce presence to make sure you are well positioned in the new economy. 

Here are some legal issues to consider, as well as some practical steps a business to take, to minimize your risk when operating an e-commerce business:

  1. Agreements with Online Service Providers. Your website may be your primary contact with customers, so customizing it to express your own unique style can provide some competitive advantage. When hiring a vendor to design your website, make sure you have an appropriate agreement in place. The agreement should not only cover commercial issues (such as payment and completion schedule) but also address intellectual property ownership, third-party rights clearance, information security and confidentiality, and search engine optimization practices. If the vendor will be hosting your site and customer data, make sure you consider how to handle liability for any data breach, service levels, the return of customer data, and transition assistance upon termination. Linking and framing, clickware (and shrinkware), and metatag use should also be considered.
  2. Customer Agreements. Legal contract principles apply to transactions conducted online. This means that each online contract requires an offer, acceptance, and consideration. Make sure that any subscription agreements, terms of use, or other customer-facing agreements satisfy such basic legal principles. If users are able to post content, include appropriate notices and disclaimers to limit the company's liability. What jurisdiction and governing law apply and is arbitration mandatory? 
  3. Domain Name Selection. Domain names serve as your street address on the internet. Be wary of any third-party trademark rights that may attach to a particular URL. Your use of a domain could violate a third party’s trademark rights.
  4. Intellectual Property. Safeguard unique and proprietary content that appears on your website or social media pages from unauthorized commercial exploitation by using a ™, ®, and/or © symbol in connection with prominent placements of trademarks and copyrights. Register important intellectual property to perfect ownership and obtain enhanced rights and remedies. Review content and any material before display or launch to ensure that no infringing material is published and no confidential proprietary information is inadvertently disclosed.
  5. Update Website Privacy Policy and Terms of Use. Vast amounts of customer information will be collected via the website through customer registration and as part of the purchasing process. The collection, use, and sharing of any personal data is now protected and restricted by global data privacy and protection laws and regulations. Make sure your website privacy policy and terms of use are prominently displayed, carefully drafted, and current with all relevant data privacy and security laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy act (CCPA). The CCPA became effective January 1, 2020 and requires specific disclosures in the privacy notice and actions to comply with data access rights afforded California residents. The CCPA also allows for a private right of action with statutory damages and enables class action lawsuits against a business that experiences a data breach if it failed to implement reasonable data security. Despite efforts to delay CCPA enforcement set to commence July 1. 2020, the California Attorney General has announced that it will not delay enforcement due to Covid-19. 
  6. Review Your Use of Social Media, Email, and Text Messaging for Marketing Purposes. Make sure administrative access and control of social media accounts such as Facebook are current. Use of email and text messaging to reach customers must comply with laws such as CAN-SPAM and the Telephone Consumer Protection Act. Failure to do so could result in expensive litigation.
  7. When Selling Third-Party Products Online, Consider Contracts With Such Third Parties and Potential Liability. Some companies operating online marketplaces have faced multiple lawsuits for defective products such as blenders, coffee makers, and hair dryers based on claims of strict liability, negligence, and breach of warranty.   The terms of use on your website should explain your relationship with both customers and vendors and specify what rights a customer has to cancel or return purchases. 
  8. Managing a Data Breach. It is not a question of if you will experience a data breach, but of when. The CCPA private right of action in the event of a data breach is good reason to conduct a data security audit as necessary to make sure that your business is ready to handle and respond to any unauthorized access of your system and any customer data. Every business should have in place an incident response plan and information security program that describe how it handles discoveries of unauthorized access of data and what security safeguards, policies, and procedures are in place. If you experience a data breach you may have obligations to report the breach to the state attorney generals and any individual whose data is compromised. The obligation to notify will be based on the state law where the individual is a resident. All 50 states now have data breach notification statutes with varying definitions of what constitutes a notifiable data breach.  The move to remote working raises additional new cybersecurity issues.
  9. Consider Insurance. Insurance can be a useful tool to mitigate risk relating to a data breach by covering computer forensic, legal , notification, and other costs related to such breach as well as coverage to limit financial exposure for online tort and intellectual property right infringement claims, and certain website-specific practices such as hyperlinking, framing, using metatags, and banner advertising.

These are unprecedented times. Businesses must find ways to stay relevant and current. A solid e-commerce strategy may not only have an impact on the present, but give you a competitive advantage when it is safe to reopen your doors in the ever-expanding digital marketplace.

No comments :

Post a Comment