Want to make a million? Just set up your Web page, get a merchant account to take credit cards, lay off your staff and watch the money roll in from around the world.
If only it were really that easy. While the Internet offers unprecedented opportunities, it is not a license to mint money. On the 'Net you're no longer just competing with the company down the street, or across town, but with companies around the world. While the 'Net may be a consumer's paradise, it presents substantial challenges to business. Not the least of those are a variety of new legal questions created by the 'Net.
The issue receiving the most publicity these days is consumer privacy. Toys R Us has recently sued for sending out its customer databases for analysis by a third party. The plaintiffs have alleged that Toys R Us violated their privacy by disclosing this information without permission. Whether these plaintiffs have valid claims is open to some question. On-line privacy regulation is still in its infancy and it is difficult to point to any regulation Toys R Us has clearly violated. Neither is it obvious that Toys R Us breached its on-line privacy statement. The statement did not say that Toys R Us would not hire third parties to provide data analysis.
Such careful legalisms, however, do not change the fact that the suit is underway, and lawsuits are expensive. Toys R Us is a large company and presumably has the resources to handle the case and still get along with business. A smaller company, with more limited resources, might not have that luxury. Clearly, when creating your on-line store, you must give special attention to how you will handle customer information and what sort of representations you will make about privacy and confidentiality.
There are other aspects of privacy to consider. Where will your customer databases reside and how secure will they be? Unless you are a large and sophisticated vendor, you will probably hire someone to host your Web site. Put another way, you will rent space on a server owned and operated by someone else. Is that server secure? Is it protected against hackers? Are the lines leading in and out of the server protected against physical taps? Your Web site hosting agreement should answer all these questions. After all, if you are a successful on-line vendor, your customer databases probably contain many credit card numbers and expiration dates, not to mention card holder names and billing addresses. In short, your databases are attractive targets for thieves.
Important as all these high-tech security measures are, let's not forget some old fashioned exposures: dishonest employees. Is your customer information secured so it can't be stolen by your own personnel? What about your systems administrator? Administrators typically have access to all programs and databases.
Are you liable if someone penetrates your Web site and goes on a buying spree using your customers' credit card information? Do you want to find out?
There is a simple solution to this problem - don't take credit cards. Of course, that is no solution at all. An on-line store that doesn't take plastic won't do much business. Despite the convenience they offer, credit cards hold one more danger for on-line merchants. Let's presume you have cutting edge privacy practices and on-line security that would make the Los Alamos nuclear labs envious. What happens if you get hit with a mass of orders using stolen credit card numbers?
Closely related to this question of individual security is the issue of "spamming," or mass mailings of unsolicited e-mail. From a merchant's perspective, e-mail is a marketing tool with tremendous potential. No printing costs or postage are required. If your systems are sophisticated, the mailings can be tailored to the buying needs of your customers. But is it legal?
According to federal law, any unsolicited e-mail must contain a notice advising the recipient what to do to be removed from the mailing list. Thanks to this legislation, and the publicity this subject receives, it is probably easier to get off an e-mail list than off a traditional mailing list.
Let's assume your company hits it big. Everyone wants your widgets and orders pour in from around the world. How much sales tax do you owe? Where do you send it? Let's assume you're working from Wisconsin - do you send a check to Madison for sales to states with no sales tax? What about sales to California? Do you send a check to Sacramento?
Now let's make things really interesting. You live in Wisconsin, your Web site is based on a server in Florida, your orders ship from a warehouse in South Dakota and your business is incorporated in Delaware. Where do you send the sales tax checks?
Currently, most on-line merchants do not collect sales tax, or at least collect it only for a limited number of states. That makes Internet shopping even more attractive to consumers. Even Wisconsin's relatively low sales tax can add up over time, or after a few big-ticket items. Consumers should be aware, however, that Internet purchases are subject to Wisconsin's use tax.
The Internet offers tremendous opportunities. For a relatively small investment, anyone can compete in the global marketplace. Don't fritter away your new profits on new lawsuits resulting from poor planning or careless handling of sensitive information.