In the early, heady days of the Internet, it seemed as though this living network of knowledge would transcend time, borders, and the reach of state and national governments. But in the past few years, many sheriffs have entered the Wild Wild West that was the World Wide Web, laying down the law. While most of us were not looking, the Internet has become a regulated space. Intense legislative activity at the state, national and international level has created a confusing and often conflicting array of rules relating to online privacy, intellectual property, Internet advertising and commercial e-mail, among other issues.
And like the sheriffs of the old West, government regulators are enforcing the new rules vigorously. Increasingly, companies are finding themselves in violation, incurring costly fines, damages and legal fees, as well as being forced to surrender valuable business information. Well-established companies, such as Amazon.com, Eli Lilly and ToysRUs, have been found in violation of online privacy rules, and Amazon.com was forced to pay almost $2 million in damages.
As these examples show, one of the most troublesome areas is online privacy. All companies collecting personally identifiable information online should develop a privacy policy, post it on their web site, and strictly adhere to it. This requires companies to fully understand their information needs, how they store, transfer and manage information, with whom they share it, and how they protect it. Liability can result if the posted privacy policy does not reflect actual practice.
Commercial e-mail—or spamming—also is a source of trouble. More than 20 states have enacted laws regulating commercial e-mail, and most of these impose hefty fines. California, for example, imposes a fine of $500 per message. To protect themselves, companies should, at a minimum, disclose their identity, offer customers a real opportunity to opt out of receiving future communications, and include a clear and truthful subject line in every message.
Other problem areas include disputes over domain names, and cases in which state regulators seek to enforce their state’s laws against a company whose only presence in the state is through an interactive web site. Companies engaging in any online business activity that is regulated at the state level need to pay special attention to these complex jurisdictional issues.
The message for companies engaged in e-Business is clear: Ignore Internet rules at your own peril. Luckily, this is an area in which some up front planning can greatly reduce a company’s exposure to liability. It is a good idea to conduct a complete audit of each company’s e-Business activities from time to time, to identify and address areas of possible exposure to regulatory risk. In addition, companies should continuously monitor new legislative developments.
Kelly Carnes is President of TechVision21, a technology policy consulting firm. She also served as Assistant Secretary of Commerce for Technology Policy from 1997-2001.