Yes, Confidentiality Applies to eCommerce Stores

This is a guest post. If interested in submitting a guest post please read our guest posting policy.

It can be challenging to keep up with all of the laws as they change. As the last months of the business quarter count down to the end of the year, many of the laws and books are updated to reflect the changing standards. The one thing that has not changed, however, is the duty that every store owner owes to customers, and that is the duty of confidentiality in regards to financial transactions and financial related information.

No Absolute Duty Exists Yet

Several special interest groups actually attempted to create an absolute duty for all store owners, eCommerce and traditional. An absolute duty would mean that, no matter how cautious you are, if any of the financial or confidential information is leaked from your site, then you are liable. Fortunately, the ABA reports that this was not put into practice. eCommerce store owners must take reasonable steps to ensure the confidentiality of their customers’ information, and reasonability may be redefined. Currently, most states simply require that the pages be encrypted and the information stored in a secure location.

Respondeat Superior Still Applies

While no absolute duty has been found to exist for eCommerce stores and confidential information, respondeat superior still applies. Respondeat superior is the legal theory that what the employee does during the course of the business is under a legal responsibility for those actions. For instance, if you accept credit card payments online and allow your employee to assist with the transactions, then you could be liable if the employee makes a mistake and leaks the information. The one good thing though is that crimes such as embezzlement are not covered under respondeat superior. In other words, if your employee attempts to steal your customer’s information and use it for his own gain, you won’t be liable in most situations.

Industry Standard Influences Upward

The other thing to bear in mind with confidentiality is that it is not just the required laws. While the law sets a baseline, the industry standards can also set up additional requirements. Negligence and the duty of care are all influenced by how other businesses respond in general in the industry. This means that if other eCommerce stores typically use a higher bit rate for their encryptions speeds, then that will be considered the standard, even if the law requires a lower one. A common mistake, though, is to assume that this works both ways. It doesn’t. The industry standard is not applied when it goes lower than what the law requires. It only applies if it holds a higher one.

Handling confidentiality for financial and customer information can be a tremendous responsibility. All eCommerce stores have this basic responsibility, though fortunately an absolute duty does not yet exist. The way that your employees act with the money and the financial information does make a difference, and you will be responsible if they do anything wrong within the course of their business activities. Additionally, the standards required may be influenced by how other businesses handle their confidentiality standards.

Speak Your Mind

*