What is eCommerce Compliance?
Millions of online shoppers around the world share their private data with eCommerce websites, in return for a customized and streamlined consumer experience. It is upon the merchants to guard that information and make sure it is not misused.
Unfortunately, high-profile data breaches are a common occurrence, and consumers are demanding tighter protection of personal data. Increasingly strict regulations control the collation, storage, and use of personal data. To succeed, software and SaaS companies are forced to constantly update their best practices to protect their customers and stay compliant with regulatory and industry standards.
In this article, you will learn:
- Which 5 Compliance Requirements are Applicable to Most eCommerce Businesses?
- What is the Prevent All Cigarette Trafficking (PACT) Act?
- eCommerce and PACT Compliance with BlueCheck
Which 5 Compliance Requirements are Applicable to Most eCommerce Businesses?
How to comply
Under most regulatory frameworks, privacy policies and related documents (see below) should be regularly updated and clearly accessible on your website.
2. Cookie Management
Cookies are small scripts sent by web servers and stored on computer browsers for a variety of reasons, including analytics, integration with social networks, remarketing advertisements, maintaining user sign-in and preferences, and enhancing the user experience.
How to comply
3. Terms and Conditions
Terms and conditions formalize the relationship between a provider and a user, a merchant and a client. They set forth the manner in which the client must be treated and the manner in which a client may use a service and its corollaries. The document is legally binding, and states that the use of a site serves as a de-facto agreement by the user to the terms.
Terms and conditions not only protect the client; they protect the supplier, as well. For the client, they determine user rights, cancellation policies, and so forth; for the supplier, they are invaluable protection against potential liability.
How to comply
eCommerce websites must have terms of services in place, which should be reviewed by a legal counsel. Misuse of a product can sometimes cause personal, financial, or even physical harm, and responsibilities must be legally defined to minimize risk and liability, while providing reasonable protection for the buyer.
As privacy laws around the world become stricter, it is important to require buyers to tick a box in order to explicitly agree to the terms of service, and not merely assume they agree to the terms by browsing the site (known as a browsewrap agreement).
Terms and conditions should cover, at a minimum:
- The rules shoppers should follow when purchasing from the eCommerce site
- Pricing and payment terms, including legally required disclosures on consumer rights such as cancellation and withdrawal
- User/client behavior and grounds for dismissal or withdrawal of services
- Limitation of liability and protection of intellectual property or trademarks
- Disclosure of affiliation and marketing programs
4. Valid Records on Customer Consent
The European Union’s General Data Protection Regulation (GDPR) requires suppliers to maintain valid records of consent for processing the personal data of their clients. Consent without a valid recording mechanism renders the consent invalid.
How to comply
When collecting personal data using email or newsletter forms, subscriptions, and so on, if your clients are citizens of the European Union, the law requires consent to process this data. Cookies are currently not governed by GDPR, and are governed by the EU’s ePrivacy directive (2002/58/EC, amended by 2009/136/EC).
5. Records of Processing Activities
To be within European law, the GDPR requires valid records of data processed for EU-based clients, especially by eCommerce entities.
How to comply
Entities with 250 or more employees that collect sensitive and/or personal data, whose regular processing activities could impinge upon the rights or freedom of EU citizens, must maintain records of processing activities.
What is the Prevent All Cigarette Trafficking (PACT) Act?
The US Congress added restrictions on shipping vape products to its 2021 omnibus spending bill that provides relief for the coronavirus pandemic. The “Preventing Online Sales of E-Cigarettes to Children Act” requires the US postal service to create regulation to prevent mail deliveries of products containing nicotine or cannabis within 120 days. It also forces those transporting nicotine or cannabis vaping products to adhere to the Prevent All Cigarette Trafficking (PACT) Act, a part of the Jenkins act.
The legislation applies to e-liquid and devices that contain no nicotine, only CBD, or THC oil. Devices are those that deliver, through an aerosolized solution, nicotine, flavor, “or any other substance to the user.”
Under current legislation, retailers must:
- Register with the office of the U.S. Attorney General, with the federal government, and with tobacco tax administrators in a state that requires it.
- Verify customer age using publicly available datasets.
- Use shipping services that require a signature by an adult upon delivery
- Collect local/state taxes, and add tax stamps to products.
- In states that have a tobacco tax administrator, send a list of tobacco transactions including names, addresses, product names and quantities.
- Keep a record for at least five years of any case of “delivery interrupted because the carrier or service determines or has reason to believe that the person ordering the delivery is in violation” of the PACT regulation.
Sellers who are in violation may face fines up to $10,000 per violation, and up to three years in prison.
eCommerce and PACT Act Compliance with BlueCheck
At BlueCheck, we provide the best identity verification infrastructure to grow your business. We move faster to build solutions tailored to the needs of our customers, including PACT Act and eCommerce compliant offerings. Schedule a call with BlueCheck Solutions Advisor today to learn more.