Chip Cooper is a leading attorney representing software and ecommerce businesses nationwide in the areas of intellectual property, software, and ecommerce law. Chip's online contract drafting service drafts Terms of Use, Privacy Policy, Subscription, Membership, and SaaS agreements for ecommerce websites. Visit Chip's http://www.digicontracts.com/ site and download his FREE report, "12 Sure-Fire Ways Your Website Can Get You Sued".
Generally, you are required to protect personal information stored on your website's server by implementing reasonable and appropriate data security measures. If you fail regarding this general requirement, you will be subject to claims from website visitors whose information has been compromised.
In addition, the Federal Trade Commission (FTC) continues to aggressively file suits for security violations under Section 5 of the FTC Act which prohibits unfair or deceptive practices.
A good example is the enforcement action brought by the FTC against LifeIsGood.com for failure to implement reasonable and appropriate data security measures. This case is significant because the FTC expects all sites to follow guidelines provided in the settlement of the case.
Lifeisgood.com's Privacy Statement
Life Is Good collected sensitive consumer information, including names, addresses, credit card numbers, credit card expiration dates, and credit card security codes through its website. Its privacy policy claimed: "We are committed to maintaining our customers' privacy. We collect and store information you share with us - name, address, credit card and phone numbers along with information about products and services you request. All information is kept in a secure file and is used to tailor our communications with you."
The FTC Claims
The FTC alleged that, contrary to its privacy policy, Life Is Good failed to provide reasonable and appropriate security for the sensitive consumer information stored on its computer network.
Specifically, the FTC alleged that Life Is Good:
1. unnecessarily risked credit card information by storing it indefinitely in clear, readable text on its network, and by storing credit card security codes;
2. failed to assess adequately the vulnerability of its Web site and corporate computer network to commonly known and reasonably foreseeable attacks, such as SQL injection attacks;
3. failed to implement simple, free or low-cost, and readily available security defenses to SQL and similar attacks;
4. failed to implement security measures that are available on the open market to monitor and control connections from the network to the Internet; and
5. failed to employ reasonable measures to detect unauthorized access to credit card information. The Settlement
In its settlement with the FTC announced in a press release dated January 17, 2008, Life Is Good agreed to implement the following 5 administrative, technical, and physical safeguards in the future. These 5 safeguards are 5 excellent tips -- delivered straight from the FTC -- that you should also follow:
1. Designate an employee or employees to coordinate the information security program.
2. Identify internal and external risks to the security and confidentiality of personal information and assess the safeguards already in place.
3. Design and implement safeguards to control the risks identified in the risk assessment and monitor their effectiveness.
4. Develop reasonable steps to select and oversee service providers that handle the personal information of customers.
5. Evaluate and adjust its information-security program to reflect the results of monitoring any material changes to the company's operations, or other circumstances that may impact the effectiveness of its security program.
Conclusion
Sometimes form is as important as substance. What I mean is how you do something, and the fact that you documented it at the time you actually did it, is sometimes just as important as the fact that you did it.
The settlement safeguards in the Life Is Good case are a prime example. Simply having what you believe is a good data security program is one thing, but being able to document that you went through the steps outlined by the FTC is another.
The Life Is Good case points the way to what will work for data security. So, it's highly recommended that you set up a filing system that preserves your documentation and indicates you went through these steps, and when you did it. Then set up a tickler to remind you to go through the steps on an annual basis.
We know that there is no data security program that is 100% safe from illegal intrusions. If you have an unfortunate data security breach, it's likely the FTC or a state regulator will come knocking at your door. That's why it's so important for you to be able to produce a file that clearly shows you implemented reasonable and appropriate data security measures in accordance with the FTC guidelines.
The future of your business may depend on it!
- Related Videos
- Related Articles
- Ask / Related Q&A
- Website Privacy Policy for Product Creation Synergy!
- Website Privacy Policy for Product Creation Synergy!
- Website Privacy Policy for Product Creation Synergy!
- Gain Their Trust: Privacy Policy
- Why Your Online Business Needs a Privacy Policy
- 7 Tips to Protect Your Online Privacy
- About Internet Privacy Rights
- A Virtual Assistant Needs A Website That Is A Client Magnet!
Do Not Make These Mistakes when Setting Goals for Your Online Income Business
By: Michelle Jayes | 20/12/2009In this article we will talk about setting goals particularly as they pertain to your internet based business, and how to avoid some of the mistakes made when setting these goals.
Is Article Marketing Really Article Advertising?
By: George Lazoryszak | 20/12/2009Here are a few ideas on is article marketing really article advertising?
Why Building Links to Your Website is Important
By: Tom P Kearns | 20/12/2009Learning your way around the internet is a feat that drives fear in the heart of the mortal, non-techie regular guy. Regardless, the world of computers and the internet will certainly not go away. Attention must be paid. In this unstable global economy, a business person must make themselves known to...
Four Essential Tips That Will Guarantee Loyal Customers
By: Jason W Tarasi | 20/12/2009Discover why good customer service is the single most important thing you can do for your business.
Easy Affiliate Marketing - 5 Easy Steps!
By: Riley West | 20/12/2009Have you ever seen one of those "plans" or "programs" called something like "Affiliate Marketing Riches" or "Make Millions On Squidoo" and read their sales pages? Did you ever buy one? I have. Did you ever make any money after buying one of these? I have. But mostly I didn't.
Affiliate Marketing Training: How To Build Your Business Successfully
By: Alison Wood | 20/12/2009When you are first starting out in affiliate marketing it is important to follow an affiliate marketing training plan, in order to avoid setting off in a hundred different directions but not actually getting anything achieved. It only takes a little bit of effort at the beginning to completely simplify your affiliate marketing plan, and this is effort that will quickly put you in profit rather than going round in circles and getting nowhere.
Does My Business Need Search Engine Marketing?
By: John King | 20/12/2009What exactly is search engine marketing or SEM and why is it important? As more and more people are taking their business online, search engine visibility becomes increasingly crucial to their success. I look at what's involved.
Using Twitter and Facebook
By: Andrew Plimmer | 20/12/2009Wondering how to use social media to promote your business? Find out how to leverage Twitter and Facebook to get your business known by the internet community.
Your SaaS Agreement - Which End-User Agreement Approach is Right For You?
By: Chip Cooper | 08/12/2009 | InternetIf you offer software as a service (SaaS), your choices among contracting approaches for users include an electronic, click-wrapped agreement or a more traditional paper-based, signed agreement - or even a hybrid of these two approaches. How do you decide which approach is right for you? What are the factors to consider?
Cliffsnotes for Online Marketers To Avoid FTC Liability From Affiliates and Resellers
By: Chip Cooper | 14/11/2009 | InternetDo you recruit bloggers and other intermediaries to write testimonials and endorsements (think affiliates or resellers)? If the answer is "yes", the FTC says you're liable if they fail to disclose a material connection to you or misrepresent your product or service. This Cliffsnotes-style article cuts through the mis-information and legaleze, providing online marketers with clear cut guidelines to avoid liability.
CliffsNotes For Bloggers To Avoid The FTC's $11,00 Fine For Endorsements
By: Chip Cooper | 26/10/2009 | InternetIf you've already read - and clearly understand - the 81-page FTC Guides for the use of Endorsements then read no further. However, if you're a blogger, and you're not quite sure about how to decipher the legaleze or how to comply with the Guides, then this article may be for you... particularly if you're more than a little concerned about avoiding the $11,00 fine for non-compliance.
Do You Own Your SaaS Website? Part 3 - Your Opt-In and Customer Lists
By: Chip Cooper | 30/09/2009 | InternetWhen you think about ownership of your website, you're probably thinking of the typical website elements - web pages, content, and background software. Right? Have you ever considered that your opt-in and customer lists may be worth more than all of the typical website elements combined? You should. And a purchaser of your website business probably will. Have you protected and enhanced the value of these lists?
Do You Own Your SaaS Website? Part 2 - Have You Considered Pre-Existing Elements?
By: Chip Cooper | 14/09/2009 | InternetBack in the day, most websites were developed completely from scratch; determining ownership was relatively easy. These days, the typical website bundles pre-existing elements. If you have any interest in selling your SaaS website in the future, you must not only secure clean ownership regarding the intellectual property, but also you must acquire all of the necessary use rights for the pre-existing elements licensed in.
Do You Own Your SaaS Website? Part 1: 5 Copyright Myths Debunked
By: Chip Cooper | 26/08/2009 | InternetYour SaaS website represents an important investment. It may produce income for you - maybe even a lot of income... either now or in the future. What if someone made you an offer to buy your website - an offer you can't refuse? Do you really own your website and all of its components? Could you transfer clear ownership to the buyer? Or does the deal fall through because, upon close examination, you really don't own it - or key parts of it?
New Consumer Tracking Rules Make it Easier to Flunk Website Legal Compliance
By: Chip Cooper | 12/08/2009 | InternetLet's suppose you want to track behavioral data indicating how users use your website. You provide a notice of your tracking plan in your end user license agreement accompanying the tracking software, and also in your privacy policy. Should you feel confident that you've covered all the bases in terms of website legal compliance? "No", says the Federal Trade Commission, as it issued new rules in the Sears.com settlement.