Using E-Commerce to Survive COVID-19
As businesses have been forced to close their brick-and-mortar stores and we are all practicing safe distancing, COVID-19 has already had a significant impact on how we conduct business by causing more people to work remotely and redefine how we conduct business.
While the digital transformation was well underway before COVID-19 the transition to more vigorous and expansive e-commerce has never been more apparent. Amazon was set to hire over 100,000 new employees by April 1 and Zoom has replaced all face-to-face business meetings. Virtual interactions are the new norm.
Nearly all companies now use some form of online or mobile websites and/or social media to promote their businesses, sell goods or services, conduct business transactions, and connect and communicate with customers, clients, or other businesses.
For businesses that already enjoyed a robust e-commerce presence now is a good time to review and enhance e-commerce strategies. For those businesses with a limited or non-existent online presence the very survival of their business may require a fresh look at e-commerce.
If you do not have a website, or if it has been a few years since you last gave your site a facelift, now is the perfect time to update your website and make sure you are well positioned for e-commerce.
Here are some legal issues and practical steps a business can take to minimize risks with operating an e-commerce business.
1. Agreements with Online Service Providers. Your website may be the primary invitation for your customers to consider and purchase products and services. It can be customized to express your own unique style and needs and provide a competitive advantage. When hiring a vendor to design your website make sure you have an appropriate agreement to not only cover commercial issues such as payment and deliverables but also addresses intellectual property ownership, clearance of third-party rights, data privacy, security and confidentiality, and search engine optimization practices. If a vendor will be hosting your site and customer data make sure you consider responsibility and liability for any data breach, service levels, the return of customer data, and transition assistance upon termination. Linking and framing, clickware (and shrinkware), and metatag use should also be considered. Agreements with service providers who process personal data on your behalf should be reviewed for compliance with the European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
3. Domain Name Selection. Domain names serve as your street address on the internet. In selecting your domain name be wary of any third-party trademark rights that may attach to a particular URL. Your use of a domain could violate a third party’s trademark rights.
4. Intellectual Property. Safeguard unique and proprietary content that appears on your website or social media pages from unauthorized commercial exploitation with proper use of a ™, ®, and/or © symbol in connection with trademarks and copyrights. When appropriate register copyrights and trademarks with the applicable authorities. Review content and any material before display or launch to ensure that no infringing material is published and no confidential proprietary information is inadvertently disclosed on your site.
6. Review Your Use of Social Media, Email, and Text Messaging for Marketing Purposes. Make sure administrative access and control of social media accounts such as Facebook are current. Use of email and text messaging to reach customers must comply with laws such as CAN-SPAM and Telephone Consumer Protection Act (TCPA). Failure to comply with the disclosure and consent requirements of the TCPA could result in expensive litigation.
7. When Selling Third-Party Products Online Consider Contracts With Such Third Parties and Potential Liability. Some companies operating online marketplaces have faced multiple lawsuits for defective products such as blenders, coffee makers, and hair dryers based on claims of strict liability, negligence, and breach of warranty.
8. Managing a Data Breach. It is not a question of if you will experience a data breach but when. The CCPA private right of action in the event of a data breach is good reason to conduct a data security audit as necessary to make sure that your business is ready to handle and respond to any unauthorized access of your system and any customer data. Every business should have in place an incident response plan and information security program that describe how it handles discoveries of unauthorized access of data and what security safeguards, policies, and procedures are in place. If you experience a data breach you may have obligations to report the breach to the state attorney generals and any individual whose data is compromised. The obligation to notify will be based on the state law where the individual is a resident. All 50 states now have data breach notification statutes with varying definitions of what constitutes a notifiable data breach.
The move to remote working raises new cybersecurity issues.
9. Consider Insurance. Insurance can be a useful tool to mitigate risk related to a data breach by covering computer forensic, legal, notification, and other costs related to such breach as well as coverage to limit financial exposure for online tort and intellectual property right infringement claims, and certain website-specific practices such as hyperlinking, framing, using metatags, and banner advertising.
These are unprecedented times that require businesses to find ways to stay relevant and current. A solid e-commerce strategy may not only have an impact on the present, but give you a competitive advantage when it is safe to reopen your doors in the ever expanding digital marketplace.
For additional information, please contact Michael Cohen or your regular Lathrop GPM attorney.