Article Directory :: Internet Marketing/Online Business Articles

SaaS And Ecommerce Businesses -- Are You Liable For Failure To Bind Your Service Providers?

By Chip Cooper

Subscribe to Chip Cooper's RSS feed using any feed reader!

Republish: EasyPublish
Published: 30Mar2009
Word count: 653
Viewed: 527 time(s)
Bookmark this article using any bookmark manager!
Get Free Content For Your Site

Copyright 2009 Chiup Cooper

If you've been following legal developments on the Web in the last couple of years, you know that there is significant concern regarding privacy and data security. This concern is driven by consumers' fears over identity theft.

The Life Is Good Case - 5 Data Security Safeguards

In a well-known case filed against Lifeisgood.com, the Federal Trade Commission (FTC) announced in a press release dated January 17, 2008, that Life Is Good agreed to implement the following 5 administrative, technical, and physical safeguards for data security:

1. Designate an employee or employees to coordinate the information security program.

2. Identify internal and external risks to the security and confidentiality of personal information and assess the safeguards already in place.

3. Design and implement safeguards to control the risks identified in the risk assessment and monitor their effectiveness.

4. Develop reasonable steps to select and oversee service providers that handle the personal information of customers.

5. Evaluate and adjust its information-security program to reflect the results of monitoring any material changes to the company's operations, or other circumstances that may impact the effectiveness of its security program.

FTC Recommendation No. 4 -- Ignore It At Your Peril

In dealing with my ecommerce clients, I've discovered that the recommendation that is followed least is Recommendation No. 4 -- bind your service providers.

All too often, even the most diligent ecommerce and SaaS businesses focus exclusively on internal security measures in developing their data security policy and program. As the FTC reminds us with recommendation No. 4, it's also very important to consider implementing data security measures in the form of contractual requirements binding service providers who have access to your site -- and to your site's databases where personal information is stored.

The Influence of The Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLB) is a federal statute that permitted consolidation among businesses in the financial services industry. GLB also provided requirements for financial services businesses to protect the security of consumer's financial information.

Prior to the Lifeisgood.com case, the FTC sued financial service companies in a series of cases known as the "Safeguards Cases" for failure (among other things) to "require service providers, by written contract, to protect consumers' personal information". This requirement has now found its way into the FTC's claims against businesses that are not in the financial services sector, as indicated by the FTC's case against Lifeisgood.com.

The Scenario To Avoid

So, this is the classic liability scenario: you own operate a website that sells goods or services, but you outsource certain functions to a website hosting, SEO, or website maintenance service provider. These service providers' services are viewed by your customers as provided by you. If a service provider violates a privacy law or creates a data security breach, then -- you guessed it -- your customers who are damaged will seek to hold you liable.

What To Do?

To avoid liability, you should bind your service providers that have access to personal information with legally enforceable agreements. In these agreements, your service providers should agree to abide by your privacy and data security requirements.

In addition, consider the following points for these agreements:

* representations and warranties -- including (i) that your privacy policy requirements will be followed, (ii) that entering into the contract does not violate another agreement, and (iii) all applicable privacy and data security laws will be followed;

* notices, audits, reports, and controls -- including (i) notice of change in privacy or data security practices, (ii) notice of any data security breach, (iii) right to audit at least annually, and (iv) records requirements; and

* indemnities -- including any breach of representations and warranties.

It will be difficult to negotiate an agreement that provides all of the foregoing safeguards; however, merely bringing them up for discussion will nail home the point that you're serious about privacy and data security. At the very least, your agreement should provide for basic levels of privacy and data security protection.

Leading Internet, IP and software attorney Chip Cooper helps small websites achieve website legal compliance with his online contract drafting service - now, your website legal compliance doesn't have to be complicated or expensive. Discover how easy it is to be in compliance in today's highly regulated environment by claiming your FREE Special Report, Determine Which Legal Documents Your Website Really Needs, at ==> http://digicontracts.com/

Bookmark this article using any bookmark manager! Subscribe to Chip Cooper's RSS feed using any feed reader!

EasyPublish™ this article - publishers click here

More articles by Chip Cooper

Free Report!
Ten Essential Secrets Of Article Marketing ... Grab Your Free
Copy Now:




We respect your privacy.

Need Content?
Regular Top Quality Content for your Blog, Ezine or Website ...
Delivered Direct,
For Free!
Click For Details


Arts & Entertainment
Automotive
Business - General
Computers & Technology
Finance & Investment
Food & Drink
Health & Fitness
Home & Family
Internet Marketing/Online Business
Legal
Pets & Animals
Politics & Government
Reference & Education
Religion & Faith
Self-Improvement/Motivation
Social
Sports & Recreation
Travel & Leisure
Writing & Speaking

More internet marketing articles:

  • Online Marketing Strategies You Need to Know (Cynthia Minnaar)
    It is essential for the health of your organization to choose the right online marketing strategy. You should market yourself, your product, or your ideas online. It is important to avoid being the jack-of-all-trades and master of none.

  • Easy Ways To Successfully Market Your Articles (Andrew Gallop)
    You really couldn't believe just how powerful articles are when it comes to marketing a business online. However, believing is about seeing, and you can see the true results of article marketing with the use of tips like these. These tips can give you a heads up in the way you can promote your business effectively and efficiently, with the use of a few great articles.

  • Online Business At Home - What Are The Necessary Business Building Tools To Use? (Jeff Schuman)
    Being the owner of an online business at home is smart for anyone these days. However, if you are going to own your own business then you need to be made aware of the necessary business building tools that will help you make it successful.

  • The Right Seo Company (Alem Vel)
    This article is about choosing the right seo company and what to look for.

  • What The Experts Know About Article Marketing! (Andrew Gallop)
    An article is something that appears so simple to the untrained eye, but requires such complex techniques to build and market properly. The methods used are varied and change drastically across the web, depending on the site or company. However, some of the same core principles are always used and reused when you want success and they will be discussed here.

We Automatically Distribute Articles
To Thousands Of Publishers And Web Sites:
Submit Article
All content is viewed and used by you at your own risk and we do not warrant the accuracy or reliability of any of the information. The views expressed are those of the individual contributing authors and not necessarily those of this web site, or its owner, Takanomi Limited.
  
Copyright © 2012 Takanomi Ltd. Company no. 5629683. All rights reserved. | Privacy | Legal | Contact Information