Seasoned ecommerce merchants likely have studied up on the various legal aspects and regulations related to the collection of consumer information, financial and otherwise. There are laws in place, both in the United States Code and in individual state statutes, with rather harsh consequences for violators.
Others of you who are small-time sellers might have given a thought to this issue, but not taken the time or effort to determine whether you are in compliance. That’s a big mistake.
Data protection is shaping up to be one of the most pressing factors of online activity in the 21st Century. Even with the advanced efforts from private entities developing new technologies as quickly as they can, it all goes awry when cracks form and bad actors create new and different reasons for these same virtual guardians to patch a new hole.
Online merchants face complicated, unusual challenges due to the lack of visibility and control over external services administering their websites, including the type and volume of data that is being collected. Even if you believe you have an agreement with a third-party, that doesn’t mean it isn’t farming out some of its duties to a fourth party with no such contractual relationship.