E-business security, privacy, and legal requirements

There are several strategies that can help you reduce the risks you and your customers face when doing business online. Be aware of these risks and take steps to deal with them before they become problems.

Protecting your clients

It is important to earn consumer trust online because your customers want to be protected against fraud. Make use of security certifications and encryption technologies that make your website safer to use, and display any accompanying logos signifying that your website is safe. Immediately notify your clientele of any breaches in security.

Your clients want to protect their privacy, so avoid asking them for more information than is necessary. When you send electronic messages to your customers be sure that you are compliant with the requirements under Canada's anti-spam legislation, including obtaining consent.


Just as you would protect your physical business, you need to ensure the online security of your operations and your customers.


When you do business with a customer over the Internet, you often collect information that can potentially be useful outside of the transaction. If you use any of that information in a way which can be linked back to the customer and without the customer's knowledge or consent, you are violating their privacy rights. It is up to you to properly destroy that information or to keep it secure.

If you collect, use or disclose personal information about individuals, you need to understand your privacy obligations.

Privacy policy

In addition to the way privacy laws apply in the offline world, there are some things to think about when dealing with the Internet and e-business.

You should fully understand how your business carries out relevant privacy law requirements.

  • If you collect personal information via your website, you should develop a proper and legally compliant privacy policy and post it in a readily visible location on your website.
  • If you use Web cookies or similar identifiers to track visitors, you need to let visitors know by posting a policy on the website.
  • Depending on the circumstances, you may need to get consent before profiling someone online.

Keep in mind that some people do look for privacy policies and might not want to do business with you if you do not have one in place. A properly drafted privacy policy or statement will not only minimize your legal risk but it can serve a marketing function as well, allowing you to attract and retain customers who are looking for security.

If you create a policy, follow it precisely. Failing to do so is an invitation for disaster, including not only possible legal problems but also injury to your reputation and goodwill.

It is important to review the policy even after it has been posted. It should be revisited regularly to determine whether or not it is still accurate and to evaluate whether or not it should be revised according to your business goals and objectives.

Credit and debit card handling

Your e-commerce business depends on trust between you and your customers. Violating that trust can have disastrous effects, not only on you, but on your partners in e-commerce, such as your bank, payment gateway and credit card company.

Legal requirements for e-business

In general, all existing laws that apply to traditional commerce apply equally in an electronic environment. These include things like laws governing business incorporation, business name registration, taxation, consumer protection, deceptive advertising, importing/exporting, product safety, product standards, criminal code, inter-provincial trade treaties, intellectual property and liability. Your business, regardless of its size, must comply with the laws of any jurisdiction, both within and outside of Canada, where it is deemed to be conducting business.