E-business security, privacy, and legal requirements 

Filter by:  

There are several strategies that can help you reduce the risks you and your customers face when doing business online. Be aware of these risks and take steps to deal with them before they become problems.

On this page:

Protecting your clients

It is important to earn consumer trust online because your customers want to be protected against fraud. Make use of security certifications and encryption technologies that make your website safer to use, and display any accompanying logos that signify that yours is a safe website. Alert your clientele to any breaches in security at once.

Consumers also want to protect their privacy, so avoid asking them for more information than you require. By the same token, unsolicited emails can damage the trust you have worked hard to develop. Make sure you conduct any follow-up in a way that cannot be construed as spam.


    Just as you would protect your physical business, you need to protect the online security of your operations and your customers.


    When you do business with a customer over the Internet, you will collect quite a bit of information which can potentially be useful outside of the transaction. Make sure you have the customer's knowledge and consent if you plan to use any of that information in a way that can be linked back to them. If you use any of that information, in a way which can be linked back to the customer and without the customer's knowledge or consent, you are violating their privacy rights. It is up to you to properly destroy that information or to keep it secure.

    • Privacy and your business

      If you collect, use or disclose personal information about individuals, you need to understand your privacy obligations.

    Privacy policy

    In addition to the way privacy laws apply in the offline world, there are some things to think about when dealing with the Internet and e-business.

    You should fully understand how your business carries out relevant privacy law requirements.

    • If you collect personal information via your website, you should develop a proper and legally compliant privacy policy and post it in a readily visible location on your website.
    • If you use web cookies or similar identifiers to track visitors, you will probably want to let visitors know by posting a policy on the website.
    • Depending on the circumstances, you may need to get consent before profiling someone online.

    Keep in mind that some people do look for privacy policies and might not want to do business with you if you do not have one in place. A properly drafted privacy policy or statement will not only minimize your legal risk, it can serve a marketing function as well, allowing you to attract and retain customers who you are looking for security.

    If you create a policy, follow it precisely. Failing to do so is an invitation for disaster, including not only possible legal problems, but also injury to your reputation and goodwill.

    It is important to review the policy even after it has been posted. It should be revisited regularly to determine whether or not it is still accurate and to evaluate whether or not it should be revised according to your business goals and objectives.

    Credit and debit card handling

    Your e-commerce business depends on trust between you and your customers. Violating that trust can have disastrous effects, not only on you, but on your partners in e-commerce, such as your bank, payment gateway, and credit card company.

    Legal requirements for e-business

    In general, all existing laws that apply to traditional commerce apply equally in an electronic environment. These include things like laws governing business incorporation, business name registration, taxation, consumer protection, deceptive advertising, importing/exporting, product safety, product standards, criminal code, inter-provincial trade treaties, intellectual property and liability. Your business, regardless of size, must comply with the laws of any jurisdiction, both within and outside of Canada, where it is deemed to be conducting business.

    Was this information useful?