E-Commerce Legal Policies & Procedures - Essay Example

? E-COMMERCE LEGAL POLICIES & PROCEDURES by Introduction Dream Decor’s realises the importance of maintaining a solid presence online for the purposes of e commerce and communication. Similarly, it is of high importance to the proprietors of Decor’s e commerce website to attract new members into its online community while at the same time offer the best in retaining existing members. The main purpose of setting up policies and standards on Dream Decor’s e commerce website is to help ensure activities carried out within the site are secure. In addition, these regulations seek to assure the general public that the organisation works within set guideline and that all controlled transactions represent Dream Decor’s appropriately. Finally, these policies are set within agreed, and international standards therefore are applicable to the entire staff of Dream Decor, and its affiliated partners including vendors and third party distributers (Awad, 2005). Standards 1. Prior to the commencement of any commercial activity or work on Decors website, the entire commerce initiative must be presented to a review committee. This committee will ensure the compliance of the website to a standard level of security and other related IT and internet use standards (Goldstein 2000). 2. Dream Decor’s information security officer and business directors will be in charge of credit card security, the setting up an enforcing of security policies, ensuring the website adheres to national and international standards, and monitoring system access. 3. All Dream Decor’s departments with pre-approved authority and mandate to process credit card activities must maintain the following standards: Use the centrally hosted e-commerce software application, or a third party payment processing system that is secure and approved by the Dream Decor’s management team. Use credit card processing terminals that have been pre-approved by the management team, and are programmed to mask credit card information and protect the customer. Participants should not under any circumstance create an electronic file that stores full credit card numbers and clients personal information. Partial card information of clients and all transaction records should be stored for no more than seven years, and upon disposal proper procedures must be followed to ensure integrity is upheld. Records containing personal information must be properly secured, and strict access be maintained at all times. Proper, up to date and regular inventory records must be kept of all transactions and credit card information so as to facilitate quick identification of theft of malpractice. 4. Dream Decor’s staff should regularly undergo or participate in PCI risk assessment and training (Awad, 2005). 5. In the event of a security breach or the discovery of malpractice on the side of Dream Decor and its staff the following steps shall be taken: All affected card information be contained and management to be informed. Affected system is not to be accessed until it has been assessed by a forensic team E-commerce Sample policy and procedure Our commercial site realises the importance of maintain the integrity of members personal information, and ensuring the privacy that comes along with financial matters. It is our aim to maintain the highest standards, and protect member information by all means possible (Goldstein 2000). Collected information In order to provide our clientele with quality and reliable service, the website automatically collects personal information from members and regular visitors. This information is then used to respond to, and fulfil service demands by the client. For reference purposes, this information is also temporarily stored by our servers. The information collected and stored is vital to our service delivery and system performance as such is of high importance. However, No information that personally identifies individuals or singles out our members is collected. On the other hand, when personal and identifying information is submitted by the client, the same is specifically used as requested by the client. Such information can be collected through e-mail correspondence on request of a service and the management committee ensures that caution is exercised when handling this type of data. These details are also stored for reference purposes, but it should be noted that e-mail communication is potentially unsafe and any breach of the same shall not be traced back to the company (Goldstein 2000). Use of information and protection The organisation and all its affiliates will not under any circumstance sell, give out or share personal information of our members to a non-affiliated third party for independent use. Member information is disclosed only under the following circumstances; with express authorisation from owner which should be accompanied with official documentation; on request for a transaction by the owner of the information; when our company is reporting to a credit agency authorised by the government; or when the law demands of permits for disclosure of the said information. Additionally, to ensure integrity is preserved on our end, the organisation and its members sign a confidentiality agreement that binds them to maintain secrecy of proprietary information. Since most transactions are done online we acknowledge the existence of people who may attempt unauthorised access to the information for personal use. In response to this, all systems receive routine maintenance and protection updated. In addition updated software is used to monitor, detect, and remove the malicious attacks when detected (Goldstein 2000). Vendor management and data transmission Based on the various demands and an ever growing clientele base, we contract third party vendors from time to time so as to effectively meet customer requirements. The following requirements are set prior to engaging in any agreement: All sensitive and confidential information will be retained specifically for the purposes of providing services to the clients, and shall not be sold or shared in any way to unauthorised persons All transmissions via the net that may contain sensitive and personal client information must be done in a secured environment Proper authentication and identification techniques must be provided to members to avoid fraud and malpractice. That the vendor will be subject to regular audits of their systems to ensure they comply with set standards failure to which operations will be terminated. References list AWAD, E. M. 2005. Electronic Commerce: From Vision to Fulfillment, Pearson Custom Pub. GOLDSTEIN, A. E. & O'CONNOR, D. 2000. E-commerce for Development: Prospects and Policy Issues, OECD Development Centre. Read More