It is important that companies doing business over the Internet are aware of the details of these two key pieces of legislation, with retailers having to be on their toes in this ever-evolving space to confidentially build direct-to-consumer relationships and sales.
Jaffe takes a closer look around crossing t's and dotting i's as the digital economy continues to expand in scale and sophistication at an unprecedented rate.
Undoubtedly, the cornerstone of any successful online brand is to meet the regulatory requirements of the markets they are selling in.
This includes things like:
- intellectual property violation
- protecting consumers' stored data, and
- set the standard for secure authentication methods.
So too, it includes customer service and expectations and the intricacies around data breaches, consent, integrity and accountability. Simply put in a
www.businesstech.co.za article — "as easy as it is to set up an online store, it is just as easy to suffer reputational harm from poor and unfair business practices."
As the e-commerce boom evolves, caution must be exercised by online retailers in South Africa to be mindful of the sharp increase in consumer complaints — with the fallout being that many retailers are struggling to cope.
From issues lodged around the timely delivery of goods and services and fraud — businesses should be aware of this risk and take steps to mitigate it. Other common threats include malware, illegal sharing of data and the risks associated with working with third-party vendors, digital security regulations and data privacy laws.
An interesting aside in a rush to stay ahead of the e-commerce game, the stats as per
www.ecommercedb.com offer an 'at home' perspective in the bigger scope of things. Noting that South Africa is the 42nd largest market for e-commerce, with a predicted revenue of USA$7 217.8-million by 2023. The biggest players are:
- Takealot
- Superbalist, and
- Woolworths.
As these market leaders take e-commerce to new heights in South Africa, with newbies entering the fray daily,
www.payflex.co.za reminds us that the law is fluid and subject to change. They are making it vital to stay informed and tuned into the regulation heartbeat.
Spotlighting the most critical legislation to keep in mind when contracting on the Internet in South Africa, namely:
- the aforementioned ECTA (governing online and electronic contacts)
- CPA (applies to every transaction around fair value, quality of the goods, reasonable terms and conditions)
- POPIA (around the right to privacy and use of personal data)
- NCA (regulation of all credit transactions), and
- RICA (regulating the interception of communication).
Indeed, digital merchants are tasked with making sense of legislation and regulation. For example, with the launch of POPIA, there are hefty fines around sending unsolicited emails, yet it appears that the lack of enforcement has led to this abuse by some while the majority are playing ball. That said, over and above ticking relevant regulatory boxes, understanding the threats beforehand makes it easier to safeguard businesses.
Here are recommendations for companies operating in this space:
- Ensure you have all policies on your site, which include POPIA, T&Cs, Shipping and Delivery and Dispute Resolution.
- Being POPIA compliant is essential and ensures that clients are double opted-in to avoid a hefty fine.
- Terms should cover the CPA — you should know the clients' rights and yours. For example, a zero-rand product sold is unintentional, and you do not need to honour it.
- Your site needs to be secure to avoid a data breach. All sites should run a web application firewall with intrusion detection and limit access from high-risk countries.
- If you store credit card information, you must be PCI compliant. It's better to use third-party payment gateways that have this certification to avoid risk, for example, Peach Payments.
- Websites must be maintained and patched against the latest threats to avoid unauthorised access.
- There must be strict controls around access, security and, most importantly, data breaches.
- A Disaster Recovery Policy is recommended should your site get hacked. With backups to avoid minimal downtime.
- Professional Indemnity Insurance is imperative to cover a breach, along with Cyber Insurance.
For more information, visit
www.ecomplete.agency.com. You can also follow eComplete on
Facebook,
Twitter or on
Instagram.