Session

Online Legal Matters

Session Outline

Personal Information Privacy Policy Social Media Online Payment Fraud Intellectual Property

This Session Weekly Activity: Online Legal Matters Consider this: What infringements can shutdown an online presence?

Is the website legal? Are online marketing practices legal? Is copyright being breached? Is privacy protected information being disclosed?

Identify what information is available from the Australian Government on these topics.

Obtain a copy of the article, “Permission Marketing” by Seth Godin and review.

Word Count: 200 – 300.

Online Legal Obligations

An organisation should be aware of its online legal obligations, including those in relation to the management of customer, supplier and stakeholder personal information.

There are also be other legal issues that you will need to consider when you operate online, such as payment security. Keeping your customers’ data safe is a crucial part of your organisation’s online presence.

Personal Information

There are laws which apply to an organisations’ handling of personal information. If you are collecting personal information, you will need to bear these laws in mind. Personal information is defined in the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable. It doesn't matter if the information or opinion is true or what form it is recorded in. It may include things like names, email addresses or other contact information, billing or transaction information, photos or videos and information about a person’s opinions or preferences.

Customer Personal Information

It is critical that you keep your customers’ data safe from theft.

No matter the size of your customer information database, it is important that you keep it safe.

Aside from being a huge blow to your organisation’s reputation, there may be legal consequences for losing customers’ personal information.

Topic Example Video

The following video outlines what is data encryption.

Take note of the key points. https://www.youtube.com/watch?v=ySP-dvcOg

as

Data Encryption

For many people who shop online it will be important to know that their payment details—like credit card number and expiry date—and delivery address are going to be kept safe. It is also important for your customers to know that you will not share their details without their consent.

If you are running an e-commerce website, you may want to consider talking to your payment gateway provider to find out what measures they take to keep this information secure when people make purchases on your website.

Payment Gateway Security

When discussing security with your payment gateway provider, consider asking them questions like:

Do they encrypt customer payment data? Can they guarantee that they are using the best 

SSL certificates? Are they audited by a third-party organisation? Does their staff undergo background checks

before they are hired? What happens if something goes wrong?

Understanding Privacy Policy

There are privacy laws that determine what you can do with the personal information of your customers, supporters or donors. It is important to be aware of the Australian Privacy Principles (APPs). It is also worth thinking about making your privacy policy, which is a requirement of the Privacy Act, available on your website.

Privacy Laws

Personal information is defined in the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable. It does not matter if the information or opinion is true or what form it is recorded in. It may include things like names, email addresses or other contact information, photos or videos and information about a person’s opinions or preferences.

For more information about Australia’s privacy laws, you can visit the Office of the Australian Information Commissioner website.

Australian Privacy Principles

The Australian Privacy Principles (APPs) are the base line privacy standards in the Privacy Act which some private sector organisations and Australian Government agencies need to comply with in relation to the personal information they collect, hold, use or disclose.

The Office of the Australian Information Commissioner may investigate potential breaches of the APPs. It is a good idea to consult the APPs and the APP guidelines to help you fully understand your responsibilities.

APP Requirements

You must take reasonable steps to protect the personal information collected or held and to comply with the APPs.

You must take reasonable steps to ensure that personal information collected is accurate, complete and up to date.

You must make available a clear and up to date privacy policy about how you will manage personal information.

You must give individuals access to their personal information on request.

APP Requirements

You must correct personal information where you become aware that it is inaccurate, incomplete, out of date, irrelevant or misleading, or if you are requested to do so by the individual.

You can only collect personal information if it is necessary for the function or activity of your business.

You must de-identify or delete unsolicited personal information as soon as is practical, if it is not necessary for the function or activity of your business.

You should not use or disclose personal information for a purpose different from the original purpose of collection, except in limited circumstances.

APP Requirements

You can only disclose personal information to a person or organisation outside Australia where you have taken reasonable steps to ensure the person or organisation does not breach the APPs or in other limited circumstances.

Although you are allowed to collect and use personal information, you are generally not allowed to collect and use sensitive information about individuals unless they first consent. There are only limited circumstances in which such sensitive information can be collected without the person’s consent.

APP Requirements

Sensitive information is defined in the Privacy Act and includes information regarding race, gender, political opinion, religious beliefs, philosophical beliefs, membership of a trade union or professional organisation, or sexual orientation or practices.

You must not use or disclose personal information for a direct marketing purpose, except in limited circumstances.

Topic Example Video

The following video discusses how to create a privacy policy for your website.

Take note of the key points. ht

https://www.youtube.com/watch?v=Gw98e-HugNo

Business Privacy Policy

You need to have a clear and up to date privacy policy that outlines the information you collect, what you use it for and how you protect it. You may decide to make this available on your website. If you would like more information on what you should include in your privacy policy, the Office of the Australian Information Commissioner’s website is a good place to start.

Topic Example Video

The following video discusses what is online payment fraud.

Take note of the key points. https://www.youtube.com/watch?v=xRGR51XU

mvI

Online Payment Fraud

Instances of fraud have increased in recent years, due in part to the growing popularity of online shopping, or e-commerce. In fact, about 71 per cent of the losses from credit card fraud occurred in transactions are in which the cardholder and retailer did not meet face to face, such as online or on the phone.

Dealing with payment fraud can be costly and time consuming. Thankfully, there are measures that organisations can take to reduce the risk of fraud.

Ask your payment gateway provider about what they can do to prevent online payment fraud.

Internet Banking

Always access your bank's website by typing the address directly into your browser.

Keep your computer up-to-date with anti-virus, anti-spyware and firewall software and set them to update automatically.

Set strong passwords and update the regularly. Do not store your password or PIN on your computer. Look for 'https://' at the beginning of the address bar

and a locked padlock in the browser that indicate the web pages are secure.

Always log out of the internet banking menu when you finish your banking and close the browser.

Internet Banking

Beware of any windows that 'pop up' during an internet banking session and be suspicious if they direct you to another website which requests your customer identification or password.

Using mobile devices There are a number of risks when using your

mobile device for online banking, which can put your identity and finances at risk.

Internet Banking

Using public computers Computers at internet cafés, libraries, airports

and hotels are convenient, but because so many people use them, they are more likely to be infected with malicious software than other computers.

Assume they are already compromised with malware that can track anything you do online, including capturing passwords you type in or any content you view online.

Public Computers

If using public wi-fi don't log onto secure sites or make online purchases as your details may be intercepted.

Don't allow the browser to save your username and password. Always make sure that you turn off the option when logging into your email account and other websites. Always log out when leaving a website.

Make sure no-one is watching you, or 'shoulder-surfing'. Log out if you leave the computer, even if it is just for a

moment. Delete your browsing history before you log out of the

computer.

Public Computers

Make sure that the browser has any auto complete function turned off, delete cookies, and clear the history.

Do not type in sensitive information—keystroke loggers can capture your password, credit card number and bank details as you enter them. Avoid financial transactions on public computers that could reveal sensitive information.

Avoid using your USB memory stick. It could pick up malicious software from the public computer and spread it to other computers, including your computer at home. If you need to use your memory stick, scan it with your anti-virus program before you use it again.

Website Development Contracts

Contracts should outline the respective rights and responsibilities of you and your website developer.

Such a contract may address: practical matters—for example, a precise description of

the work to be completed a timetable for completion, costs and a payment schedule

ownership of software and content created for the website

responsibility for licensing of third-party software, content, warranties and indemnities.

You might also want to consider creating a functional specification document.

eCommerce/Online Fundraising

If you decide to engage in e-commerce or online fundraising, it is important to pay careful attention to your legal obligations. There are specific fair trading and consumer protection laws that may apply to your organisation’s online operations.

In particular, these laws may require your organisation to clearly state—prior to the completion of any transactions—all relevant terms and conditions regarding purchases or donations, the responsibilities of customers or donors and your policies for cancellations and refunds.

Web Addresses

Web addresses You should think carefully when choosing a 

web address – including considering any relevant laws governing trademarks and business names. For more information, and to check the availability of a trademark or business name in Australia, you can visit the IP Australia website.

Website Terms and Policies

Website terms and policies If you decide to establish a website or type of

online presence, you may wish to consider developing policies that clearly explain your terms for doing business or interacting online to your customers, supporters and donors.

These may cover issues such as the accuracy of the content, your liability for content or material presented online and the rights of your customers, suppliers and stakeholders when engaging with you online. Your terms and policies should be consistent with applicable laws.

Website Terms and Policies

A lot of the data gathered online is personal information. It is good practice to clearly display your privacy policy and to explain your security practices, particularly when inviting your customers, donors and supporters to register their contact details.

You may need additional policies for other features on your site. For example, if you sell goods, you may need to consider having a sales and returns policy. If you host a blog or online forum, you may need a moderation policy outlining how you will review and manage contributions to the blog or forum.

Topic Example Video

The following video outlines internet marketing law and online intellectual property.

Take note of the key points. https://www.youtube.com/watch?v=pVgUEata

g7w

Intellectual Property

When developing content for your online presence or marketing campaign, it is a good idea to pay careful attention to where the content comes from, who owns it and whether the owners agree for you to use it.

With your own material, then you should be able to use it as you wish. If you contract another person to develop material for you, ensure you have a written agreement that clearly states who owns the intellectual property rights in that material. If you find material somewhere else—for example, online or through a stock photo library—then the intellectual property rights in that material probably belong to someone else.

Intellectual Property Law

Intellectual Property law requires that you obtain permission from the copyright owner before using copyright material. Check whether any general license terms apply to the material to see if you have the necessary permission (for example, if the material is licensed under a Creative Commons licence then you generally may use it as long as you comply with the terms of the license). In other cases, you may need to find the owner of the intellectual property rights in the material and ask for permission to use the material. In some cases, permission to use the material may be granted upon payment of a license fee.

Topic Example Video

The following video poses the question on when is online marketing SPAM.

Take note of the key points. https://www.youtube.com/watch?v=P9FPuO44

5Z4

Online Marketing & Spam

When you engage in online marketing, it is important to understand spam and the laws that apply to it.

Information on the Spam Act is available from the Department of Communications website and from the Australian Communications and Media Authority.

Social Media Platforms

If you are thinking of using a third-party platform or tool (perhaps as part of your social media strategy or to set up your payment gateway) it is important to be aware of any terms and conditions and privacy policies that they may have. These are usually accessible via a link at the bottom of the relevant website’s homepage.

By reviewing these policies you should be able to find out what your rights and obligations are in using the site. You should also be able to learn about the terms that you are asking of your customers, supporters and donors if they engage with you via those sites.

Social Media Engagement

An organisation’s use of social media may come with the benefits of informal, real-time and direct engagement with its customers, suppliers and stakeholders. It can also raise legal issues due to immediate communication.

People may not think carefully before they type, post, publish, tweet or share and try to shock or vent. Laws against defamation, hate speech, offensive conduct can also apply to the online world as they do in the offline world. Organisation can be held accountable for things that its users post in their forums and social media pages. Establishing a clear moderation policy can help you deal with this issue if and when it arises.

Recap Video

The following video recaps on online legal document requirements.

Take note of the key points. https://www.youtube.com/watch?

v=RB88EeTi_Rs

Next Session Weekly Activity: Web Security Threats Consider this: Hackers can target for personal information:

Internet connections – both front-end and back-end, ISP’s (Internet Service Providers), and Host databases

Research recent news stories on instances of this occurring.

Suggest some recommendations on strategies to prevent these intrusions from reoccurring.

Word Count: 200 - 300