In the United States, the Federal Trade Commission (FTC) is the primary agency that regulates ecommerce activities. This includes regulations for a number of ecommerce activities such as commercial email, online advertising and consumer privacy. Another organization that ecommerce site owners should become familiar with is the PCI (Payment Card Industry) Security Standards Council. This organization provides security standards and regulations for handling and storing your customer’s financial data.
The Federal Trade Commission was created on September 26, 1914, when President Woodrow Wilson signed the Federal Trade Commission Act into law. The FTC opened its doors on March 16, 1915. The FTC’s mission is to protect consumers and promote competition
The Payment Card Industry Security Standards Council was originally formed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International on September 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
The PCI Council formed a body of security standards known as the PCI Data Security Standards, (PCI DSS), and these standards consist of 12 significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines. By complying with qualified assessments (see QSA) of these standards, businesses can become accepted by the PCI Standards Council as compliant with the 12 requirements, and thus receive a compliance certification and a listing on the PCI Standards Council website. Compliance efforts and acceptance must be completed on a periodic basis
Internet Law and Forum
Founded in 1995, the Internet Law & Policy Forum (ILPF) is dedicated to the sustainable global development of the Internet through legal and public policy initiatives. It is an international nonprofit organization whose member companies develop and deploy the Internet in every aspect of business today.
Through its conferences, working groups, and expert workshops, the ILPF provides a neutral forum and international perspective in order to discover best practices and develop practical solutions for the multi-faceted challenges posed by the Internet in the realms of law, policy, technology and business.
International Chamber Of Commerce
The International Chamber of Commerce is the largest, most representative business organization in the world. Its hundreds of thousands of member companies in over 180 countries have interests spanning every sector of private enterprise.
ICC has three main activities: rule setting, dispute resolution, and policy advocacy. Because its member companies and associations are themselves engaged in international business, ICC has unrivalled authority in making rules that govern the conduct of business across borders. Although these rules are voluntary, they are observed in countless thousands of transactions every day and have become part of international trade.
A world network of national committees in over 90 countries advocates business priorities at national and regional level. More than 2,000 experts drawn from ICC’s member companies feed their knowledge and experience into crafting the ICC stance on specific business issues.
ICC keeps the United Nations, the World Trade Organization, and many other intergovernmental bodies, both international and regional, in touch with the views of international business. ICC was the first organization granted general consultative status with the United Nations Economic and Social Council.
Singapore Electronic Transaction Guidelines
The Electronic Transactions Act (ETA) (Cap 88) was first enacted in July 1998 to provide a legal foundation for electronic signatures, and to give predictability and certainty to contracts formed electronically. In July 2010, the ETA was repealed and re-enacted to provide for the continuing security and use of electronic transactions.
Singapore was one of the first countries in the world to enact a law that addresses issues that arise in the context of electronic contracts and digital signatures, and continues this trend by being amongst the first to implement the United Nations Convention on the Use of Electronic Communications in International Contracts, adopted by the General Assembly of the United Nations on 23rd November 2005 (the UN Convention). The Electronic Transactions Bill was introduced in Parliament on 26 April 2010, and passed on 19 May 2010. The re-enacted Act came into force on 1 July 2010.
The Singapore ETA follows closely the UN Convention, which is an update to the UNCITRAL Model Law on Electronic Commerce, to better fit the current Internet environment. The UN Convention sets a new global standard for national electronic commerce legislation.
The ETA addresses the following issues:
- Commercial code for e-commerce transactions: The ETA was enacted to create a predictable legal environment for e-commerce. It clearly defines the rights and obligations of the transacting parties. It also addresses the legal aspects of electronic contracts, use of specified security procedures (including digital signatures) and concerns for authentication and non-repudiation.
- Use of electronic applications for public sector: In order to facilitate the use of electronic transactions in the public sector, the ETA contains an omnibus provision through which government departments and statutory boards can accept electronic filings and electronic versions of documents without having to amend their respective Acts. It also allows public bodies to issue permits and licenses electronically.
- Liability of network service providers: Singapore recognizes the importance of network service providers in providing information infrastructure and content. The government also realises that it is impractical for network service providers to check all the content for which they merely provide access. To create a transparent legal environment conducive to the growth of network service providers, the ETA specifies that network service providers will not be subject to criminal or civil liability for such third-party material, in relation to which they are merely the host. The clause, however, will not affect the obligations of a network service provider under any licensing or other regulatory regime established under the law.
- Provision for the development of security procedures such as Public Key Infrastructure (PKI) and biometrics: the ETA provides for the appointment of a Controller to enable regulations to be made for the licensing and accreditation of specified security procedure providers, such as certification authorities (CAs), and including recognition of foreign CAs.
The Evidence Act (Cap 97) was also amended in 1997 to allow the use of electronic records as evidence in the courts.