Legal, Ethical
and Regulatory Issues
The Internet has diminished geographic boundaries requiring organizations to conduct extensive
research and planning to enter the e-commerce arena. Internet technology has a significant effect on the global trade involving
a multitude of products and services. E-Marketing tools used by the online travel
industry have enabled consumers to purchase travel services from the comforts of their living room. However, many businesses and consumers are still wary of conducting extensive business over the Internet
because of the lack of a predictable legal environment governing transactions. This
paper will address the legal, ethical, and regulatory issues for an e-commerce company and will focus on site security, confidentiality,
and international issues of Expedia, Travelocity, and Orbitz.
Security, Confidentiality, and International Issues
The global market is vast with no unified regulatory guidelines or standards. As a result, e-commerce businesses must implement diverse contingencies to ensure compliance with both
domestic and foreign tax requirements regarding the sale of products ad services. In
the United
States, firms are required to disclose any potential tax liabilities under the Sarbanes-Oxley
Act of 2002, however there is no clear legislation of how state tax sales will be structured through e-commerce venues. In a polar opposite to the United States
the European Union, issued a directive requiring “companies outside of the European Union to start paying value added
tax on sales of electronically delivered goods and services to European customers” (Meller, 2002). Differing national perspective regarding taxes requires individual e-commerce businesses to understand
the global market and develop internal controls to comply with the governing tax structure applicable to the areas in which
they operate. In addition to tax concerns, U.S.
firms must satisfy compliance with consumer protection and privacy legislation aimed at protecting individual consumers. For
example, the Gramm-Leach-Bliley Financial Modernization Act requires company’s to provide an option for consumers to
determine if they want their information shared with third parties; the Children’s Online Privacy Protection Act (COPPA) Rule which applies to commercial web
sites operators and an online services directed to children under age 13. The
law gives parents control over what information is collected from their children online and how such information may be used.
(FTC, 2006) Industry practices of web developers in the United States, Canada and Europe were studied by the Federal Trade
Commission (FTC). In a FTC report to Congress “four widely accepted fair
information practices regarding the collection of personal identifying information from or about consumers online are Notice,
Choice, Access and Security.” (FTC, 1998) Based on the FTC guidelines,
consumer-orientated commercial Web sites have adopted four widely accepted information practices:
“(1)
Notice - Web sites would be required to provide consumers clear and conspicuous notice of their information
practices, including what information they collect, how they collect it (e.g., directly or through non-obvious means
such as cookies), how they use it, how they provide Choice, Access, and Security to consumers, whether they disclose the information
collected to other entities, and whether other entities are collecting information through the site. (2) Choice
- Web sites would be required to offer consumers choices as to how their personal identifying information is used beyond the
use for which the information was provided (e.g., to consummate a transaction). Such choice would encompass both
internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other
entities). (3) Access - Web sites would be required to offer consumers reasonable access to the information
a Web site has collected about them, including a reasonable opportunity to review information and to correct inaccuracies
or delete information. (4) Security - Web sites would be required to take reasonable steps to protect the
security of the information they collect from consumers” (FTC, 1998).
The global marketplace has provided web-based firms with a larger customer community. However, charting the diverse domestic and international regulatory requirements will remain a challenge
as independent nations develop legislation to regulate this medium.
Expedia
Expedia is very concerned with security and privacy of its customers. According to Expedia’s privacy policy, the company states “We understand that making purchases online involves
a great deal of trust on your part; we take this trust very seriously, and make it our highest priority to ensure the security
and confidentiality of the personally identifiable information you provide us” (Expedia, 2006). In September of
2000, Expedia announced the successful completion of a privacy audit that was conducted by Pricewaterhouse Coopers. This audit subjected Expedia’s to an extensive inspection of its business practices and how it related
to the organization’s privacy policy (Expedia, 2000). Expedia’s privacy
policy explains how the organization handles customer data, the confidentiality in which customer information is handled and
how the company secures this information. Expedia.com has also setup regional
offices that work with specific geographic locations across the world. Each local
site reflects the laws and issues of that specific area. Every regional site
has its own version of Expedia’s privacy policy and lists specific laws that apply to that country or area in which
Expedia does business.
Travelocity
.
Security at is a top priority for Travelocity which safeguards consumer personal information through
security protocols within the company’s system infrastructure. Travelocity
equipped their systems with multiple security precautions throughout the booking process, and long after you’ve completed
your transactions. Travelocity systems are protected by firewalls that act as shields to our computer networks. Within those
systems, sensitive information is encrypted to protect consumer financial and personal data.
Travelocity is confident in its ability to secured consumer’s credit card transactions that the company guarantees
every online transaction. (www.travelocity.com, 2006).
Privacy and confidentiality is also a concern at Travelocity. When
consumers reserve or purchase travel services through Travelocity Business, personal information is provided only to the involved
third party travel service providers. The company does not sell customer private
profile information to third parties. Occasionally, Travelocity Business will provide consumer information to a third party
acting on their behalf for specialized projects such as market research surveys and contest entry processing (www.travelocity.com, 2006).
International issues and
global barriers experienced by Travelocity resulted internal improvements of its infrastructure to support global pricing
and taxation by its leveraging parent company Sabre’s back-end system, which were already equipped to handle international
pricing. These improvement enabled Travelocity offer services to customers in 94 countries. (Goodridge E, 2000).
Orbitz
Orbitz employs physical, administrative, and technical safeguards to
help protect the confidentiality and integrity of consumer information in its databases to reduce the risk of loss, misuse,
unauthorized access, disclosures or modification of personal information. Consumer awareness for any information transmitted
electronically via the World Wide Web might not be secure. Orbitz advises it customers the company assumes no liability for
the loss of any information transmitted via the World Wide Web. However, personal financial data on credit cards used when
making a booking, reservation or purchase on the site is encrypted for the transaction (Orbitz.com Security, 2006).
Orbitz’s privacy policy states that consumer privacy is very
important to them. Their privacy policy describes the principles and practices that apply to Personal Information collected
from users for services on the company site, in telephone or e-mail communications, or in interviews, surveys, sweepstakes,
contests, or raffles. Simple put, Orbitz will not collect Personal Information without the consumer’s direct knowledge and permission;
nor disclose Personal Information to third parties, except as provided in their Privacy Policy. Orbitz will allows customers
to view, correct or remove Personal Information; and takes reasonable steps to protect the security of the Personal Information
collected (Orbitz.com privacy, 2006).
Travelport manages the international
issues associated with Orbitz. Travelport solutions are a subsidiary of Cendant
Corp. Travelport is a global full service provider of strategic services and tools for mid and large corporations, providing
access to online booking tools and global distribution services. Travelport's
International Rate Desk specializes in faring complex, multi-segment international itineraries. Using their extensive experience
and knowledge of customer contracts, specialized agents find the best options for international travelers—and average
savings of $550 per ticket (Cendant Corporate Travel, 2004).
Conclusion
As this paper demonstrates, when an organization
decides to enter into e-commerce, much research and planning must occur. Because
the Internet has changed the way many organizations do business, these organizations must understand the legal, regulatory,
and ethical considerations of e-commerce before commencing an online website. Without
having any of these concerns addressed prior to launching an e-commerce initiative, a company could risk its success and livelihood
by not abiding by the law or allowing private information or data to become compromised.
Expedia, Travelocity, and Orbitz, e-commerce sites all do business in international markets and have addressed these
issues by working with local countries and regions on how to best address the regulations of their respective geographic areas
to ensure that each is compliant and is acting within the local laws.
References
Cendant
Corporate travel.com (2004). Travelport, part of the Cendant
Travel
family. Retrieved on July 9, 2006,
from
http://www.cendantcorporatetravel.com/compare
Goodridge
E (2000) Travelocity Overcomes Barriers In Its Global
Expansions, Information Week .com. Retrieved on
July 9, 2006,
from
http://www.informationweek.com
Expedia,
Inc. (2006) Privacy Policy. Retrieved on July
8, 2006, from www.expedia.com
Federal Trade Commission. (1998). Privacy Online: A Report to Congress. Retrieved July 8, 2006 from: http://www.ftc.gov/reports/privacy3/toc.htm
Federal Trade Commission (2006) Privacy Iniatives Retrived July 9, 2006 from: http://www.ftc.gov/reports/privacy3/toc.htm
Meller, P. (2003) IDG News Service “European
Union Taxes E-Shopping” Retrieved July 8, 2006 from: http://www.pcworld.com/news/article/0,aid,84024,00.asp
Orbitz.com
(2006) Orbitz Privacy Policy. Retrieved on July 9, 2006, from
http://www.orbitz.com/pagedef/content/ legal/privacy
Orbitz.com (2006)
Security Policy. Retrieved on July 9, 2006, from
https://www.orbitz.com/shared/pagedef/ content/legal/security
Travelocity
.com (2006) Security Guarantee. Retrieved on July 9, 2006,
from http://www.travelocity.com.
Travelocity .com (2006) Privacy Policy. Retrieved on July 9, 2006,
from
http://www.travelocity.com.