Legal, Ethical and Regulatory Issues

The Internet has diminished geographic boundaries requiring organizations to conduct extensive research and planning to enter the e-commerce arena. Internet technology has a significant effect on the global trade involving a multitude of products and services.  E-Marketing tools used by the online travel industry have enabled consumers to purchase travel services from the comforts of their living room.   However, many businesses and consumers are still wary of conducting extensive business over the Internet because of the lack of a predictable legal environment governing transactions.  This paper will address the legal, ethical, and regulatory issues for an e-commerce company and will focus on site security, confidentiality, and international issues of   Expedia, Travelocity, and Orbitz. 

Security, Confidentiality, and International Issues

             The global market is vast with no unified regulatory guidelines or standards.  As a result, e-commerce businesses must implement diverse contingencies to ensure compliance with both domestic and foreign tax requirements regarding the sale of products ad services.  In the United States, firms are required to disclose any potential tax liabilities under the Sarbanes-Oxley Act of 2002, however there is no clear legislation of how state tax sales will be structured through e-commerce venues.  In a polar opposite to the United States the European Union, issued a directive requiring “companies outside of the European Union to start paying value added tax on sales of electronically delivered goods and services to European customers” (Meller, 2002).   Differing national perspective regarding taxes requires individual e-commerce businesses to understand the global market and develop internal controls to comply with the governing tax structure applicable to the areas in which they operate.  In addition to tax concerns, U.S. firms must satisfy compliance with consumer protection and privacy legislation aimed at protecting individual consumers. For example, the Gramm-Leach-Bliley Financial Modernization Act requires company’s to provide an option for consumers to determine if they want their information shared with third parties; the Children’s Online Privacy Protection Act (COPPA) Rule which applies to commercial web sites operators and an online services directed to children under age 13.  The law gives parents control over what information is collected from their children online and how such information may be used. (FTC, 2006)  Industry practices of web developers in the United States, Canada and Europe were studied by the Federal Trade Commission (FTC).  In a FTC report to Congress “four widely accepted fair information practices regarding the collection of personal identifying information from or about consumers online are Notice, Choice, Access and Security.” (FTC, 1998)  Based on the FTC guidelines, consumer-orientated commercial Web sites have adopted four widely accepted information practices:

“(1) Notice - Web sites would be required to provide consumers clear and conspicuous notice of their information practices, including what information they collect, how they collect it (e.g., directly or through non-obvious means such as cookies), how they use it, how they provide Choice, Access, and Security to consumers, whether they disclose the information collected to other entities, and whether other entities are collecting information through the site. (2) Choice - Web sites would be required to offer consumers choices as to how their personal identifying information is used beyond the use for which the information was provided (e.g., to consummate a transaction). Such choice would encompass both internal secondary uses (such as marketing back to consumers) and external secondary uses (such as disclosing data to other entities). (3) Access - Web sites would be required to offer consumers reasonable access to the information a Web site has collected about them, including a reasonable opportunity to review information and to correct inaccuracies or delete information. (4) Security - Web sites would be required to take reasonable steps to protect the security of the information they collect from consumers” (FTC, 1998).

The global marketplace has provided web-based firms with a larger customer community.  However, charting the diverse domestic and international regulatory requirements will remain a challenge as independent nations develop legislation to regulate this medium.

           Expedia

Expedia is very concerned with security and privacy of its customers. According to Expedia’s privacy policy, the company states “We understand that making purchases online involves a great deal of trust on your part; we take this trust very seriously, and make it our highest priority to ensure the security and confidentiality of the personally identifiable information you provide us” (Expedia, 2006). In September of 2000, Expedia announced the successful completion of a privacy audit that was conducted by Pricewaterhouse Coopers.  This audit subjected Expedia’s to an extensive inspection of its business practices and how it related to the organization’s privacy policy (Expedia, 2000).  Expedia’s privacy policy explains how the organization handles customer data, the confidentiality in which customer information is handled and how the company secures this information.   Expedia.com has also setup regional offices that work with specific geographic locations across the world.  Each local site reflects the laws and issues of that specific area.  Every regional site has its own version of Expedia’s privacy policy and lists specific laws that apply to that country or area in which Expedia does business. 

Travelocity

.Security at is a top priority for Travelocity which safeguards consumer personal information through security protocols within the company’s system infrastructure.  Travelocity equipped their systems with multiple security precautions throughout the booking process, and long after you’ve completed your transactions. Travelocity systems are protected by firewalls that act as shields to our computer networks. Within those systems, sensitive information is encrypted to protect consumer financial and personal data.  Travelocity is confident in its ability to secured consumer’s credit card transactions that the company guarantees every online transaction. (www.travelocity.com, 2006). 

Privacy and confidentiality is also a concern at Travelocity.  When consumers reserve or purchase travel services through Travelocity Business, personal information is provided only to the involved third party travel service providers.  The company does not sell customer private profile information to third parties. Occasionally, Travelocity Business will provide consumer information to a third party acting on their behalf for specialized projects such as market research surveys and contest entry processing (www.travelocity.com, 2006).  

            International issues and global barriers experienced by Travelocity resulted internal improvements of its infrastructure to support global pricing and taxation by its leveraging parent company Sabre’s back-end system, which were already equipped to handle international pricing. These improvement enabled Travelocity offer services to customers in 94 countries. (Goodridge E, 2000).

            Orbitz

Orbitz employs physical, administrative, and technical safeguards to help protect the confidentiality and integrity of consumer information in its databases to reduce the risk of loss, misuse, unauthorized access, disclosures or modification of personal information. Consumer awareness for any information transmitted electronically via the World Wide Web might not be secure. Orbitz advises it customers the company assumes no liability for the loss of any information transmitted via the World Wide Web. However, personal financial data on credit cards used when making a booking, reservation or purchase on the site is encrypted for the transaction (Orbitz.com Security, 2006).  

Orbitz’s privacy policy states that consumer privacy is very important to them. Their privacy policy describes the principles and practices that apply to Personal Information collected from users for services on the company site, in telephone or e-mail communications, or in interviews, surveys, sweepstakes, contests, or raffles. Simple put, Orbitz will  not collect Personal Information without the consumer’s direct knowledge and permission; nor disclose Personal Information to third parties, except as provided in their Privacy Policy. Orbitz will allows customers to view, correct or remove Personal Information; and takes reasonable steps to protect the security of the Personal Information collected (Orbitz.com privacy, 2006).