7 Enduring e-Commerce Checkpoints: A Winning Formula?!

January 3, 2012

Since the “dot-com” era began, many Internet-driven businesses have come and gone.  Some resurfaced in a new guise, but others were never to be seen or heard from, again.  Why was this so, and what did some of them do correctly, that others did wrongly?  I think those that failed, did so for not meeting 1 (“one”) or more of the 7 (“seven”) checkpoints in the e-Commerce success formula, applicable both in the times gone by and in the current climate.  As further detailed below, these are: Acceptable Service Levels; Security; Policies and Privacy; Intellectual Property Rights (I.P.R.); Regulatory Compliance; Enforcement; and Dedicated Cashflows.

1.         ACCEPTABLE SERVICE LEVELS: If and when offering a service or product to the public, then the quality of that offering must be acceptable.  Bad product or bad service, leads to bad reputation.  With the current pace of word-of-mouth advertising through Social Media, a company’s reputation can be tanked, with a quickness.  Why spend so much time generating all that buzz, and then bet the company by offering something that is a substandard product (bug-infested), a service that is obviously not quite yet ready for primetime (the wider, mass market), or something that is otherwise badly managed in the initial rollout (going cheap on the launch)?

This may have worked for some businesses in the past, and it may still be tried in some cases by those businesses feeling secure or carefree enough with the substantial following for their product or service, or suite of same.  But, today?  No way!!  Beta testing is available for a reason.  Use it!  The more alternatives that proliferate, and providing that there is a relative inelasticity in providers, the less tolerant the market will be for mediocrity and unacceptable service levels.

2.         SECURITY: Of course, the company crown jewels (I.P.R., trade secrets including strategies and customer lists, and so forth), must be secured.  If not, then the model can be replicated either without shame and by an obvious copycat, or through reverse engineering with a very good idea of where they need to go, from having the product, your product, right there in front of them.  Physical security, electronic security, and a security frame of mind, must permeate the business and the workforce from top to bottom, in order to hit this checkpoint right.

The added networking functionalities that Social Media now gives to developers, programmers, and scientists, coupled with the fact that massive amounts of raw and unencrypted data can be lost (and are being regularly lost) on smartphones, laptops, and through online theft and hacking, means that achieving comprehensive Cybersecurity is no easy task, as I have already blogged.[1]  You may notice that some of the largest, most successful, longest-lasting e-Commerce successes are entities with a very zealous dedication to security.  Obviously, there are good reasons for this.

3.         POLICIES and PRIVACY: It is also vitally important to have effective and comprehensive policies on a variety of topics, so that there are no fatal gaps in employee guidance as to the policies and procedures that they need to follow in specific circumstances, or in those very tricky or novel situations where the guidance of other employers may be found lacking due to imprecision, or a lack of clarity, or a failure to consider and plan for such an eventuality – even by providing a dedicated line on which employees may call for guidance from a responsible person in the company.  Situations that should be policy-covered include but are not limited to, privacy breaches, emergencies and complex emergencies, Social Media usage, employee hiring (with appropriate background checks) and termination (with exit interviews and securing of access permissions and company property), and privacy and security, generally.

Where policies are lacking, employees may well take the initiative.  There is nothing wrong with having employees who can think for themselves, especially in a knowledge-driven economy or an Internet-driven business.  However, where employees lack the critical additional knowledge, subject matter expertise, or general leadership training and discipline to know what is best for the company and also in accordance with law, their initiative may initiate a problem, or two, or three.  Sometimes extrication is simple, and sometimes, it comes at a very steep price, including personal liability for directors and officers, very steep fines and regulatory penalties, lawsuits with their companion legal costs and expenses and insurance coverage disputes, and even destruction or dissolution of the company as a going concern.  It is better to lead and set the tone with a coherent policy, after careful business consideration and consultation with legal counsel.

4.         INTELLECTUAL PROPERTY RIGHTS (I.P.R.): Where the entity owns and has developed its own I.P.R., then this should be protected, of course, through proper registration and ongoing monitoring.  It is not prudent, and very much ill-advised, to put a branded product or service on the market without first ensuring that the name chosen, is available and free for use.  Otherwise, a flashy and expensive marketing campaign may lead directly to a messy and expensive legal battle for I.P.R. infringement or misuse.  This could be ruinous if the seed money or risk capital has already run out or nearly run out, and whether or not the deep-pocketed investors get frightened-away by that kind of rather costly, and potentially very bad publicity.

Similarly, the unauthorized use or willful misuse of the I.P.R. of another, can bring severe and negative consequences through suits and injunctions.  Even where the law is unclear or imprecise and with apparent loopholes, this does not prevent an incensed litigant or an ambitious prosecutor from applying novel theories and significant resources to make a test case stick, or to prove a point, or to chill or still the fervor of any and all who might think to follow a bad lead.

5.         REGULATORY COMPLIANCE: All of the foregoing ties-in with regulatory compliance.  This does not just apply to industry-specific regulations, but also to national laws; laws of the municipality, state, and province, as appropriate; and any International or otherwise multijurisdictional accords and protocols that may be or become relevant, or applicable, or appurtenant to the business or the business model in question.

Having a good idea of what is being planned or proposed, and where possible, being able to chime-in on the debate through a trade or industry group, are best practices.  It is better to know, plan, and prepare, than to be suddenly surprised.  Sometimes, even with the delayed applicability of new laws and regulations, the time, cost, and efforts required to become fully compliant – let alone the fines and penalties for failing to be so compliant – can be a drain on resources and an unwelcome distraction from the core mission.

6.         ENFORCEMENT: Additionally, all company policies must be regularly communicated, enforced, and audited for the degree of compliance therewith; otherwise the company may face more than its share of User-generated Legality Issues (UgLIs).[2]  As for leadership in this endeavor, even in a smaller company, it can be highly advisable to have both a Chief Compliance Officer and a Chief Privacy Officer.

To the extent that a candidate is qualified, both of these titles may be held by a single, double-hatted individual.  However, if that is the case, then it is advisable that the person hold no third portfolio, as the pace of development in both of those areas will keep him or her more than sufficiently occupied.  Indeed, many an entity may find it more affordable and prudent to have a limited In-House capacity in both of these areas, but outsource the bulk of its needs for guidance in privacy and compliance to legal providers who can promptly deliver legal updates and customized policies, in conjunction with occasional audits, and tweaking as the business matures and moves though standard and non-standard cycles, or other critical events (mergers and acquisitions, litigation, regulatory investigations, public offerings and buybacks, or insolvency).

7.         DEDICATED CASHFLOWS: The initial dot-com heydays were replete with businesses that sold nothing, gave away copious amounts of services or software or both of these for free, and essentially, burned through cash as though the patience of their dedicated investors would never end.  Eventually, it did, and so did they.

There has to be revenue, and it needs to be projected to start at some point down the line, right from the start.  This way, milestones can be recorded, and steps taken to address any failures to meet them – whether in extensions of time and financing, or in a change of policy or management, or both of these.  There is nothing wrong with having a loss-leader, and giving away services or software in order to capture market share and loyal customers.  Advertising, therefore, when responsibly and lawfully and tastefully done, is the easiest way to generate revenues, and build a business from the traffic to, or the following or patronage of, a popular site or service.

Summary: E-commerce and the Internet-driven business are still very much works in progress, as governments struggle to keep up with their ever-changing nature, and the consuming public (in sections and subsets of same), thrives on the tensions generated and in the spaces created, by this state of constant flux.

Some have accused the People’s Republic of China and the Russian Federation of high complicity in organized theft of strategic assets by exploiting flaws in and their failures on, one or more of the above 7 checkpoints.[3]  However, these alleged culprits are also obvious victims;[4] and allegations of economic espionage and leveraging for advantage, legally, not so legally, and quite illegally, including with government support or complicity,[5] are really nothing new.

Whether one’s problems show success or a failing equal to those of others on the same or substantially the same above checkpoints, is in the beholder’s eye.  Regardless, however, perhaps if regulators focused a little more on fixing the failings in this winning formula than spinning for sanctions and shame, more would thrive and succeed in this brave new, Online Great Game.

Author:

Ekundayo George is a Sociologist, Lawyer, and Strategic Consultant, with experience in business law and counseling, diverse litigation, and regulatory practice. He is licensed to practice and has practiced, in Ontario, Canada, as well as multiple states of the United States of America (U.S.A.); and he has published in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided as a courtesy and convenience, only, and no warranty is made or responsibility assumed for their content, accuracy, or availability.

This article is intended and presented for general information purposes and is not intended or construed or to be read, as constituting legal advice or creating any lawyer-client relationship.

---

[1] Ekundayo George. “Cybersecurity (the Nitty-Gritty; and what is Cyberspace?): A Different, Flexible Approach.”  Oglaws.  Published on December 9, 2011.  Available at: https://ogalaws.wordpress.com/category/strategic-consulting/cybersecurity/

[2] See Ekundayo George. “M”edia Effectiveness, at the text containing endnotes 5 through and including 12, for an explanation of this concept.  Ogalaws page Tab.  Available at: https://ogalaws.wordpress.com/media-effectiveness/

[3] United States of America, Office of the National Counterintelligence Executive (ONCIX).  Foreign Spies Stealing U.S. Economic Secrets in Cyberspace. Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011.  Published in October, 2011.  Available at: http://www.ncix.gov/publications/reports/fecie_all/Foreign_Economic_Collection_2011.pdf

[4] BBC News, Technology.  China seeks to combat hi-tech crimewave.  Published on December 30, 2011.  Available at: http://www.bbc.co.uk/news/technology-16357238

See also BBC News, Europe.  UK diplomats in Moscow spying row.  Published on Monday, January 23, 2006.  Available at: http://news.bbc.co.uk/2/hi/europe/4638136.stm

[5] New York Times.  Air France Denies Spying on Travelers.  Published on September 14, 1991.  Available at:   http://www.nytimes.com/1991/09/14/news/14iht-spy_.html

See generally Paul M. Joyal.  Industrial Espionage Today and Information Wars of Tomorrow.  Integer Security, Inc. Information and Analytic Services.   A report prepared by Paul M. Joyal (President of Integer Security Inc.), for presentation at the 19th National Information Systems Security Conference, held in Baltimore, Maryland, U.S.A., on October 22-25,1996.  Available at: http://csrc.nist.gov/nissc/1996/papers/NISSC96/joyal/industry.pdf

See e.g. CTVNews.ca Staff.  Corporate espionage costing billions each year.  CTVNews.ca Published on Tuesday, November 21, 2011.  Available at: http://www.ctv.ca/CTVNews/CanadaAM/20111129/corporate-espionage-secrets-companies-111129/