Some data privacy laws that many online businesses are breaking all the time include:
California Online Privacy Protection Act
The ‘Shine the Light’ law
Nebraska Revised Statute 87-302
Non-compliance with any part of any of these laws (and others) exposes an eCommerce company to lawsuits and even enforcement action by the FTC. Since damages are difficult to quantify in privacy lawsuits, plaintiffs are looking to laws where large statutory damages have been awarded previously, leaving non-compliant online businesses with the risk of multi-million dollar lawsuits.
How can I be sued in a different state?
If your business sells products to residents of California, Pennsylvania, Nebraska or anywhere else with state laws governing online privacy policies, you can be sued in that state if you are non-compliant with their laws. No matter where you or your business is located, doing business with state residents is enough to make their state laws apply to you. If you are sued for violating part of a California privacy law, you would need to either travel to California to represent your business in the lawsuit, or you would need to hire an attorney who is licensed to practice law in California and who is able to defend you in the lawsuit.
Can I ignore the lawsuit if I’m sued in California for violating the California Online Privacy Protection Act?
It is highly recommended to never ignore a lawsuit against you or your company, no matter where in the USA that lawsuit is filed. If you ignore the lawsuit, a default judgment will most likely be entered against you and in the favor of the plaintiff.
The plaintiff could take further legal action to have the judgment domesticated in your state, which would open a variety of options for the plaintiff to recover the damages awarded in the default judgment.
How can small businesses ensure their compliance?
There are two viable options for small and medium sized businesses that want to comply with quickly evolving state privacy laws. The first option is to research and hire an attorney who can regularly update you on changes to state privacy laws. This may be time consuming and is also a very expensive option.