Launching an online business carries a multitude of responsibilities often unfamiliar to new entrepreneurs. For example, compliance with Federal regulations can be particularly challenging when you’re not aware your product is subject to such regulations in the first place.
Most compliance regulations are related to security, like the Payment Card Industry Data Security Standard (PCI-DSS) and HIPAA. Other regulations are related to safety, like the Food Safety Modernization Act (FSMA).
Regardless of your industry, being out of compliance (even in ignorance), can result in extra work and hefty fines. Here’s what you can do to avoid any problems:
Conduct initial research online
If you’re completely new to your industry and you’re not sure what agencies might regulate your products, the best thing to do is search online for clues. You won’t find all the answers, but searching will provide a trail that will eventually lead you to the agency that regulates your product. Once you know who to contact, the details you need are a phone call away.
For instance, you could run multiple searches on Google with keywords like “regulatory compliance” or “industry regulations” + your product. Come up with as many variations as possible and search for all of them. You can even search for your product with keywords like “non-compliance,” “violations,” or “fines.”
You could be held liable for selling unapproved products
If you’re buying wholesale to sell at retail prices, your products need to meet all regulatory standards. You may not be the manufacturer, but if your products violate regulations, you can still get hit with hefty fines.
A popular, yet tricky industry is vaping. Many states have already banned vaping wherever smoking cigarettes is prohibited. Vapes don’t produce second-hand smoke, but they do deliver nicotine into the bloodstream via the lungs. The FDA considers nicotine a drug, so vaporizers are subject to FDA regulations.
According to Mashable, vape enthusiasts hack their vaporizers to produce “stronger flavors” and “create more impressive vapor clouds.” They use a mechanical mod and atomizer to reduce the standard resistance, which sends more heat to the vape’s coil. This generates more heat for the inhale and a bigger vape cloud while exhaling. However, the FDA has declared this and other types of modifications unsafe.
Arbour Group notes that as of August 8th 2016, the FDA passed new regulations that require vape manufacturers to “prove that every possible configuration of the different parts would still make a safe product.” The extent of possible combinations of hardware components is vast. Still, manufacturers have until August 8th, 2018 to prove their products meet this requirement.
Vapes and vaping accessories are a popular resale item, and online resellers may not be aware of this new law. As with most regulations, ignorance is no excuse to dodge responsibility.
Don’t dismiss the possibility of being regulated
It may seem unlikely for your business to be regulated, but you’d be surprised to learn how much responsibility some businesses have at the Federal level. For instance, webhosting providers that facilitate the storage or transmission of electronic health records are responsible for maintaining proper levels of security. This includes end-to-end data encryption. However, not every hosting company provides this type of HIPAA-compliant security.
You’d think the client would be held fully responsible for storing protected health information in a non-compliant hosting environment, but the webhost can be held liable, too.
That’s why HostGator specifically forbids using their services for hosting protected health information in their terms of service. They acknowledge they aren’t HIPAA compliant, and this clause is their only protection against client misuse or ignorance.
Ignorance is no excuse
This level of responsibility holds true even when a webhost is unaware of what their clients are using their services for. For example, Louis Vuitton won a $10.8 million judgment against Akanoc Solutions, Inc. for hosting websites that sold counterfeit Louis Vuitton goods. In this case, the webhost was held liable for trademark infringement perpetrated by some of their clients.
If you’re not a big webhosting company, that doesn’t mean you’re off the hook for what your clients do. Resellers can be held liable, too. Historically, courts have held resellers accountable to their clients as if the reseller were the source host. To the client, they are the host, and that’s good enough for the court.
Play it safe – be prepared
Since ignorance won’t deflect those hefty fines, do your due diligence and find out if your online business is subject to any regulations. Then, do your best to get compliant, even if it has to come in stages.