On July 12, 2002, Law 34/2002, or the Law on Information Society Services and Electronic Commerce (LSSICE), was published in the BOE and entered into force on October 12, 2002.
The new legislation affects any company that makes use of the Internet, from those that simply have a website displaying their services or products, to those that obtain any kind of profit through this medium, and especially operators or ISPs. The implications vary for each one, but they exist in all cases. The penalties for non-compliance are much higher than those imposed by the LOPD and have resulted in the closure of some sanctioned companies due to their inability to bear such financial penalties.
Internet Security Auditors, committed to offering the necessary Security services so that our clients can conduct their business with maximum peace of mind, provides Adaptation and Audit services for the aspects defined by the legislation regarding LSSICE, which can only be effective when Technology and Law are combined.
Due to the ambiguity present in some aspects of the LSSICE, it was necessary to conduct an in-depth analysis by experts in Technology Law in order to determine the applicability of the Law, which is mainly concentrated in the following points:
Failure to carry out this action results in a significant penalty. Furthermore, "a service provider can be any company that owns a website", meaning that practically all companies are currently affected by this first requirement.
Various articles of the LSSICE define specific responsibilities for companies providing Internet services or ISPs (including, for example, anyone offering web hosting or Internet access). This action consists of adapting both legally and technically in order to comply with these responsibilities and take the necessary "technological measures" as defined by the LSSICE.
Several articles of the LSSICE regulate electronic contracting. There are formal obligations for B2B and B2C relationships. It is necessary to have the required Legal Notices depending on the type of transaction, which will be essential in the event of disputes between contracting parties.
According to Article 21:
This implies the inclusion of various notifications or modifications in the electronic communications sent by companies, as well as proper management of these communications, in order to comply with these restrictive conditions.
As stated in the text of the LSSICE, when combined with the provisions of the LOPD regarding obligations, responsibilities, infringements, and sanctions, the risk of penalties is very high and the amounts of fines are cumulative. Hence the importance of analyzing both together and understanding their specific impact on each company.
Review of the measures implemented
This will consist of reviewing all measures previously taken by the company regarding compliance and the regulations dictated by the LSSICE.
Audit Report
A complete report presenting the results, exceptions, etc., found during the previous processes.
Technical Audit
In this case, an analysis is conducted to determine whether the technical measures adopted by the company are adequate and therefore compliant with this legislation.