Yahoo Stores features ‘automatic’ PCI compliance for secure payments, among other options.
(Page 2 of 2)
External policies must be supported by internal procedures. All company employees must be trained in the procedures, and they must be consistently enforced. Many of the recent personally identifiable information disclosure incidents (e.g., Veterans Administration, Nevada Department of Motor Vehicles, MCI) occurred because of procedure gaps or failures. It doesn’t help to have a procedure regarding encrypting database information at headquarters if unencrypted information can be downloaded to a laptop and removed from the building.
When developing the procedures, question everything. Does an employee really need access to multiple data records or only one record at a time? Should employees be allowed to have customer information on laptops? When you have the procedures in place, thoroughly train employees and follow the procedures.
Finally, remember that all systems are dependent on people. The people at your company must follow company policies and procedures. But remember that your customers are people, too. That may seem obvious, but by overlooking the fact that customers have irrational fears as well as legitimate concerns, retailers may forget that perceptions can be stronger than fact.
Not the enemy
If anything, the Open to Exploitation study shows us that most American adults poorly understand personally identifiable information and what retailers may do on- and offline. Interact with your customers and understand their fears so that you can be proactive. Don’t treat your customers as the enemy when collecting and using personally identifiable information. Remember that your success depends on whether you use the information to make the customer more satisfied, increasing the likelihood of repeat purchases in higher amounts.
Retailers have had access to personally identifiable information since the first store opened. While the Internet has expanded the collection and use of personally identifiable information, and the potential for inadvertent or willful misuse of personally identifiable information, it hasn’t changed the fundamental requirement for a strong retail business: trust between the customer and the retailer. Build that trust and your chances for successes will increase.
Kenneth A. Grady is an attorney and president of K.A. Grady PC, a Massachusetts-based law firm advising retailers on how to solve operational and strategic legal problems.