A second wave of attacks began midday Friday after much of the eastern United States was affected in the morning. Sites affected included Etsy, ...
Not long ago I dined at a restaurant and unbeknownst to me the waiter stole my credit card number. I found a whopping $1,253 charge on my statement the following week (the waiter was found to have a box of credit card receipts in his possession) and I didn’t even think about security or privacy!
I heard another story from a direct marketing company that caught an employee capturing credit card information from people who were calling to order products. The point here is that we, as retailers, must do everything we can to protect the valuable personal information we collect from our online customers.
In the offline world, bankers, merchants and card associations have programs in place that help shoppers solve problems when personal information, such as credit card numbers, falls into the wrong hands. We have similar measures in electronic commerce, but we must do even more to let our customers know that all of their most personal information is safe with us.
Buying consumer goods over the Internet is still in its infancy. One of the biggest concerns customers have about Internet shopping is that Web retailers already know too much about them.
Online shopping is, after all, a very personal experience. When customers click on our Web sites and buy merchandise, they are giving us a great deal of information about themselves-where they live, the kinds of products they buy as well as their credit card numbers.
Customers want to know that they can trust us with their sensitive data. And they certainly want to know that we will respect their privacy and not sell their personal information to outside parties. Is the industry doing a good job of respecting privacy rights?
I think we’re off to a good start and moving in the right direction. While plenty of merchants already have clearly posted privacy policies on their Web site, however, there are many others that don’t. If we don’t take more measures to convince the shopping public that we are doing everything we can to safeguard and respect their privacy online, then somebody else willmost likely, the federal government.
The seven signs
The policy should have these seven elements and incorporate this model language:
1. A commitment to privacy. Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our home page and at every point where personally identifiable information may be requested.
2. The information we collect. This notice applies to all information collected or submitted on the Web site. On some pages you can order products, make requests and register to receive materials. The types of personal information collected at these pages are: name, address, e-mail address, phone number and credit/ debit information. On some pages, you can submit information about other people. For example, if you order a gift online and want it sent directly to the recipient, you will need to submit the recipient’s address. In this circumstance, the type of personal information collected includes name, address and phone number.
3. The way we use information. We use the information you provide about yourself when placing an order. We do not share this information with outside parties except to the extent necessary to complete the order. We use the information you provide about someone else when placing an order only to ship the product and to confirm delivery.
4. Our commitment to data security. To prevent unauthorized access, maintain data accuracy and ensure the appropriate use of information, we have appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect online.
5. Our commitment to children’s privacy. Protecting the privacy of the very young is especially important. For that reason we never collect information at our Web site from those we actually know are under 13 and no part of our Web site is structured to attract anyone under 13.
6. How you can access or correct your information. You can access all your personally identifiable information that we collect online and maintain. You can correct factual errors in your personally identifiable information by sending us a direct request. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.
7. How to contact us. Should you have any questions or concerns about these policies, please call us or send us an e-mail.
The next step: certification