Information about a visitor may include name, date of birth, address, contact information, marital status, previous purchases, payment info, etc. Basically, anything that can be used to identify the person in question.
This statement's purpose is to inform the client of what information is going to be gathered about him, how it's going to be stored and under which circumstances it will be released.
Table of contents
It is a fact that technology has an effect on human rights. Especially today, when people spend much of their online time browsing and shopping for various products and services. Back in 1968, the Council of Europe studied these effects.
Just one year later, Convention 108 was introduced. In 1973 we had the first Privacy Law - the Swedish Data Act. Germany followed with the Data Protection Act in 1977 and many others on the old continent were to follow these examples.
The first similar notions across the ocean were brought forth in the 1970s in both the US and Canada. The Congress of the USA passed the Fair Credit Reporting Act and in Canada, the government updated the Canadian Human Rights Act.
The general guidelines can be found in the privacy and personal data protection documentation published by the Organization for Economic Co-operation and Development (OECD).
Back in 2008 a big name in the online retail industry, Life is Good, INC. and Life is good Retail, Inc. settled FTC charges that it failed to safeguard consumer sensitive information. This was a violation of federal law.
In this case, we are not only talking about the data that can be used to find out who they are or where they live, but also the credit card data. If this information leaks, there could be devastating consequences for both the online retailer and people who used their services.
The most important thing to explore and get familiar with when in eCommerce waters, is definitely Payment Card Industry Compliance. PCI compliance has one standard, in particular, PCI Data Security Standard that dictates to all online retailers how to store, process and transmit all credit card data.
Visa, MasterCard, and JCB International are just some of the organizations that make the PCI Security Standards Council organization. Their primary concern is how to enhance payment account data security.
Any online shop has to meet all PCI Data Security Standard requirements:
- Build and Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Make sure to check each requirement of PCI DSS and implement all technologies that will allow you to handle this type of user data on your eCommerce website. As we can see, meeting these requirements is very important and will protect any online business should any such unfortunate events take place.
Since many things in this area are not carved in stone, it is strongly advised to stay tuned to the latest developments in the field. For instance, you can read authoritative insights on the legal and regulatory issues affecting online business.
This can be done by notifying the customer that they agree to all of the things stated above by clicking on the "place order" button or by checking an "I agree to..." checkbox on the checkout page.
The best practices to follow when you run an eCommerce website go as follows:
- Consider using the clickwrap agreement technique if users can register an account on your eCommerce website.
Get familiar with standards
In each industry, there are standards that have to be met. Doing business online is nothing new, and fortunately, there are many resources online that can get you on the right track when it comes to privacy policies.
Decide who will be responsible
But keep in mind that this is a highly complex task and that some established online retailers outsource this to teams of professionals. This is simply because there are countless regulatory compliance issues that have to be understood and resolved within boundaries set by laws.
Follow the examples
It is important to understand which software tools and/or systems are collecting user data while they are on the website. It's also important to pay attention to how data is stored and used and which services share the data by using security protocols.
Check the privacy practices of your eCommerce website
You should make a list of data your website collects while visitors are browsing through products and when they make a purchase.
Here are the most common data entries collected by eCommerce websites:
- Personal user information such as shipping address, phone number, email, name, etc.;
- Financial and payment data: credit card number, CVV, expiration date, etc.;
- Data collected by cookies: behavior tracking and other site analytics;
- Usernames and passwords if websites require registration.
- Make Sure to know What Happens with the Data
- The most important things regarding user data include the following: where it is stored, how long it stays stored and how it will be used and/or shared. It is important to know whether your site just uses payment processing info as a gateway and doesn't store it at all, or it stores this confidential data.
This is a good practice and it will certainly help you building trust with your customers. You can simply add a contact phone number and/or email address for anyone who has privacy requests and concerns.
Post it on your eCommerce website
Keep it updated
Another way to have it written is to hire a lawyer or a team of lawyers who can write a customized one that covers your site's practices. Of course, in most cases, it will be very expensive and not always worth it especially for smaller businesses or those who are just starting out.
A much better approach is to use an online generator. It will guide you through a series of questions to ensure the final policy is applicable to your eCommerce business and how you run it.
You can include links to relevant laws in order to make it understandable. By reaching out to your customers in this way you will increase their trust.
Once you have written or had it written, make sure that it is found on each web page of your online shop.
And don't forget to keep it updated. This way, you will not only minimize the risk of getting sued and be subject to numerous penalties, but you will also build trust with your customers and increase customer satisfaction and retention rates.
- Updated on December 11, 2019