New York State recently passed legislation broadening the protection provided to residents who shop online. New York State Attorney General, Andrew Cuomo, compared it to a new sheriff arriving in town, saying the bill “puts businesses on notice that the Internet is no longer the Wild West of commerce.”
Comparisons between the wild frontier and the world of e-commerce might seem far-fetched until you consider that hackers with stolen credit card numbers have the potential to do a lot more economic damage than Butch Cassidy and the Sundance Kid. Computer system intrusions and data security breaches have beleaguered universities, corporations and retails stores. Consumers are concerned and looking for ways to protect their personal information.
Forrester Research reported that 86% of consumers are worried about giving information to marketers because of privacy and security concerns. In addition, Forrester also estimated that roughly half of North American households look for privacy and security policy information on Web sites. Marketers should anticipate the next step: consumers buying solely from sites that offer the best security and privacy policies. The right credentials can minimize consumer fears and differentiate brands that care.
Establishing a corporate culture that respects security and privacy is the most important step in keeping data safe. All cultures start at the top with CEOs and senior managers communicating the importance of a set of values. The management team must then demonstrate their commitment by providing time and resources to support projects and rewarding employees who excel in implementing the values.
Simultaneously, the IT team needs to establish zero tolerance information security processes and policies. Adhering to these processes include training employees on their security responsibilities, commissioning formal audits with outside auditors, consistently monitoring security systems and regularly testing processes and procedures.
Marketing departments also need to embrace security and privacy practices as a way to differentiate brands and build relationships with consumers in the Web 2.0 world. Telling consumers that personal information is protected gives reassurance. Proving to consumers that personal information is protected gives credibility. Gaining certification seals from organizations, such as the three listed below, establishes that companies take security and privacy very seriously.
Compliance with the PCI Data Security Standard informs consumers that a company uses best practices to protect credit card data that is stored, processed or transmitted. The standard contains IT security requirements and guidelines agreed to by all major credit card issuers including, Visa, MasterCard, American Express, Diners Club and Discover. Compliance will soon be required for all businesses who accept major credit cards.
Ideally, companies have been proactive either by being compliant or working toward compliance. If not, this should become the top priority for both senior management and IT departments.
Joining an independent, nonprofit organization like TRUSTe alerts consumers that a company’s Web site and e-mail practices are certified and monitored to protect personal information.
Certification from Verisign assures consumers that e-commerce and communications conducted over a company’s Web site, intranet or extranet are protected with secure socket layer SSL encryption.
No one can guarantee privacy or safety in the Web 2.0 world. To do so would be similar to inviting Billy the Kid over to check out your new bank safe. However, implementing industry best practices, policies and procedures can minimize risks. Working with external audit teams and following security best practices, such as the PCI DSS, are great starting points. Organizations need to understand that certifications and seals are not an end point. Maintaining a secure infrastructure requires continual monitoring and improving.
Communicating to clients and customers about the security surrounding their personal information can increase their peace of mind. Taking the actions described above can increase your peace of mind.