Ensuring Privacy Key to E-commerce Success The Buzz


Identity theft is a big concern for online consumers. They want to know their private information is secure. They don't want their credit card numbers and other data falling into the wrong hands.

Companies vary widely in how well they're protecting consumers, says Tim Richardson. He's an e-commerce professor.

"Some companies are handling it well and making it a 'sellable,' meaning that in a competitive environment they're saying, 'We know you're freaking out about security, so we've got [these security measures], and therefore we're handling it better than the competition,'" says Richardson. "Other companies are just ignoring it or not dealing with it too effectively."

Privacy Policies Confusing

It's not enough these days for companies to protect online buyers' information. They also need to develop clear privacy policies and communicate them to the public. Privacy policies explain what information is being collected and how it will be used.

"Most companies do have a privacy policy, but that's not enough," says Rebecca Jeschke. She's with the Electronic Frontier Foundation (EFF). The EFF is an advocate for the public's digital rights.

"The devil is in the details," says Jeschke. "Many privacy policies are one-sided in the service provider's favor, written for their benefit and not the consumers.

"Even more importantly," Jeschke adds, "most users never even bother to read, let alone understand, these policies, filled as they are with confusing legalese."

The companies that will be most successful at e-commerce will avoid confusing legalese. They will put customers at ease while meeting the privacy and security demands of financial institutions, the government and consumers.

Bob Travica says companies in the U.S. are legally required to have privacy statements on their websites. He's an associate professor of management information systems.

"Customers need to give their consent in order to have their personal data recorded by companies," says Travica.

"What really happens with this data later on is not always clear -- if the data can be resold, used by somebody else, used for promotional things," Travica says.

"I don't think there are authorities that can track this down, really, and you can all of a sudden start getting e-mails or calls from some company you've never heard of, and you can't track down the source of your telephone number, how it got to this company or your e-mail address... I would say that certain advances have been made in protecting personal data, but there is still much territory to cover."

Data Security Much Better Today

How companies handle the customer data they collect is one issue. Another is how well they protect financial information such as credit card numbers from hackers determined to get that information.

"The issue is security of data," says Travica. "Can a credit card number be hacked by some insider in the organization who has access to information systems, or can it be hacked maybe by some external intruder? That's really the issue.

"But in terms of technical solutions we have today, we have come a long way, because there are secure connections," Travica adds. "Encryption has increased so much that... to crack down an encrypted message that contains credit card numbers would take some supercomputer 30 years or something like that, so we are pretty good in that respect, which was not true five or seven years ago."

It's not just large businesses that have access to encryption technology and secure connections. This means consumers can buy products online from a range of sites with more peace of mind than ever before.

"Even as a small business when you engage in these secure transactions... there is a whole procedure you can follow," says Travica. "It's easy and it's affordable to anyone, really, to buy an encryption and decryption key and to be certified. There are certifying agencies that prove you are the company you claim to be."

Customer Info is Marketing Power

Companies will continue to gather as much information as possible about their customers. When it comes to marketing, information is power -- the power to sell more.

"The big thing that companies are trying to do...is gain much more detailed information about their customers, so that they can serve them better," says Richardson.

Companies know that building their business by getting new customers is very difficult. "Building your business by taking your existing customers and selling them more is a lot better, and the way you do that is by knowing more about your customers," explains Richardson.

"They want to know all this detailed information so they can send you more targeted [marketing messages]," Richardson adds. "For example, magazine subscriptions -- if they know that I subscribe to Hunters and Bowhunters Weekly and I also own a motorcycle, there's a 72 percent chance that I also own a pickup truck (these numbers are hypothetical). So those [kinds of predictions] are the things they're trying to do."

It might be that today's younger generation is open to giving their private information to companies more willingly than past generations. Through social media they already are giving out information, perhaps without realizing it. This can have many unforeseen consequences.

"Young people have to be more discreet about letting information [go online]," says Richardson. "They've got to be so careful about that on Facebook and other social networking sites... because this lives on as screen captures forever.

"Companies are now mining this to be able to sell people a product," Richardson adds, "but they're also using it when they want to hire people to make decisions about their personality."

Links

Center for Democracy and Technology
A privacy advocacy group

Electronic Privacy Information Center (EPIC)
Offers an online guide to privacy resources

TRUSTe
Online program endorsing the use of privacy policies

International Association of Privacy Professionals (IAPP)
Organization for privacy professionals around the world