|
Privacy Guidelines: Assessing
your Privacy Architecture Privacy Guidelines: Assessing your Privacy Architecture
Introduction Did you know that 71 percent of consumers look for online trustmarks before 1doing business online? Or did you know that 73 percent of consumers have refused to give information to a Web site because they felt it was too personal 2or unnecessary? Information is the new online currency and your success in this online information marketplace depends on the level of trust you have with individuals visiting your Web site.
There may be no quicker way to lose customer trust than by failing to adequately advertise your privacy practices to prospective customers or by failing to communicate with established customers when you make significant privacy changes to your site's operation. The costs of failure are high: in addition to lost revenue and reputational damage, companies that fail to respect the privacy of their customers can also face legal ramifications.
Protecting customer privacy goes beyond securing your network from hackers and posting a boilerplate privacy policy. Protecting customer privacy requires the development of a robust plan, unique to your company, which minimizes data collection, adequately secures collected data, and effectively communicates privacy practices to customers.
Moreover, your plan must be adaptable: it should be reviewed frequently and evolve with your business and the greater marketplace. New technologies and practices will raise new privacy questions that you must answer. Do you use behavioral advertising to target potential customers? Do you collect biometric information (e.g., fingerprints, retinal scans)? Does your company use cloud computing to store data? While you may answer "no" to these questions today, the answer may be "yes" to these, and many new questions, tomorrow.
The guide that follows provides a framework to assess your company's privacy practices and needs.
1. Who do you collect information from?Navigating the 2. How do you use the data you collect?Whitepaper 3. What data do you collect?4. How do you collect data?5. How do you store the data you collect?6. Do you have a security breach response plan?7. How do you market your business?8. Do you adequately communicate your privacy practices?9. Data Collection for the Future10. Conclusion11. TRUSTe Privacy Assessment Checklist12. TRUSTe Solutions
1 "Trust Marks: What's Behind the Label Counts". Yankee Group. 2009. http://us.mcafee.com/en-us/local/docs/LR-51384.pdf 2 "Future of Privacy Forum Online Behavioral Advertising "Icon" Study". January 25, 2010. http://futureofprivacy.org/final_report.pdfPrivacy Guidelines: Assessing your Privacy Architecture
1. Who do you collect Questions to consider:information from? ÂÂDo you receive information about your customers from third parties?The sources of the data you . Your business may require you to obtain customer information from third receive may determine many parties such as credit reporting agencies, banks, and other sources which may of your privacy obligations. subject you to privacy laws and obligations. For example, if you access consumer credit reports you may be subject to the Fair Credit Reporting Act. You may also be subject to contractual privacy and security obligations such as those set forth by the payment card industry (e.g., the Payment Card Industry Data Security Standard) or if you act as a vendor or supplier to another business.
ÂÂWhich states are your customers from?. State law may apply to your company based on the geographic location of your customers. These state laws may impose obligations related to data breach notification, storage of information, and security measures. Nevada and Massachusetts are two prominent examples of state privacy mandates that go beyond basic data breach notification laws.
ÂÂDo you collect information from people outside of the U.S.?. Foreign data protection laws, especially those in Europe, impose different requirements than U.S. laws. The U.S. Department of Commerce administers a Safe Harbor Program that can guide foreign compliance efforts. Learn about TRUSTe's EU Safe Harbor Privacy Program.
ÂÂDo you collect information from children?. The Children's Online Privacy Protection Act (COPPA) is a federal law governing the collection and use of information from children under 13. You may be required... [download for more]
|
