In October 2003, the U.S. Federal Trade Commission (FTC) served pet supply retailer PetCo a "Civil Investigative Demand" seeking information and documents on how the company protects customer information on the PetCo.com e-commerce website. The FTC request was a follow-up to an e-commerce security breach that left as many as 500,000 credit card numbers accessible from the web.
A web site's privacy policy is the document which informs visitors how sensitive information will be protected by the owner of the website. Following a few simple steps when creating a privacy policy can help prevent the situation that was experienced by PetCo.
STEP 1
Ensure all stakeholders help draft and periodically update the policy.
This includes Middle Management, Marketing, Legal and most importantly IT. Often a business will outsource portions of the development. The IT department will be the liaison between your organization and the third party organization and can help insure that your privacy requirements are meet by third party vendors.
STEP 2
Understand that each word and phrase is legally significant.
The privacy policy watchdogs communicate in legal terms and will be vigilant about false claims made by your privacy policy. Make sure that the policy does not make legal promises that can't be kept.
STEP 3
Support the privacy policy with company wide procedures and training.
Take a close look at the departments that "use" the customer sensitive information and make sure that individuals in those departments are trained to follow proper procedures when handling the sensitive data. This will help reduce the potential for employees to create the "hole" that could place your company at risk.
Monday, March 26, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment