You are in: ECommerce-Guide > News > Trends

ECommerce-Guide Essentials eBiz FAQ Everything you need to know to start your own successful e-business. Selling on eBay How to make money in the online marketplace. PayPal Payments and More What's new in secure payments for your online store. Shopping Cart Software Solutions to close, process and track your online sales. Related Articles •Consumers Don't Trust Web Sites •Consumers to E-Tailers: Don't Kiss and Tell •E-Tailers Unconcerned by Fraud

Information Privacy: The Other Side Of The E-commerce Coin
By Mark Merkow, CCP, CISSP
September 24, 1999

Section I. Development Of Privacy Policies To Guide Customer/Client Relations
A. Organizational Policies
Does your organization/company/agency have policies that outline its privacy practices and expectations for handling the personal information of your clients, customers, users, members and/or listees?

Are your organization''s privacy policies communicated regularly -- in employees'' initial training sessions, in regular organization-wide training programs, in employee handbooks, on posters and posted signs, in brochures available to clients?

Are all employees who handle personal information included in the training programs, including temporary employees, back-up personnel, and contract staff?

B. Privacy Principles
The major components of effective privacy policies are listed here, adapted from the fair information practices developed by the Organization for Economic Cooperation and Development (OECD) in 1980. Although designed to guide the development of national privacy legislation, these principles are also appropriate for organizations.

• Openness. There should be a general practice of openness about practices and policies with respect to personal information. Means should be available to establish the existence and nature of personal information and the main purposes of its use.
• Purpose specification. The purpose for collecting personal information should be specified at the time of collection. Further uses should be limited to those purposes.
• Collection limitation. The collection of personal information should be obtained by lawful and fair means and with the knowledge and consent of the subject. Only that information necessary for the stated purpose should be collected, nothing more.
• Use limitation. Personal information should not be disclosed for secondary purposes without the consent of the subject or by authority of law.
• Individual participation. Individuals should be allowed to inspect and correct their personal information. Whenever possible, personal information should be collected directly from the individual.
• Quality. Personal information should be accurate, complete and timely, and be relevant to the purposes for which it is to be used.
• Security safeguards. Personal information should be protected by reasonable security safeguards against such risks as loss, unauthorized access, destruction, use, modification or disclosure. Access to personal information should be limited to only those within the organization with a specific need to see it.
• Accountability. Someone within the organization, i.e., the Chief Information Officer or an information manager, should be held accountable for complying with its privacy policy. Privacy audits to monitor organizational compliance should be conducted on a regular basis, as should employee training programs.

Tools:

Add ecommerce-guide.com to your favorites Add ecommerce-guide.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed