We’re hearing a lot these days about online privacy and security. 2010 was an alarming year, starting with the revelation that Google and some 30 other major U.S. websites had been compromised by hackers–arguably the largest online security breach on record. Later in the year came news that several hundred Apple iTunes accounts had been taken over and used for fraudulent purchases. Even Facebook was impacted when several of its app providers sold user data to third-party marketers without authorization from the social media giant.
For the Internet’s unprecedented growth to continue at its current pace, users must be confident that their personal and financial information is being handled with care. They need to feel confident that despite the Web’s population boom, it will remain reasonably well-lit and safe.
Together, privacy and security equate to trust. But there’s a giant leap in that equation: privacy and security are tangible and rational, but trust is emotional–an intuitive sense that it’s safe to proceed.
Privacy and security can be quantified and measured, but doing so relies on a level of sophistication that’s far beyond the average Web user. Trust, on the other hand, is one of our most basic survival instincts. It’s based on what we perceive, not just what we know.
Maintaining privacy online depends on judgment and vigilance. Consumers entrust personal, private information to online businesses and they rely on those businesses to exercise good judgment in how they handle it. For example, if a business decides to make a little extra money by selling information like our home address and phone number to other marketers, we’ll be annoyed by unsolicited sales offers.
But we also rely on the online businesses with whom we interact to protect more critical information, like credit card numbers, account numbers, passwords and more. In the wrong hands, this information can be used for criminal purposes. Typically, this kind of data is compromised without the online business’s knowledge or complicity–it’s stolen by bad guys who opportunistically seize on a less-than-vigilant online business.
These two compromising situations are very different, but the result is the same: a loss of trust, which can take years to earn but can be lost in an instant. And that’s when instinct takes over. If I’ve lost your trust, there’s very little I can say or do to get it back quickly.
With that in mind, online businesses are investing more money, time and care in preventing situations where trust is compromised. They focus on two key bulwarks against security breaches: judgment and vigilance. Judgment is exemplified by the data policies website operators put in place, the transparency they provide customers, and their stewardship of sensitive data. Vigilance includes the protective technologies they employ, policies governing employee procedures and conduct, and their ongoing preparedness to address threats.
There’s not a uniform set of best practices for e-commerce companies because business models vary. But in general, most online privacy and security experts agree on a few principles:
- Understand the external threats to your site’s security, and implement the technological tools and work processes required to reasonably guard against them. Develop a data-loss prevention plan with your employees, and conduct drills to be better prepared for a security breach or data compromise.
- Follow an “opt in” policy for marketing communications like promotional e-mails–that is, let users decide if they want to hear from you versus automatically putting them on customer lists. Set appropriate expectations about what they’ll receive from you, and how frequently–then ensure that your outreach conforms to those expectations.
- Clearly communicate your privacy policies and terms of use to your users. Use plain language that’s easy to understand; avoid legalese. Notify users and get their permission whenever you want to collect personal information outside those boundaries. Notify users when you alter or amend your privacy policies or terms of use.
- Act as an advocate for your users’ privacy and security. Notify them immediately if there’s been a compromise, and explain what you’re doing to remedy it. Go beyond your users’ expectations by providing recommendations and advice for protecting their privacy and security, even tips that may not directly relate to your business or industry.
With a conscientious approach to privacy and security, you can build a rock-solid foundation for your brand: the trust of your customers.
Brad Williams is a seasoned PR and marketing strategist based in California’s Silicon Valley. He’s held leadership positions with eBay, Yahoo! and other Internet and technology innovators. Brad’s two daughters helpfully and frequently remind him of how much he still needs to learn about how people use the Internet.