Entries tagged with “Privacy”.


“The times are tough now, just getting tougher  - This old world is rough, it’s just getting rougher - Cover me, come on baby, cover me” – Bruce Springsteen 1984

Businesses work very hard to build their brand.   Small businesses are no different.  Establishing trust and loyalty among the customer base is essential to the longevity of any business.  Many companies focus on marketing and sales relationships to ensure that connection between customer and company continues to grow.  Social media, direct mailings, radio and tv advertising, print advertising, and data security and privacy policies all contribute to the growth of brand trust.  What a minute!  Did I say data security and privacy policies?  You betcha!  This is what I like to refer to as “brand security.”  Businesses spend an inordinate amount of time and money on establishing a brand that customers trust.  One of the fastest ways to lose that trust is to suffer a data security breach or to violate customer privacy.  For that reason, I often refer to data security and privacy programs as “brand cover.”

I’m going to borrow heavily, and probably poorly, from law enforcement and military actions here.  When you go into action, you generally have a forward team and then you have a team that provides “cover.”  This team keeps an eye out for threats that may not be visible or apparent to the forward team, but pose significant risk.  In the business world, one can think of your sales and marketing efforts as the forward team, while data security and privacy programs provide the cover.  You marketing and sales efforts move the company forward and increase awareness.  Your data security and privacy programs help to mitigate unseen, and sometimes unknown, risks to your brand’s integrity.  In fact, some larger organizations, particularly not-for-profits, are more concerned about brand damage in the event of a security or privacy compromise, than they are the fines that may be associated.

For small businesses, implementing and enforcing data security and privacy policies can seem daunting.  The Better Business Bureau, though, has put together a primer for businesses to help them develop these programs.  If you accept debit and credit card transactions, you can look for services to help minimize how much of that sensitive payment data your business stores.  You can also undertake an inventory to see just what data you are collecting and storing and how you are protecting it.  You can also evaluate the partners that you use and how you share data with them. Understanding your data can ultimately serve as a very effective means of protecting your company, your brand, and your customers.

It is questionable if all the mechanical inventions yet made have lightened the day’s toil of any human being.  - John Stuart Mill

Last year, California was in the news as a result of an interpretation of a long-standing law, written and passed before the advent of the internet or ecommerce, that limited the amount of data that could be collected by retailers in order to complete a purchase.  The law, Civil Code § 1747.08 (a), expressly forbids retailers from doing the following:

(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
(3) Utilize, in any credit card transaction, a credit card form which contains pre-printed spaces specifically designated for filling in any personal identification information of the cardholder.
Essentially, if the information isn’t required for the fulfillment of the order itself, the retailer is prohibited from collecting the data.  This came to the forefront last year when the California Supreme Court ruled that collecting zip codes for Address Verification Service (AVS) was a violation of the 1971 law.  This year, the California Supreme Court is tackling the law again, this time to determine if the law does, in fact, apply to online retailers.  Retailers are concerned, understandably, that limiting the amount of information that can be collected may increase their exposure to credit card fraud.  This sets up a battle between privacy advocates and retailers that will likely set the stage for many more challenges to come.  Stay tuned to the ProPay Blog for updates on the case…
Film Still

Ali Baba Bunny - Warner Brothers Cartoons (c) 1957

The topic of password security is not new.  It’s probably not that interesting to most people, but the fact remains that password security is important.  Think of all the websites that you use that require passwords – bank accounts, bill payments, mortgage, stocks and trading, health care, insurance.  And that doesn’t include the shopping sites.     And then of course you have your passwords for your computer, your smartphone and your tablet device.  Yet for many passwords are a drag. The list is long. People continue to use the same password for every site.   Or they make the passwords easy, so they can remember them without having to write them down.  The challenge is that many people still use very common, easily hacked passwords.

Splash Data just released their annual list of most commonly used passwords. Their list is compiled from of stolen passwords that hackers post online.  Not surprisingly, the top three passwords remain unchanged from last year.  They are “password,” “123456,” and “12345678.”   If any of these are your password, you may want to think about changing it up.  New entries this year include “ninja,” “mustang,” and “jesus.”  For those of you keeping track, the password “trustno1″ has dropped three spots this year, while “iloveyou” is up two.

The great dilemma with passwords is that, when you make them complex, you often forget them.  Make them too simple, though, and they are easily broken. Splash Data does offer some suggestions on how to strengthen your passwords.  “One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”” A password doesn’t have to be a word, it can be a phrase or a short sentence.  Sometimes it’s the simple things that keep the bad guys away from our valuable information.

On this blog, we have discussed, almost ad nauseum, data breaches.  How they happen, how they can be avoided, what to do if your business is impacted.  What we haven’t discussed much is that most merchants, particularly in the SMB segment, are also consumers.  So what rights do consumers have when their data has been compromised?  The Privacy Rights Clearinghouse has been producing a six part video series on important privacy topics.  This week, the organization released Part 4: Data Breaches: Know Your Rights.

The video walks viewers through an incident in which a consumer is notified that his data has been compromised.  It discusses what questions you should ask and what steps you might take to protect yourself.  As an example, we hear that consumers are often advised to get a “credit freeze” in the wake of a compromise.  But what does that mean and is that really the best option for everyone?

As an additional resources, check out the Fact Sheet also offered by the organization. Unfortunately, data breaches are going to continue to be common for the foreseeable future.  Not because organizations aren’t taking appropriate steps to protect the data, but because data thieves are often highly motivated and see hacking as a high-reward/low-risk activity.  That being the case, as consumers, it makes sense that we educate ourselves on how to respond and what rights we have under the various state or federal laws surrounding our financial or personally identifiable information.

As someone that watches with great interest as the great privacy debate unfolds, this article really caught my attention.  The issue in question is the trade-off between online privacy and discounts or special offers.  According to  a study by KPMG (Consumers and Convergence V: The Converged Lifestyle survey) a majority of US shoppers would offer up their online activity history in exchange for discounts on goods or even digital content.  Further, 43% of those surveyed would be willing to receive advertising, if they didn’t have to offer up personal details, in exchange for lower fees.

This is an interesting juxtaposition to the privacy hearings that have been occupying the US Congress of late.  Legislators have been greatly concerned with things like smartphone tracking and browsing histories.  It’s interesting to note that the issue may not be that consumers are upset about these activities on the part of merchants, but that they are not currently getting anything out of the bargain.  It is true that organizations should not be tracking consumer behavior, at least individual consumer behavior, without the consent of said individual, but there are benefits to sharing browsing history  and shopping behavior and consumers are recognizing those.  The question becomes, how can one  leverage the consumers’ self-interest to help the merchant?

It is important not to lose sight of the fact that consumer notification, awareness and choice remain priorities.  Tracking consumers without letting them know and providing them with the ability to opt out is a major faux-pas.  However, providing them some quid-pro-quo seems to ease many consumer qualms. What would be interesting to know though, is the consumer “break-even point.”  In other words, what sort of discount or service is the minimum for sharing their online behaviors?  That is not included in the KPMG survey, and is likely much more difficult to ferret out.

In today’s world, the balance between marketing research and a breach of consumer privacy can be difficult to measure.  For organizations that have questions about managing consumer privacy, there are a number of resources that can be referenced. Included is a short, certainly not exhaustive, list of privacy guidelines.

1) OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

2) Federal Trade Commission Fair Information Practice Principles

3) Generally Accepted Privacy Principles

4) Privacy by Design

Dr. Heather Mark, PhD; SVP of Market Strategy