Your Business Online | Professional Jeweler

April 24, 2000
It's Their Privacy, Stupid
There's nothing more important in building lasting e-commerce relationships than protecting customers' privacy. Not surprisingly, the top e-tailers are noticeably ahead of the pack in this respect

Two years ago, a Federal Trade Commission survey found only 14% of 1,400 commercial Web sites informed customers of how they use personal information. A year ago, a Georgetown University business school study of 364 of the top 7,500 Web sites visited by consumers showed that 240 posted at least one privacy disclosure. Undoubtedly, the number has risen over the past year.

The Georgetown study asked three questions: What personal information do Web sites collect from consumers? How many Web sites posted privacy disclosures? Do these disclosures reflect fair information practices?

It's not surprising 93% of the sites surveyed collect consumer information; that's an important function for any business. What's important is that, of the sites that have a privacy policy posted, 87% explain how they collect data and how they plan to use it. About 77% offer consumers a choice on how their information would be used; 40% give consumers some access to their own data; 46% securely store data; and 49% let customers contact the company.

Companies that ask their customers for personal information must realize they are forming an explicit bargain with their audience that the information will be used within the company on a need-to-know basis. Companies that fail to establish an explicit privacy protection policy are asking for trouble.

If you'd like some guidelines for your company's Web site, review the following privacy checklist from the consulting firm Peppers & Rogers' One to One Fieldbook. Your policy should cover these points:

  • Itemize the kind of information collected about individual customers.
  • Specify how personal information will be used. If your policy is to use this kind of information only within the company on a need-to-know basis, and not to make it accessible to unauthorized employees at any time, explain this policy explicitly.
  • Make whatever commitments you can make with respect to how individual customer information will never be used, such as personal information is never sold or rented to others, or never used to change prices or insurance premiums.
  • State the benefits an individual customer can expect as a result of the enterprise's use of his or her information such as faster or preferential service or reduced costs.
  • List a customer's options for directing the enterprise not to use or disclose certain kinds of information.
  • State how a customer can change or update personal information you've collected. For example, can the consumer access his or her profile or account information online and modify it?
  • Identify events that might precipitate a notification to the customer by the enterprise. If, for example, a court subpoenas your customer records, will you notify any customers whose information was subpoenaed?
  • Name the corporate executive you've designated the "data steward," who is charged with overall responsibility for assuring the adherence to company information and privacy policies.
  • Specify the situations in which your company accepts or denies liability for damages incurred through the collection and use of customer data, such as through credit card fraud or misuse.
  • Provide specific procedures allowing a customer to order you to stop collecting data about him, or to purge his information files at the company.
With the proliferation of the World Wide Web, and all the information gathering it has entailed, many commercial sites have explicit privacy policies that cover points such as these. For some sample privacy policies, see: American Express at, America Online at, Hewlett-Packard at or Dell at

- by Mark E. Dixon