November is Retail Privacy Month
So many retail businesses online equal a lot of websites. The digital commerce website industry is thriving. Every retailer is parading their merchandise online with engaging content and photos.
Customers are also observed as they go from web page to webpage: what preferences they have, is it easy to navigate, is an ad going to entice them?
Last month, which happened to be cybersecurity awareness month, a very nasty ad storm captcha virus captured the bad guys’ imagination. As websites embed beacons and cookies and other trackers, your cybersecurity and privacy officers should be on standby.
At Managed Privacy Canada, we partner with the eCommerce and website development teams to embed privacy and security by design. Every new feature has to pass a test: to reflect the promises made to consumers in the Privacy Notice and to ensure the website has been reviewed from a security perspective.
Developers need to stay alert to review their code against known OWASP security threats and “cool features” on the website have to go through a balancing test of how much more customer information is collected or used vs. what the customer knows. These practices are not difficult to implement but they are very effective. Oftentimes, the privacy officer suggests additional text for clarification and transparency purposes. Similarly, for security, an SSL certificate may need to be renewed.
We are not saying building a website is easy or a simple task, but with the right advisors by your side and taking a continuous risk monitoring approach, can break down the complexity and the added tasks into simple ones. Not everything has to be done at once if privacy and security requirements are reviewed and planned in advance and followed through as the development progresses.
Developers should also understand the implications of embedding other third parties into the website and consulting the security and privacy officers, to review the risk and add appropriate safeguards.
The bottom line is that a website is the “storefront” for any retail business. Will customers be safe, will their information be protected and diligently used only for what the customer wants from that particular business? It is up to your organization to embed adequate security and data handling practices into your online “storefront” technologies.
Let’s not forget the various third-party technologies used to enable any part of the retail business, especially the OT side of warehousing and distribution. As soon as we connect these components to the retail business internal networks, the risk is compounded.
At Managed Privacy Canada we have developed best practices and documentation to support retailers to thrive without the added worry of asking themselves how to handle customer data in compliance with privacy rules, including safeguarding data.
✅ Our approach to practical privacy begins with your free 20-minute consultation. For more information, visit www.managedprivacy.ca
✅ For privacy updates, follow us @Managed Privacy Canada on Linkedin