Will Privacy Pay Your Bills?

Specifically, @YourCommand is developing a commercial privacy solution--encompassing both hardware and software--that is geared toward e-commerce vendors, integrators and consumers. Dubbed IdentitySafe, the solution recently received a shot in the arm from nonprofit consortium CommerceNet, which is quietly guiding some of its early test projects.

Although Internet bigwigs like Cisco Systems, Hewlett-Packard and EDS back CommerceNet, a consortium spokesperson would not divulge which vendors are participating in the privacy initiative.

Dallas-based @YourCommand also is keeping mum technical details of its solution, which is slated for announcement in early 2000. But CEO Doug Peckover says IdentitySafe could keep U.S. e-businesses on the right side of Europe's tougher Internet privacy laws, which require businesses to disclose how they plan to utilize customer data (see chart) and obtain consent before selling this information.

Trust Us

Moreover, a network product like IdentitySafe could appease consumer privacy fears at home following snafus by the likes of Real Networks, which earlier in the month was caught red-handed harvesting customer data from its online RealJukebox product.

"Security was the Internet's big issue in 1998 and 1999. Privacy will be the hot-button issue in 2000," says Peckover.

Although Peckover is tight-lipped on details, CommerceNet documentation states that IdentitySafe lets consumers store their personal information, like name, phone number and address, in a single, secure location that satisfies the European laws.

Consumers are then given a private identity that is used in business transactions. All personal info is released on a need-to-know basis: Merchants learn the consumers' needs, credit-card companies validate consumers' financial information and shippers receive delivery information. Each entity sees only information that is needed for the specific part of the transaction, according to CommerceNet.

@YourCommand is seeking to license the technology to vendors that then could integrate and market IdentitySafe under their own brand, says Peckover, who notes that the solution will be geared to work in the off-line world, as well.

The impact on e-commerce integrators could be huge, claims Peckover. "These are the people who are going to be hit between the eyes by [privacy concerns]," he says.

International e-commerce gurus agree the current situation is difficult. Currently, the U.S. and the European Union are embroiled in ongoing negotiations to bring U.S. merchants in compliance with a European privacy law enacted last year. A "safe harbor" compromise is being pushed by the U.S., but has been largely spurned thus far by EU officials.

The end result is a muddled situation for integrators guiding their business customers into the world of global e-commerce. "We always advise our customers to fully comply with the EU directive ... It's something we'll all eventually have to deal with," says Thomas DeLuca, VP with global payment facilitator Planet Payment.

Other Options

Many businesses insist that displaying a privacy policy prominently on their Web site will solve the problem. Others have external organizations like Truste audit and certify their privacy practices.

But Real Networks boasted a Truste certification before committing its recent privacy blunder. And several other companies have boasted privacy statements before committing similar breaches. That reality may push many consumers to demand privacy "handcuffs," or software solutions, that can make infringement technically difficult, if not impossible.

"The real challenge isn't making a privacy policy, it's adhering to it," concurs Planet Payment's DeLuca.

This is the sentiment that's been spurring @YourCommand's Peckover, who says this technology has been in the making for close to six years. And the more privacy concerns that bubble to the surface in the U.S. and abroad, the brighter his company's future looks. Just don't expect any hard details about @YourCommand's solution until early 2000.