More Topics

Designing privacy for your e-business: 10 rules of thumb

By Peter Keen, PC MagazineMay 18, 2000 3:07 PM PTPrivacy on the Web is a matter of basic Web design principles. It's a matter of KISS—not "Keep It Simple, Stupid" but "Keep It Safe and Sensible.
Written by Peter Keen, Contributor
By Peter Keen, PC Magazine
May 18, 2000 3:07 PM PT

Privacy on the Web is a matter of basic Web design principles. It's a matter of KISS—not "Keep It Simple, Stupid" but "Keep It Safe and Sensible." You can choose to highlight privacy as part of your trusted brand—a key element in building and sustaining your customer relationship. Conversely, you can choose to handle it as just another subset of security and data management—an administrative add-on and a bit of a nuisance.

If you are simply designing a Web site, you'll probably take the latter view. But if you think instead in terms of designing the customer experience, privacy will be right up at the top of your list of key features. We've come up with some rules of thumb for achieving this.

Have a privacy policy: Make sure you have an explicit and formal company privacy policy in place, highlight it in all customer interactions, and make it easy to understand.
Don't ask for too much: Don't ask for more private information than you need.
The customer's perspective: Make customers feel safe in their relationship with your company, regardless of formal—and often contradictory—legal requirements.
Security technologies: Handle the security basics well: SET and SSL are your best friends. They don't guarantee privacy by themselves, but they sure show that your firm is responsible in its e-commerce.
Privacy organizations: Associate your site with an organization, such as TrustE, BBBOnLine (Better Business Bureau), or CPA WebTrust, that certifies Web sites and the business and audit processes behind them.
Let users opt out: Let customers easily opt out of allowing you to share information with other parties, but inform them that they'll probably lose convenience, service, and personalization if they do so.
Stay away from trickery: Don't be tempted by easy technology tricks that deceive your customers. No Web bugs (or clear gifs), HTML e-mail identity grabbing, or other hidden intrusions. None. These can lead to loss of trust and therefore loss of business.
Between privacy and security: Take an auditor to lunch. Most breaches of privacy happen far, far away from your Web site. Access control, audit logs, and formal rules of information use are the process essentials that support or undermine what you build into the Web site.
Not as simple as a firewall: Don't put all your faith in firewalls. Firewalls are only as good as the attention and expertise behind them.
Look on the bright side: Privacy is generally discussed in negative terms: Everyone's for it, and violating it is A Bad Thing. But in practice, it's very much a matter of common sense and ensuring informed consent.

Editorial standards