The world of ECommerce brought about a new paradigm of managing the digital footprint of today’s electronic transactions. Companies and Solution Providers are both faced with defining security as it relates to the data being exchanged with customers and implementing the proper protection for this information. However, the question of risk or lack thereof was usually a consideration.
What has Changed? – The result of FTC v. Wyndham Worldwide Corporation reinforces the teeth implied by the FTC Act. It clearly holds companies accountable for not only defining privacy policies and terms of service agreements, but requires those companies to adhere to them. While Wyndham was not fined, they are being held accountable by the FTC to uphold assurances they make within their own privacy policy.
According to the FTC, this is where Wyndham misjudged the implementation of their security practices. While it is easy to look at the situation in wonder, the reality is that companies make statements in these policies, but consistently have risks that may cause them to fall short in the actual implementation. The more global a business, the more intricacies may exist. This shows the level of responsibility that the FTC requires regarding how businesses and technologies must protect consumers for all transactions regardless of channel. Given that managing data and its security is a rather dynamic task sometimes fraught with obstacles, it requires a certain amount of diligence.
A Marketer’s Perspective – This should create a moment of pause for most companies that manage customer transactions containing customer and credit card information, whether through a Point of Sale, ECommerce enabled Website, Payment Solution or other technologies that are potential requirements for efficiently transacting business via multiple channels. The needs of each corporation are different and the appropriate people within them should seek guidance from qualified resources to understand if this affects their specific sales and marketing efforts or the products and services they provide to the marketplace.
As a guideline, a business may want to contemplate the following questions:
- What impact does managing this data have within my business?
- Are we protecting the data of our customers to the extent necessary?
- What systems may affect compliance with our Privacy Policy and Terms of Service?
- What additional technologies will enable us to efficiently manage this data?
Real Applications – Any technology that facilitates a touch point with customers presents an opportunity for transactions to occur and data to be exchanged. Mobile devices, computers and kiosks are just a few examples of solutions that capture this information. The POS, ECommerce, Payment and custom software solutions all may play a role in capturing, organizing and protecting the customer in compliance with a privacy policy and regulation. The bottom line is that this information has a lifecycle and responsibilities that go along with it during that time.
Sources:
- FTC, “Wyndham Settles FTC Charges It Unfairly Placed Consumers’ Payment Card Information At Risk”, Federal Trade Commission, December 9, 2015. Web. December 16, 2015.
- Andy Greenberg, “Court Says the FTC Can Slap Companies for Getting Hacked”, WIRED, August 24, 2015. Web. December 16, 2015.
- John Fontana for Identity Matters, “FTC, Wyndham Hotels settle hacking case”, ZD Net, December 11, 2015. Web. December 16, 2015.
- Lesley Fair, “Third Circuit rules in FTC v. Wyndham case”, Federal Trade Commission, December 9, 2015. Web. December 16, 2015.