Given the nature of our craft (digital or online marketing), the digital or technology aspect involved in engaging, attracting, converting and transacting online or through mobile devices means that we are constantly collecting and sometimes storing our customer’s personal and financial details. With this enormous advantage (meaning the ease of use of online transacting and convenience) comes responsibility.
I’m sure you are all aware of the increase of fraud and identity theft since the rise of eCommerce and the usage of the internet as a common form of sending and receiving information. If your business is collecting customer personal details, you have an obligation to store them in a secure way to protect their privacy – this includes security for your digital records as well as any paper records you may have as part of your businesses internal processes. Your customers privacy is legally protected by the Privacy Act, however it is a requirement of your business to adhere to these legislated privacy regulations. Alongside your obligations to secure your customer’s personal details, you must also ensure that you are using these details to communicate with your customer, in ways that are consistent with how your business promised, at the point of acquiring said personal details.
I know, my brain is hurting as well, but I’m trying to say it in as plain english as possible but also in a way that emphasises the importance of this information. As I have said in numerous blog posts, your data is of paramount importance, so as digital marketers, we are always trying to collect as much data as possible. Your customers personal details are one of the richest sources of data you can access. But you must treat it with respect.
If you are also collecting your customers financial details to complete online payment transactions, such as credit card numbers and their corresponding expiry dates and CVV (security code) numbers, then you should also ensure that you are aware of your obligations for PCI compliance. Currently (at June 2011) PCI compliance is mandated as an obligation for your business to be on the road to PCI compliance, it is not currently legislated, but the Big 4 Banks in Australia (Commonwealth Bank, Westpac, NAB, ANZ) are beginning to force PCI compliance on their customers, in anticipation of the impending legislation to come. Ensuring that your business is PCI Compliant is a daunting task that is often handed to the IT team to manage but this will only cover one aspect of your obligations, it needs to be tackled from the top of the business, down, through Operations. PCI Compliance guidelines are onerous and many (over 200 items to comply with) and extends from all of your online and workflow systems and processes right through to your organisational structure and building security. If you have never heard of PCI compliance, I suggest you educate yourself immediately. One of the best companies I have come across in Australia, for distilling down the information and making it palatable, is Sense of Security.
I am by no means an expert in PCI compliance but I am aware of it and the requirements for online and the processes around transacting, collecting and storing data, as I need to know. For the detailed technology requirements and legal obligations, I prefer to outsource to the experts.
As you can see from this blog post, privacy and security for online marketing is very important. It is covered by several pieces of legislation (more than mentioned in this article) as well as a moral code that when you collect information from your customers or prospective customers, that you do the right thing, and protect them as if it were your own.