Coljam Consultants Limited   (01738 - 860114)

[ Log In ]
Skip Navigation Links

Web Design - SEO - Consultancy - Microsoft .Net Development - Silverlight - WPF - SQL Server - Oracle - Oracle Financials

How Do I Protect Users' Privacy?

You're right to be concerned. Different countries have different laws about how you should store and protect customers' private information, and it's up to you to make sure you're following the rules. There are a few basic things that you can and should do.




Always Use SSL Encryption For Transactions


SSL Encryption SSL, or Secure Socket Layer, provides security for transactions that travel over the internet. Using SSL means that all information between your browser and the web site you are browsing is encrypted so that no information travelling over the internet is sent in plain text that anyone could read. All major browsers today offer SSL encryption and will notify users if they are entering or leaving secure areas, and will show them (by use of a security icon) if their data is being protected.

Here's how it works: When a connection is made to a web site using SSL, the browser asks the server to authenticate itself, or confirm its identity. The authentication process uses encryption to verify that with a trusted independent third party, called a certificate authority (the most common are Thawte and VeriSign), has registered and identified the server. SSL can also authenticate connecting users or their computers.

SSL encrypts the user's data before it is sent, and incorporates a mechanism for detecting alteration in transit, so that eavesdropping on or tampering with web traffic is nearly impossible. This is critical for transmitting confidential information such as credit card numbers.

To use an SSL certificate on your website, you must register with the certificate authority and purchase a certificate which is then configured on your server (the computer space on which your website actually resides).



Have a Privacy Policy


If you're taking private information from people such as their real name, address, even their email address, have a privacy policy available on your website that tells people what you will and will not do with that information. Then do what you said you were going to do. You're obligated!


Let Them Opt Out


If you're going to send occasional emails and updates to your customers from whom you have previously collected addresses, you must give them the option of "opting-out" to those contacts. There's nothing wrong with sending an automated email to verify their email address as part of the signup process, but beyond that, you should always give users the option of saying "no thank you" to further email from you.

If you don't, you may be in violation of anti-spamming laws in the USA, the UK and other European countries, and Australia. Breaking these laws can not only land you in hot water legally, but your website can be completely shut down by your host (the people that own the computers where your website lives) without notice.


Let The Bank Handle The Money


Another Option: Many Banks have their own system for handling credit cards online which can be integrated into your website. WorldPay.com is one such option. WorldPay is a system run by the Royal Bank of Scotland and it allows you to let them handle all the credit card information with your customers, so you don't ever see a credit card number. This protects you from some liability, and also ensures that your customers are using an established and well-known security system to handle their credit card details.

We can go over the many options for your online business with you, and help you find the most secure way of handling the information you've been entrusted with.
 


 

www.coljam.com © 1993 - 2013 Coljam Consultants Limited. All rights reserved. Web Design by Coljam Consultants Ltd, Perth, Scotland