Online businesses can’t exist without data and personal information from customers. But collecting details that can identify an individual carries responsibility for e-commerce businesses. It’s critical for meeting legal requirements and developing customers who can trust your business.
Think about your own online shopping habits — you want to know what data a company is collecting. And, you want to know it is safe and secure. Your customers feel the same way, and they want to know you are protecting their data.
The defines personally identifiable information as, “information that can distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.”
- Physical or mailing address
- Social security number
- IP address
- Login ID
- Credit card information
When you’re selling online, your store is probably collecting other information too, such as website cookies, photographs, and customer support documentation stored on your servers or with third-party service providers. It’s important to notify customers this information is harvested, stored, and how it will be used.
Yes. The United States and many other countries worldwide require privacy policies for online stores and mobile apps. Any e-commerce business that collects personally identifiable information or data must give customers the choice to provide or deny including this information and the opportunity to change what is provided at a later time.
Shopping carts are the most obvious data collection points. But you can’t overlook the information you collect for e-commerce marketing purposes through opt-ins, subscriptions, website analytics, and more.
It’s important to know the laws pertaining to your state, other states, and countries where you do business. California passed the , which was the first in the country with broad requirements for privacy policies. This applies to any company selling in the state, even if the business is based elsewhere.
Internationally, the European Union (EU) implemented a data privacy law called GDPR in 2018. The law applies to U.S. businesses selling to shoppers in any of the countries located in the EU.
How information is collected
Technology makes it easy to collect information and data through e-commerce platforms.
- Provided directly by you or a member of your household
- Collected from a device associated with you or your household
- Collected through in-store technology
- Collected from another company within their family of companies
- Collected from an external third-party source
What information is collected
The list of information collected may be longer than first expected. The basics include personal identifiers such as name, address, purchase history, financial information, demographics, and ID numbers such as driver’s license numbers, social security numbers, etc.
However, some data collected is much more complex. includes biometric data such as fingerprints, iris and retina scans, background information, including criminal information, education information, and more, in its privacy disclosure.
How personal information will be used
Outline the specific ways a visitor’s personal information will, and might be, used in the business. A few examples may include for research and development purposes, to maintain an account, to fulfill orders, for marketing, and for third-party advertising. The more transparent you are about how the information will be used ensures you’re complying with laws, and transparency builds trust among customers.
State or international privacy laws
Besides federal privacy laws, California and the European Union have additional requirements. Include those details if selling into those areas.
2. Offer opt-in and opt-out
It’s often considered best practice to ask customers to opt in to sharing information rather than assuming they are okay with it and giving them a chance to opt out later. Even with an opt-in approach, you still need to give customers an option to rescind their initial agreement to share their data.
3. Make it easy to find
4. Update it
The bottom line
Your e-commerce business can’t function without customer data. While it’s necessary for operation, it’s your responsibility to make sure shoppers know what and how you’re collecting their information. Don’t view this as a simple courtesy to your clients — it’s the law. Learning best practices can help you establish a policy that satisfies both criteria.