Hot selling services
That said, what exactly are privacy customers buying?
Industry executives report that advisory services of various kinds are topping the list of customer demands. Privacy advice, says Ernst & Young's Tretick, boils down to "helping people figure out where they are, where they need to be, and helping to get them there."
A privacy project might start with the consultant or integrator conducting an assessment of the customer's current privacy situation. The result can be a revelation for Web merchants who have difficulty distinguishing between personalization activities that enhance the customer experience and privacy violations. Tim Rohrbaugh, CIO at Etensity, says well-intended companies don't always realize "they are crossing the line."
The next step involves getting customers up to speed on best practices in the privacy area. That includes a review of applicable laws, such as COPPA. But the lack of an overarching national online privacy law means consultants also will help customers digest the privacy tenets set forth in various privacy "seal programs."
Seal programs are a key tool in the industry's effort to regulate itself on matters of privacy compliance. The programs set forth a series of policy guidelines that Web sites must follow in order to earn the seal. The Better Business Bureau's BBBOnLine subsidiary; TrustE, an industry-sponsored privacy organization; and the American Institute of Certified Public Accountants are three of the groups running seal programs.
A successful seal program, however, must contain a mechanism to determine whether Web sites remain in compliance. Seal programs claim to periodically check up on Web sites. Consultants and integrators, meanwhile, are stepping in with their own "assurance" services. Such services involve reviewing a customer's systems and processes and seeing whether they map with the customer's privacy statements. Some integrators also conduct security audits to make sure customers have the proper controls in place to secure customer data.
Privacy practitioners often sell services to customers with existing e-commerce sites. But experts say customers would be better off building privacy practices into their sites from the beginning. Otherwise, they could end up investing in a business model that turns out to be a privacy disaster, says Russ Gates, global managing director of Arthur Andersen's Technology Risk Consulting Practice.
"What companies have to do is get the [privacy] issue overlaid on the business solution," he notes.
Novo's Ruggiero says his company uses a checklist to get companies focused on privacy during the design phase of an e-commerce engagement. That checklist asks customers some basic questions: Have you considered how you will use the customer data you collect? Do you expect to purchase data from other sources? And, are you planning to join a Web seal program?
Novo also has a checklist that covers the development phase of a project. This list helps customers avoid such privacy no-no's as storing unencrypted credit-card data. "We have a series of guidelines ... we use for every client," Ruggiero says.
