Blog contributed by Carlos Kizzee, Executive Vice President of Intelligence Operations & Legal Affairs, RH-ISAC.
Online shopping has been a growing part of the retail industry for years, and the pandemic has only accelerated. According to Statistica, eCommerce grew steadily from being about 4% of the overall retail industry in 2010 to nearly 12% in 2019—before jumping to 16% in the first quarter of 2020. That’s great for customers and retailers alike—but how is this growth impacting retailer handling of the increased volume of customer data that they possess?
RH-ISAC and The Media Trust are exploring some of the unexpected aspects of online retail in our series, “Crazy Things that Happen in your Online Store Every Day.” The seventh and last piece in the series, Crazy Things You Wouldn’t See in a Retail Store (Compliance), focuses on regulatory compliance concerns associated with customer data.
Regulatory oversight of online activities has grown rapidly in recent years, largely in response to internet fraud and crime. Regimes like the Children’s Online Privacy Protection Rule (“COPPA”), the California Consumer Privacy Act (“CCPA”), and the French Data Protection Authority’s (“CNIL”) are all concerned with data security. Retailers are recognizing that it is in both their and their customer’s interests to ensure compliance with the applicable regulatory requirements.
Imagine you’re sitting in your office overlooking the floor of your brick-and-mortar establishment. Suddenly, your phone starts ringing off the hook, with your customers complaining that after they made a purchase from you, they started to be inundated with junk mail, spam calls, and door-to-door salesman for all sorts of unwanted or shady products. They remembered that this didn’t happen until they did business with you, and they associate your handling of their information to this glut of undesired attention.
Crazy for sure, but this can actually be the case in eCommerce. Many jurisdictions are enacting regulatory regimes that offer severe punishments to retailers who allow customer data leakage to happen via their online stores.
Luckily, complying with these regulations is not as difficult as it may seem.
-
Regulations like CCPA require retailers to take some basic precautions. “Reasonable security precautions” is how the CCPA phrases their requirement, to protect customer data. Having a security program in place, enforcing it, taking steps to prevent malware and data breaches.
-
Cookie opt-out validation, allowing customers the right to block tracking of their activity. And in the case of California and France, retailers need to validate that those customers that have opted out are not being tracked.
-
As ever, scanning and monitoring of your website—-particularly sensitive pages—-is always a good idea. Knowing what’s going on inside your environment will let you spot problems—and fix them—before they start causing problems for your customers and the regulatory agencies.
RH-ISAC and The Media Trust have been looking into surprising, unexpected, and strange things that happen in the digital environment that would be CRAZY if they happened anywhere else. Check out the other blogs in this series:
- Crazy Things You Wouldn’t See in Brick & Mortar
- Crazy Things You Wouldn’t See in a Restaurant
- Crazy Things You Wouldn’t See in a Retail Store
- Crazy Things You Wouldn’t See in Curbside Pickup
- Crazy Things You Wouldn’t See in a Hotel
- Crazy Things You Wouldn’t See in a Retail Store (Data Privacy)
- Crazy Things You Wouldn’t See in a Retail Store (Compliance)