Trust is the key to any business relationship. Without it, deals don't happen and customers don't make purchases. But on the Internet, trust can be a very difficult thing to earn. A large segment of the general public is already cautious about doing business online, having heard countless horror stories about people being victimized by sites that track their movements through the Web or launch guerrilla marketing attacks against them. And if you don't have a brick-and-mortar presence or a name-brand identity, how do potential business partners or customers even know who you are?
Moreover, the issue of protecting confidential information is getting more sensitive every day. We're already awash in online sources for goods and services, and each company wants to gather as much information as possible about its customers. Although the volume of business-to-business and business-to-consumer transactions shows no signs of slowing down, e-commerce won't continue to thrive if the Net develops a reputation as a den of beggars, tramps, and thieves.
The goal of standardizing privacy is to establish consistent standards that everyone recognizes and trusts. Yes, costs are involved: You have to pay to establish a privacy system and conduct ongoing audits to ensure compliance, and you may lose a valuable resource if fewer customers submit their data. But in most cases, the benefits of increased consumer goodwill outweigh those losses. And as more sites implement customer-friendly privacy policies, the squeeze on businesses that don't comply will only increase: Customers will come to expect privacy policies to be laid out and may decline to deal with sites that don't comply.
One popular approach is the privacy certificate. Companies that offer certificates, such as Trust-e and BBBOnline, will analyze your site's privacy policies, looking primarily at how you handle the personal data that users submit and what happens to that information after it has been collected. If your e-business conforms to the expected guidelines, you're permitted to display the Trust-e or BBBOnline graphic on your site, thereby showing the world that users can trust you.
Of course, privacy certificates have their limits. After all, they only indicate that a site has been audited and is compliant with the certifier's guidelines. But what if those guidelines aren't stringent enough to assuage a user's concerns? Even more worrisome is the fact that privacy certificates have not yet been widely adopted, and thus are not always recognized by Web surfers. That brings us back to the initial problem: If users don't know who's certifying a site, why should they trust the certificate?
To that end, a number of universal privacy standards are currently in the works. One of the most advanced is the Platform for Privacy Preferences Project (P3P) being developed by the World Wide Web Consortium (W3C).
The effects of P3P on business will be both positive and negative. On one hand, visitors are more likely to reveal personal information if they're told what it will be used for, but on the other, that information will be harder to get.
In any case, P3P cannot guarantee that sites will not collect and use personal information against a user's will. Companies that falsify their privacy policies could trick users into revealing information that they normally wouldn't disclose. But at least it's a start. Without some kind of standards-based approach, users have no hope of knowing how a site will treat their information -- and no added incentive to do business with you.
P3P is backed by some of the biggest names in the online economy. Companies such as Microsoft Corp., AT&T Corp., and IBM Corp. have already rewritten their privacy policies to comply with the P3P standard. Meanwhile, other companies are developing tools to allow machine-readable P3P policies to be easily customized. This is the kind of industry support that's expected to fuel P3P's momentum.
Remember, the Web is like any other marketplace: To succeed, you must do more than offer a quality product or service. Once more corporate decision-makers and end-users become aware of the issues surrounding privacy invasion, the Internet will become an even more dominant form of commerce.
Kevin Railsback (firstname.lastname@example.org) is the West Coast technical director for the InfoWorld Test Center.
THE BOTTOM LINE
Standardized privacy policies
Technology Case: Establishing a standardized policy requires a minor amount of site development and refinement. Some companies are developing tools to let site administrators publish machine-readable, P3P-compliant privacy policies without manual coding.
+ Increased visitor comfort and confidenceCons:
- Site administrators must comply with occasional audits- User data will be harder to collect.