Of the top 10,000 e-commerce sites, approximately 87% use Google Analytics—and for good reason. Google Analytics offers access to robust analytics and usage data, plus advertising features. One of those advertising tools is remarketing, which lets you use data and metrics to create lists of site visitors for any targeted ad campaigns you may want to run.
This information can include data such as:
- Email addresses
- Physical and/or shipping addresses
- Payment information
- And more
How personal data is used
Whether you share or disclose personal information
Does consumer data travel outside the ecosystem of your e-commerce business? (Hint: if you use plug-ins, widgets, or any other third-party software solution to run your business, it probably does.)
- Share personal information with third-party service providers
- Sell or rent information about consumers (hint hint, ad-tech and digital analytics is likely considered a sale of data under the California Consumer Privacy Act)
- Share with affiliates, subsidiaries, or acquirers
In short: cookies can get complicated, quickly. If your website deploys cookies to extend functionality or gather data, stay on the safe side and make sure you’re creating thorough disclosures.
- Your e-commerce business collects personal information from customers, website visitors, employees, and/or vendors
- You operate in a jurisdiction that requires businesses to comply with privacy regulation(s)
- Your customers or website visitors live in a jurisdiction that requires businesses to comply with privacy regulation(s)
- You implement marketing practices or tools that track user information via remarketing or cookies (like Google Analytics, Meta, or other social media advertising platforms)
Keep in mind that individual privacy regulations have unique triggers. What’s more, there is an increasingly long list of privacy regulations out there, both at the state, federal, and international level.
Any new online business would do well to familiarize itself with privacy regulations like these:
- General Data Protection Regulation
- California Online Privacy Protection Act (CalOPPA)
- California Consumer Privacy Act
- Utah Consumer Privacy Act
- Colorado Privacy Act
- Virginia Consumer Data Protection Act
- Connecticut Data Privacy Act
Another point to consider: the Federal Trade Commission (FTC) requires businesses to implement privacy policies. If you don’t, it could be considered a deceptive practice. While the FTC isn’t a privacy authority, they are an authority that requires it.
Best practices and privacy policies
There’s the letter of the law, and then there’s the spirit of the law. And in the case of data privacy, the spirit of the law is important to heed.
In a highly competitive digital economy, your data privacy practices can make or break consumer trust—which can, in turn, make or break your business.
Customer trust is priceless. In fact, 59% of consumers report that just one data breach at a company would negatively impact their chances of purchasing from that company again.
Not sure where to start? Here are the basics.
Perform a data inventory
If not, you’re not alone. It’s easy for data collection and management practices to drift. Performing a data inventory can help you accurately describe your activities—as well as make any necessary changes to data collection.
These elements include:
- What data you collect
- How the data is used
- Sharing of data
- Data security
- Data retention
- Customer rights
- Contact information
For this reason, you need to maintain and adapt your policy regularly. At minimum, you should be reviewing and updating your policy at least once a year if you:
- Collect, use, or share new data or do so differently
- Introduce new features
- Implement new marketing activities
- Shift business operations
What it comes down to: you should make sure that you’re always saying what you do and doing what you say.
To train your team effectively, remember:
- Training isn’t a one-and-done activity. While having a comprehensive privacy training session for everyone can be a great introduction, they won’t remember your talking points if you don’t reinforce them with regular communications about privacy.
- Teach people what they need to know for their jobs. Training will be most effective if you give them useful information that pertains to the work they do.
- Lead from the top. Don’t expect employees to prioritize privacy if your leadership doesn’t.
Ready to get started?
Privacy policies are important, and their content depends on many different variables. There’s no one-size-fits-all approach to privacy—that’s why the experts at Red Clover are here to help businesses and online stores of all sizes maintain privacy compliance.