Today we welcome back Leah Hamilton, from Terms Feed, for the first of a two-part series dedicated to customer privacy protection.
Protecting customer privacy in your PrestaShop store is paramount: without establishing key protections for your customers, you won’t be able to build customer trust, and without customer trust your business won’t grow. There are a number of simple ways that you can increase privacy measures and ensure that your PrestaShop store is safe and secure for your customers and visitors. Let’s get started!
The US has no overarching data privacy law. This may make it seem like it’s easy to comply with the law (because there is none!), but there are a few pitfalls to be aware of.
The US has three main pieces of legislation that cover data protection and privacy in more discrete areas: HIPAA, COPPA, and OPPA. HIPAA is the Health Insurance Portability and Accountability Act; COPPA is the Children’s Online Privacy Protection Act; and OPPA is the California Online Privacy Protection Act. OPPA is the most important piece of legislation to comply with in the US, unless your store specifically targets children (in which case you also need to comply with COPPA).
- the kind of information gathered by the website;
- how the information may be shared with other parties;
- the process the user can use to review and make changes to their stored information; and
- the policy’s effective date and any changes made since.
Remember that OPPA applies to all California residents, so while you may not be based in California, if your customers are, then you will need to ensure that your store is compliant.
Now let’s take a look at some of the EU laws.
The law currently in place in the EU is called the EU Data Protection Directive 1995. This directive sets out a number of data collection principles. These principles are:
- Customers must be notified when you collect their data;
- Personal data should only be collected for specific (and lawful) purposes;
- The data collected should be adequate and relevant for the purpose;
- Personal data should be accurate and kept up to date;
- Personal data should not be kept for longer than necessary;
- Appropriate security measures should be put in place;
- Personal data must not be transferred to a country or territory outside the European Economic Area unless that country or territory also ensures an adequate level of protection for that data.
However, a new data protection regulation is coming into force in the EU. This is called the EU Data Protection Regulation. This Regulation will cover the whole EU region, replacing the patchwork of rules that exists in each individual country. The purpose is to make things easier for businesses to operate in the EU region without having to understand and comply with different sets of local laws.
This regulation will have much broader reach than just the EU - it will apply to anyone who deals with the private data of EU citizens. This means that US-based PrestaShop stores with EU customers may still need to comply with this regulation. The finer details of the regulation are still being worked out, but if you think this may apply to you it’s definitely something to look into further so that you can ensure you are compliant.
In the meantime, if you are based in the EU, ensure that your store complies with the data protection principles set out above.