In our last post, Leah Hamilton from Terms Feed walked us through the essentials of customer privacy protection compliancy. Today, she’s going to tell us how to apply security best practices to your PrestaShop store.
Image: USA Today Footer (http://www.usatoday.com/)
The browsewrap method is not legally binding, as the customer is just presumed to have read the policy and agreed to it. A better method to ensure that you get agreement is clickwrap.
Clickwrap requires the customer to click “I agree” in some way, whether it’s a button or tick box. Here’s an example from the PrestaShop One Step Checkout. You can see the link to the Terms of Service at the top of the Delivery Methods column:
Image: PrestaShop One Step Checkout
You can see that the customer has to click “I agree” to the Terms of Service before they can proceed with the purchase. There is also a link to the policy visibly displayed, so it is easy for them to read. This method is generally legally binding, as it’s easy to see that the customer has expressly agreed.
PrestaShop has a number of modules that you can use to ensure that you get agreement in other ways, such as the Data Privacy Extended Module. This module allows you to display a popup when your user accesses your store, and uses a tick box to get agreement. Here’s an example of what this might look like:
Image: PrestaShop Data Privacy Extended Module (http://addons.prestashop.com/en/front-office-features-prestashop-modules/8123-data-privacy-extended-data-protection-law-lopd.html)
Now let’s take a look at some of the other ways in which you can protect customer privacy in your PrestaShop store.
The other side of the coin in protecting customer privacy in your store is ensuring that you have good security measures in place.
The first step is to ensure that your website is secure when the customer accesses it with their browser. You can do this by using SSL. SSL is a way for computers to encrypt messages that they send to other computers. On your PrestaShop store this means it allows the store to communicate with the customer’s browser in encrypted messages, which prevents other people from ‘listening in’ and extracting data. This ensures that any private customer information passed between the customer and your store is kept safe.
PrestaShop has a great tutorial on how to obtain an SSL certificate, check that it’s working, and troubleshoot any problems.
Internal Content Management
The next thing you can do to ensure your customers’ data is kept safe is to only collect what you need. For example, if you are only going to contact your customers by email and send items to their physical address, don’t also collect their business address and phone number.
Then, ensure that anyone dealing with customers’ private information is doing so on a “need to know” basis only. This will keep information secure and leave fewer opportunities for information to be lost or leaked.
PrestaShop also has a number of content management modules that you can use to streamline your content management processes. For example, you can use form generators to create custom fields to ensure that you collect only the most relevant information for your purposes, or use the product questions module to allow customers to ask questions in your store directly, rather than having to contact you and share their personal information unnecessarily.
The next thing you need to do is ensure that you choose a reputable cloud storage provider for when you are storing your customer data.
With PrestaShop, you can create a PrestaShop cloud store that already includes hosting, management tools, and administration panels. It allows you to start up your store with a reputable host provider and to manage your store with the PrestaShop cloud back-office. The back office has information on orders, customers, shipping, pricing, and stats, among other things. Here’s an example of what the back office looks like:
Image: PrestaShop Cloud Back Office (http://doc.prestashop.com/display/CLOUD/Managing+your+PrestaShop+Cloud+store)
If you don’t want to use the PrestaShop Cloud, you can self-host your store and manage your data backups yourself or through a third party. As noted above, if you do this ensure that you choose a reputable host and storage provider.
How do you protect your customers’ privacy? Tell us in the comments!