MIAMI BEACH, FL — Al Decker has a confession to make. “I’m a paid, professional paranoid,” he says. Decker, the ceo of Fiderus Strategic Security & Privacy Systems, told Frost & Sullivan seminar attendees that he is constantly asked to evaluate website security and privacy measures taken by businesses.

And it’s no wonder — security is a big issue. Decker cited a 1999 Wall Street Journal poll that asked readers what their top 10 concerns were for the new century to come. The number-one concern? Loss of personal privacy. Respond-ents reported it as their foremost concern, with 29% listing it ahead of economic disasters and war.

Fiderus conducted its own poll and found that 87% of net users are concerned about threats to their personal privacy online.



Right to Privacy

Privacy, in Decker’s estimation, hinges on how information gathered by companies on customers is actually used. Companies will claim to protect the privacy of their customers, but some don’t always adhere to that policy.

He said that as far back as 1903, when the Chief Justice of the Supreme Court wrote about American’s right to privacy in lieu of a new invention, the camera, Americans have been very concerned about the loss of privacy.

Decker said this concern can also be a major selling factor for companies, too. For example, American Express has been running a series of advertisements featuring “faceless” customers. They are touting their strict privacy measures for customers transacting business online.

Decker said it all boils down to one thing: trust between customers and e-businesses.

“Trust will become a driving factor in the growth of e-markets,” he said. He added that the concern over trust could possibly cost the worldwide e-commerce market $1 trillion.

“If a customer says, ‘I’m not confident that I’m making a purchase that is secure,’ that is a loss in trust,” he said.

Decker said that trust is the new key element in e-commerce fundamentals, joining security and privacy.

“Success will come to companies that have built in their customer’s trust in electronic transactions,” he added.



Building Trust

So what can businesses do to emphasize security and privacy in their business practices? Among other things, Decker suggested the following tips.

“Only collect information needed to complete the transaction,” he emphasized. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

“You must provide security at each point of information collection,” stressing that businesses must have well-defined security measures.

Decker concluded that companies “should form the foundation of a security and privacy program” by answering these questions:

  • What information is collected, stored, used, shared, and retained?

  • What choices are available?

  • What individual access to information is provided?

  • How secure is the information?

  • How is misuse of information handled?

    • Well-defined security measures may not guarantee the privacy of every customer, Decker noted, but they are an essential step in the right direction.

    Decker can be reached at aldecker@fiderus.com (e-mail).

    Publication date: 08/13/2001