Sunday, March 30, 2008

Adoption and Implementation of a Privacy Policy

An organization engaged in online activities or electronic commerce has a responsibility to adopt and implement a policy for protecting the privacy of individually identifiable information. Organizations should also take steps that foster the adoption and implementation of effective online privacy policies by the organizations with which they interact; e.g., by sharing best practices with business partners.

Notice and Disclosure
An organization’s privacy policy must be easy to find, read and understand. The policy must be available prior to or at the time that individually identifiable information is collected or requested. The policy must state clearly: what information is being collected; the use of that information; possible third party distribution of that information; the choices available to an individual regarding collection, use and distribution of the collected information; a statement of the organization’s commitment to data security; and what steps the organization takes to ensure data quality and access. The policy should disclose the consequences, if any, of an individual’s refusal to provide information. The policy should also include a clear statement of what accountability mechanism the organization uses, including how to contact the organization.

Choice/Consent
Individuals must be given the opportunity to exercise choice regarding how individually identifiable information collected from them online may be used when such use is unrelated to the purpose for which the information was collected. At a minimum, individuals should be given the opportunity to opt out of such use. Additionally, in the vast majority of circumstances, where there is third party distribution of individually identifiable information, collected online from the individual, unrelated to the purpose for which it was collected, the individual should be given the opportunity to opt out. Consent for such use or third party distribution may also be obtained through technological tools or opt in.

Data Security
Organizations creating, maintaining, using or disseminating individually identifiable information should take appropriate measures to assure its reliability and should take reasonable precautions to protect it from loss, misuse or alteration. They should take reasonable steps to assure that third parties to which they transfer such information are aware of these security practices, and that the third parties also take reasonable precautions to protect any transferred information.

Data Quality and Access
Organizations creating, maintaining, using or disseminating individually identifiable information should take reasonable steps to assure that the data are accurate, complete and timely for the purposes for which they are to be used. Organizations should establish appropriate processes or mechanisms so that inaccuracies in material individually identifiable information, such as account or contact information, may be corrected. These processes and mechanisms should be simple and easy to use, and provide assurance that inaccuracies have been corrected. Other procedures to assure data quality may include use of reliable sources and collection methods, reasonable and appropriate consumer access and correction, and protections against accidental or unauthorized alteration.

E-commerce has grown faster than anyone could have predicted only a few years ago. The Internet is entering more and more American homes to become a true mass medium. While the Net offers unparalleled convenience for consumers, many hesitate to transact business on the web. People are nervous about thepotential loss of personal privacy. Is their personal information and online activity tracked, collected andanalyzed without their knowledge or approval?

Web businesses are striving to convert visitors to customers. But consumers will not purchase from sites if they do not feel confident that their personal information is respected. News stories, studies and polls all confirm that fear of the loss of privacy is a principal reason people don’t transact business online. If online companies expect consumers to spend time at a Web site, make purchases and visit the site again they must build trust.

Posting a privacy policy is a critical step. But what isa credible privacy policy? The Online Privacy Alliance, a coalition of nearly 100 global companies and associations, urges all Web businesses to post privacy policies that contain ALL the following elements, recognized by policymakers and consumers as the foundation for a policy that engenders trust.

Monday, January 21, 2008

The Winners: Smaller Merchants who Made it Big

Some of our most successful merchants are big companies. But not all of them. A lot of the most successful stores are smaller companies. Some, in fact, are one-man operations.

That's what they mean when they say that the Web levels the playing field. A small company doesn't have to look small. Or stay small.

In the physical world, a big company has a big advantage. They can spend millions of dollars to set up a marble and glass store on Park Avenue.

On the Web, things are different. Everyone's Web pages are made out of the same stuff: text and images. So there is no reason that you can't look just as good as General Motors. Or better.

It's not just a matter of pride. Looking real is what makes customers buy. So if you can make your Web site look like the site of a big successful company, that may be just what you grow into.

These stores did. Most of them started small. All have become leaders in their categories. How did they do it? Focus on a specific niche market, a professional looking Web site, great customer service, and time.

Gun Dog Supply
PalmGear
Fridgedoor.Com
Aviation Shopping Network
Vitanet
Beyond Muscle.com
Direct Sales
Restaurant-Store.com
Internet Hobbies
Flight Sim Central
Stained Glass Warehouse
Upgrade Source
Mr. Gadgets

Monday, October 08, 2007

Choosing a Domain Name

From our friends at Yahoo

What makes a good domain name? A good domain name should be easy to remember, easy to spell, and preferably short. The name of your company is always a good choice. If your desired domain name is already taken, you can search if the .net or .org variation is available. You may also use hyphens to create unique domain names.

What characters are allowed?
.Com, .net, and .org domain names must meet these requirements: They cannot exceed 67 characters, including the characters in the suffix (63 characters plus the 4 character .xyz). Only letters, numbers, or hyphens are permitted. A domain name may not begin or end with a hyphen. They are part of the regulatory standards that .com, .net and .org domain names must follow.

What's the difference between http://yahoo.com and http://www.yahoo.com?
Not a lot. You can advertise whichever one you like the best.

Do I need to put the http:// on?
Probably not. Most web sites just advertise www.widgetdesigns.com. The www. is a good enough clue to people that it's a web address, so you don't need to say it. All popular browsers let you simply type www.widgetdesigns.com into the URL window.

Should I get a lot of domain names?
You may register and own an unlimited number of domain names. In addition to .com, many people register the .net and .org variations of their primary domain name. Each domain name costs $35.00 per year. If you already own a domain name, you can transfer it for $10.00 per year.

Who owns the domain name I register?
If you register a domain name through Yahoo! Store, you may designate the Registrant (owner) and Administrator. Yahoo! is only listed as the technical contact and nameservers. As the Registrant, you have final authority and responsibility regarding the use of your domain name.

What is the public domain name database?
A public domain name database (also known as Whois) contains contact information for all domain names. There are many registrars that register .com, .net and, .org domain names. Each of these registrars maintain their own public domain. The personal contact information you provide as the Registrant and Administrative contact is used to register your domain name. As required by the Internet's governing organization (ICANN), this information will be made publicly available. Records of all domain names registered by the registrar, Internet Names Worldwide, are maintained in their public domain domain database. The information includes Registrant, Administrator, technical contact, and nameserver information as well as record creation, update, and expiration dates. This information is available through many publicly accessible interfaces. You'll find a list of whois resources in Yahoo!'s directory.

How do I update my contact information in the public domain database?
The personal information you provided in your order was used to register your domain name. As required by ICANN, the Internet governance organization, this information was made publicly available.

What is the difference between .com, .net, and .org domain names?
Originally, the three letter suffix after the dot in domain names indicates whether the domain name was used for commercial (.COM), network (.NET), or non-profit (.ORG) purposes.Although there are guidelines, anyone may register these regardless of the intended use..Net and .org suffixes are good alternatives if the domain names you want in .com is already taken.