In the wake of Edward Snowden’s revelations about the NSA, it’s a good time to reconsider how your website is collecting and handling customer data and to let your customers know you are handling their data responsibly. Here are a few things to review:

PCI compliance

If you sell anything through your website, you should be sure that your transactions are handled securely. Most small to mid-sized businesses should not be handling the processing of credit card transactions over the internet themselves. Instead credit card numbers should be transmitted over a secure internet connection to a third-party PCI-compliant payment gateway, which handles processing the credit card and credits your account when the payment goes through. Your site should not see or store any customer credit card data. Payments through a payment gateway can be set up so that it appears to customers that they are paying you directly. They never leave your website to complete the transaction. However, you may also want to give customers the option to pay through PayPal. For customers who are wary of giving out their credit card number online, PayPal offers the security of a well-known online payment service where customers can manage all of their online payments in one place. These customers make all of their payments directly through PayPal, rather than through your website, and are covered by PayPal’s purchase protection program.

(For those of you unfamiliar with PCI-Compliance, it refers to the Payment Card Industry Security Standards Council’s Data Security Standard. The latest version was released in October 2010. Learn more.)

Do not track

Modern browsers, including Firefox, Chrome and IE9+ support a feature called “Do Not Track.” When enabled by the user, do not track sends an additional header with each website page request that tells the website that the user does not want to be tracked. Compliance with do not track is voluntary. If you choose to honor your site visitor’s request, your website will not gather any data about the user’s visit to your site, including tracking information for Google Analytics or another piece of analytics software. If you’d like to implement do not track and your website is built on WordPress, there is a free do not track plugin. Otherwise, contact your web developer. It should be a relatively simple matter to implement.

Privacy policy

If your website does not have a privacy policy, it’s a good idea to provide one, especially if you are operating an online store or collecting any type of data about your site visitors. Here’s a privacy policy generator that you can use to write your policy. If you have questions about what type of information your website is collecting or tracking, contact your web developer.