23 December 2008

New Site New Terms

E-consultancy.com Limited has completed their site migration to a new domain, a new platform and a new country.

In September I posted a message about moving web hosting offshore in response to the impending E-consultancy site migration.

Partial screen capture showing the top left corner on the new econsultancy.com web site.

Well the move has happened and the new domain is econsultancy.com —the "www" sub-domain and previous hyphenated "e-consultancy.com" domain redirect to the new site. I may have missed something, but as a member and contributor who agreed to the previous terms & conditions, I was expecting hear something before the move occurred.

Some users are required to agree to the new longer terms and conditions before proceeding, yet this seemed to be bypassable in some cases. I didn't have time to investigate the mechanism but noticed I wasn't asked with some browsers/computers and was on others.

Partial screen capture showing the welcome redirect which asks users to agree to the terms & conditions before proceeding.

There's no mention of data protection or privacy issues in the chief executive officer's blog posting about the new Econsultancy site despite all the previous discussion. I'm a little but disappointed to be honest since the web site is such a good resource for ecommerce (or e-commerce) and digital marketing professionals. The CEO does however tell us some of the technologies used—an un-necessary security information leak.

There has clearly been a lot of effort put in, and that's to be congratulated. But the privacy statement has these few words about security:

Screen capture taken from part of the privacy statement page stating 'n order to process and help protect your credit card details, we use SSL (Secure Sockets Layer) to communicate with DataCash, our payment provider. On the Econsultancy site we use best endeavour to safeguard the confidentiality of your personally identifiable information but we do not use encryption (such as SSL) or firewalls to further protect the information as it travels across the Internet. This is because we do not believe that, apart from the credit card information processed by DataCash, the personal information we currently collect warrants such measures and the accompanying loss of speed experienced. You should be aware that

It looks like a mixture of boilerplate text and some additions. But the description and explanation why some security controls were omitted doesn't reflect good practice and is entirely insufficient for a £300,000 revamp of an ecommerce-enabled web site. Let's hope they have some sort of firewall in there somewhere!

I'm left with the feeling that perhaps security wasn't considered much during the re-development process. A missed opportunity.

Posted on: 23 December 2008 at 15:02 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
New Site New Terms
http://www.clerkendweller.com/2008/12/23/New-Site-New-Terms
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2008/12/23/New-Site-New-Terms
Requested by 38.107.179.223 on Saturday, 4 February 2012 at 23:00 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2008-2012 clerkendweller.com