Get Data Protection Right from the Start
This week one of my friends is staying with me. She attended the launch of a new interior design web site yesterday and asked some pertinent questions during the demonstration.
During the walkthrough of the shopping cart and checkout, real credit card data belonging to the demonstrator's assistant were entered on the projection screen in front of a large audience including journalists. My friend pointed this out, but too late - they had to continue. Demos should always try to use appropriate test data whenever possible - in this case it's likely the site, or a copy in a test environment, could have been set up to use test card data - so-called "magic numbers" - with a test merchant account provided by the payment gateway provider.
The web site can act as a store front for individual designers, such as my friend, and she asked where the customers were opting in for the use of their personal data, and who had access to it - the site operator or the end supplier (designer). This seems a very valid question. Apparently that hadn't been looked at yet.
Even the "best" projects seem to have a lack of data protection forethought. In this case, it clearly wasn't a problem with the budget, but the planning and system design.
Posted on: 19 November 2008 at 08:48 hrs
