Data Protection

| General | Wednesday, 16 April 2008

The glib attitude that many web developers have to online security is worrying.  In a discussion about the merits of using SSL on e-commerce sites, one designer said it wasn't worth it if payments are processed by a third-party using a secure certificate (such as WorldPay), and that

At best any potential hacker would get a list of names and addresses - big deal, I've got a whole book of them downstairs - it's called a telephone directory.

Difference is that a telephone directory lists those who have explicitly chosen to make their contact details, including name, address, and telephone number, freely available to the public (or at the very least, have chosen not to 'opt-out' of inclusion).
Customer databases are completely different. They include personal details including those which may not otherwise be publically available such as email addresses, mobile telephone numbers, delivery addresses (work addresses are often used for delivery), spending habits, and much more.

As a customer I expect companies I buy from to be good custodians of my personal data - i.e. limit access to it, store it only for as long as is needed and only use it for the purposes I sanction them for.

It is not acceptable to have such a glib attitude as to think hackers won't bother as they may as well just harvest yell.com or a telephone directory, either from the point of view of a customer or from a commercial point of view - customer lists are worth thousands, sometimes hundreds of thousands of pounds, an asset worth protecting.

A secure site is likely to instill confidence in a web site, especially when e-commerce transactions are taking place.

Of course there are risks involved with any CC transaction such as over the phone or handing your card to a waiter whilst he takes it away. However, online fraud (both ID and monetary) is an increasingly well-documented problem. Just because other channels have issues it shouldn't mean a store owner - assisted by the web professionals he hires - can neglect the some of the more preventable ways of data theft.

Why this site exists

| General | Wednesday, 20 February 2008
People are stupid.  They need guidance.  I can give it to them, provided they aren't to pig-headed to take constructive criticism. I give constructive criticism on a handful of sites.  One of them in particular has a stupid forum cropping policy, with posts just a couple of months old vanishing into a gaping hole in the t'interweb. Thus this is primarily an archive of my genius and advice given, for the less fortunate to be referred to and to learn from.