X hits on this document





78 / 97


  • Be open – Your company needs to make readily available to its consumers, specific information about its policies and practices relating to the management of their personal information.

  • Give individuals access – Upon request from a consumer inquiring about personal information the company maintains, that individual should be informed of the exis- tence, use and disclosure of his or her personal information and should be given ac- cess to that information. In addition, that individual should be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

  • Challenging compliance – Your company should enable consumers to address chal- lenges concerning compliance with applicable privacy laws and your privacy policy to the individuals in your organization responsible for such compliance.

When implementing your Canadian website, if you have not already done so, your first steps toward compliance with applicable privacy legislation should be to:

  • Arrange for a privacy audit;

  • Appoint a Chief Privacy Officer;

  • Establish and draft a privacy policy in clear and unambiguous language;

  • Establish an appropriate “opt-in” mechanism to obtain consent; and

  • Implement appropriate safeguards to protect personal information you collect.

In addition, your organization should also:

  • Properly train employees involved with its e-commerce program regarding the com- pany’s privacy policy.

  • Develop a procedure to handle personal information access requests or complaints.

  • Develop a contingency plan to deal with complaints regarding collection, use, and disclosure of personal information or breaches of applicable privacy legislation or your privacy policy.

As discussed above, it is important to obtain your customer’s informed consent in order to use his or her personal information. One such example is using personal information (i.e., the customer’s email address) to provide the customer with marketing materials, news about upcoming sales, etc.

A suggested practice is to clearly obtain “Opt in” consent for the communication of such emails and their content to your customers. This is typically achieved by having the customer check an online box indicating that they wish to receive certain types of electronic correspondence, which you should clearly describe. Such an approach should also be documented in your organization’s privacy policy.

As consumers are increasingly becoming annoyed with spam (i.e., unsolicited commer- cial emails) and given that various jurisdictions acknowledge such concerns by enact- ing anti-spam legislation, your legal team should be consulted to ensure that you are acting in compliance with any applicable anti-spam legislation. Typically, such legisla- tion will prohibit the sending of commercial email messages to an email address unless the recipient has either expressly or impliedly consented to such correspondence.

Visa e-commerce cross-border handbook for U.S. retailers

Copyright 2010 Visa. All rights reserved.


Document info
Document views336
Page views336
Page last viewedThu Jan 19 20:15:24 UTC 2017