This week my boss asked me to put PayPal into our cart as an additional means of payment besides using credit cards.

While I was reading the instructions about attaching PayPal to the cart, I read that even though no credit card information was passed back from PayPal, we should only use the PayPal log for testing purposes and either delete it or encrypt it when we went live with PayPal.

I always thought that the only sensitive info was the credit card number which we are super careful with (we encrypt with pgp and take it off the internet computer and put it into a noninternet computer to unencrypt).

However, the PayPal log instructions seem to imply that a person's name, address, email address, telephone number and what he is ordering is also considered sensitive, unless I'm misinterpreting the instructions.

Does anyone have any opinions about what is considered sensitive information? Does anyone do anything special about information such as name, address, email address, etc.

Thanks everyone for your insight.

Susan

In the UK we have the data protection act as well as numerous EU ecommerce directives to follow. You may wish to look for the DTI (Department of Trade and Industry) government web site, it may be under a different name in the US.

It is helpful to think in terms of identity theft and not just credit card theft when determining what needs to be protected.

Visa's security policies require that you protect all personally identifiable information associated with a customer which includes name, address, etc in addtion to the account number (credit card number) and expiration date.

It should be noted that fines for non-compliance are severe and can be as high as $500,000 if your site is compromised.

Yep, "personally identifiable" is the key phrase, and that covers a lot.

If any piece of information can be tied to an individual, then that can be thought of as "sensitive", since it's attached to that person. So, not only name, address, phone, CC number, etc., but also what the person is buying, their preferences, etc., if the person's ID is also present.

Info like purchases, zip code, etc. that can't be tied to an individual is often collected by companies and shared "in aggregate" -- in statistical form -- to identify overall customer patterns.

Certain combinations of fragmentary info can sometimes be used to identify an individual; like last name and Zip, if the person is the only one in that Zip with that last name. Or even last name and City if it's a small town and/or an uncommon last name. And if the person lives in a sparsely-populated area, a combination like area code and Zip might do it, if the two overlap just right (odds are against it, and it's unlikely that an identity thief will try that combination, but it's possible).

Erring on the side of caution is always a good idea...

Thanks everyone for your input.

I wonder if any of you have an opinion about how to protect this information.

Let me give some examples.

A catalog request form which is sent through regular email. First it might sit over a weekend at the ISP, is downloaded with customer's name, address etc into a computer in the office that is connected to the internet. Maybe this office doesn't even have computers that aren't connected to the internet.

Also I've seen on many sites nonsecure order forms without credit card information that go through regular email and wind up on a computer connected to the internet. Is this OK because customers know that the sales information is going out through an unsecure connection.

The receipt without credit card number that the customer automatically gets sent by shopping carts which also goes through ordinary email and might not be downloaded by the customer for several days (thus it sitting at some ISP's email box waiting for the download) would be another example. This isn't encrypted because the customer wouldn't be able to read it.

I was on one site that said an order for their products could include a credit card number and be sent through regular email if the number was broken in half and sent in two different emails.

Does anyone have any ideas about how a company could be in compliance with the above examples. Is everyone saying that a customer's name, address etc. needs to be taken off of a computer connected to the Internet in case of hackers?

Or I we only talking about information stored at the ISP rather than a computer which happens to have an internet connection? Because at some point customer information could spend several days at an ISP before the recipient of the email actually downloaded it.

Rich, you said, "It should be noted that fines for non-compliance are severe and can be as high as $500,000 if your site is compromised." Do you know a website that has the rules and what companies need to do to comply with these rules?

Also, what do all you other store owners do to protect this information? I'm trying to visualize how to do business on the internet without ever exposing any customer information at all in any way for any amount of time.

Thanks everyone for your input. This is an important topic which I would like to understand better and I would be grateful for concete examples of how to go about doing this in a responsible manner.

Susan

I'm a bit curious how retailers are supposed to ship the product to the purchaser if the customers name and address is sensitive information? Sometimes even the company name is printed on the box such as the recent Burt's Bees order I placed. :umm: