So I get to write my company's data capture policy...

Talk to each other, be welcomed, introduce yourself, express your anger at something or anything else!

So I get to write my company's data capture policy...

Postby borgs8472 » Sat Jul 16, 2011 9:52 pm

So far my company adopts a highly inconsistent data capture and compliance policy, with secure data capture, informed data use opt in and data security when threatened by the commissioning client's technical people. We have hundreds of custom built websites running competitions, CMSes email opts ins and outs and more.

As a result we have data standards ranging from 'let the developer do it all', through to 'perhaps we should have a tick box on this form?' through to 'all personally identifiable information must receive at least one opt in, be captured over SSL and stored in a location the minimal amount of people have access to'.

The latter is obvious where I'm moving to, but there are many challenges in achieving this.

1. Agree a goal
Currently I'm planning to meet with our data compliance people and work out what company wide standards we meet or aim to meet. This will set the minimal standards all sites must reach.

2. Differentiate the requirements
Not all data is equal. If you're capturing an email address on a 'contact us' form, your requirements are far looser than than a long form of personal information for an extend user profile for instance. I need to be able to produce an easy to understand set of guidelines so that business analysts can input their data capture requirements one end, and get a list of coding and data security standards out the other.

3. Sell this!
In the agency world where I work (dammit!) one can't simply improve standards in such a way that can increase analysis, development and operational cost without recovering this cost from the client some way. As such once policies and processes are established, they need to be packaged into a '$companyname secure data practices' document that the sales people can use to justify the expense to their clients.

I thought PPUK might be interested to know this and the fact that advertising companies still are trying to steal all your personal information, but are trying to do it in a responsible fashion. :) Also I'm interested if anyone has any input they might want to give since I've not done this yet.
User avatar
borgs8472
Space Pirate
 
Posts: 1984
Joined: Mon Aug 31, 2009 7:34 pm
Location: London

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 1 guest

cron
X
We use cookies to provide you the best possible experience on our website. If you continue without changing your settings, we will assume that you are happy to receive all cookies on this website. If you would like to, you can change how your browser controls cookies at any time.
You can also view our Privacy Policy
I understand. Don't show me this message again.