If you don’t know how important your data and ecommerce privacy is you’ll know it the moment you have to call your bank to tell them you didn’t buy $4000’ worth of gift cards (or in my case $3,500 of hunting gear in the US – yes really) and they tell you the money might take months to come back to your card.

As closely as you guard your personal information, you should be holding your customers’ ecommerce privacy information twice as close. If your identity gets stolen, you lose money. If your customers’ information gets stolen, not only do you lose money (and likely product and shipping costs as well), have to report your data breach to the government and potentially have your brand reputation seriously damaged.

It’s not just hacking your need to look out for either. Even the best intentions can leave you in a sticky situation if you don’t make sure your policies are known and understood by your customers.

So what can you do to make sure you’re battening down the metaphorical hatches? Here are a few things to get you started with guarding your customers’ ecommerce privacy:

Be open and clear about your privacy policy

Cast your mind back a few years to that one week where every website you had ever interacted with started sending you emails ‘updating their ecommerce privacy policy’. Wasn’t that crazy? Actually, what that was, was European businesses responding to a change in legislation (the introduction of the GDPR legislation) which impacted the kind of data they were allowed to store and the transparency they needed to provide to visitors to their sites.

Whilst Australia is not under the same system (unless you’re promoting your site to countries within the EU), you are required to adhere to a number of laws when it comes to data storage and customer consent when it comes to the information you hold. Australia has some of the most restrictive rules when it comes to email advertising and customer data so it’s important that your privacy policy reflects that and that both you and your customers understand exactly what you’re allowed to do with their information.

In addition to this, you might want to put your T&Cs down in layman’s terms as well. Everyone knows that no one really reads the terms and conditions before they hit the ‘I accept’ but you might be surprised to learn the law knows that, tiny little legalese print is routinely challenged as being an inadequate communication of the rules, especially if it turns out you were asking people to agree to anything that skirts legality. Best to provide readable, friendly prose somewhere on your site for anyone looking for clarification, besides, taking the time to break down the actual agreement will help you get a better understanding of the terms as well and keep you from accidentally stepping out of line in future.

Make sure your partners are on the same page with ecommerce privacy.

As times change, what is considered ‘valuable information’ changes as well. Next time you’re looking over your contracts, you might want to tear your gaze away from the facts and figures of the deal and spend some time making sure they won’t be giving away yours or your customer’s information. They might not even have thought of it themselves, but if you don’t make sure your own privacy agreements line up with what you’ve told your customers, that’s on you.

This goes for software as well! Do you use any other kind of note-taking or efficiency app? Great! there are plenty of fantastic time saver services that are absolutely to be trusted. Just make sure you understand what you’re getting into. Check the privacy agreements you tick ‘yes’ to and make sure you aren’t keeping your customers information anywhere where you’ve accidentally agreed to ‘share’ it.

Don’t just assume your system still works

Maybe you were ahead of the privacy game five years ago. You already utilise end-to-end encryption and know exactly what information your vendors have access to. You should be all set to push worrying about data breaches from your mind, right?

If you know anything about technology (or the format of hypothetical questions), you’ll know it’s not that simple. Cyber threats update all the time. Just when you think you’re on top of what you need to look out for someone comes along with a new way to destroy your well-crafted security system. And suddenly your customers are exposed – and you might not even realise. That’s why you can’t just let sleeping dogs lie.

The organisations that are most commonly hacked – think banks, governments, FBI, etc, have entire divisions made up exclusively of people trying to stop cyber threats in real-time. And let’s be honest, you (like almost every other business owner) don’t have those kinds of resources, but you do have diligence. Check-in on your systems and do some research into the kinds of threats other businesses similar to yours are facing. Sign up for google alerts that talk about retail hacks, especially any that pertain to people using the same payment or data storage systems as you are.

Trust your gut

Hacks/data breaches can come from anywhere – including from links sent to you that look just like ‘real’ emails or deals that are too good to be true. Yep, we’ve all seen them. It’s so easy to do, you click and suddenly malware instals itself on your computer – usually unseen waiting to capture key strokes for all your important information. Arrghghgh!

Key here is looking at the from email address. If it’s off, even just a little bit – don’t do it. Call the organisation the email is claiming to be from and see if they’ve sent you an email (check the organisation’s actual website for their contact details). If not, delete it. If a deal seems too good to be true – it usually is.

And whilst we’re on trusting your gut, I’ve seen a number of posts in Facebook groups about etailers being stung on multiple orders to the same address on different credit cards all coming in at once. Often in small enough transactions so as not to trigger the credit card issuers. Some business owners have lost thousands of dollars of stock, shipping costs and had the transaction cancelled (either by the card owner or the credit issuer) after the stock has already been sent. Yes, it’s that time of year when things get missed, but if an order seems too good to be true, double check fraud sites – you’ll find similar strategies are well used. Or cancel the order yourself until you can check the order isn’t likely to be fraudulent.

If you’d like to work with a team that cares about your customers’ privacy, we’d be delighted to help. You can always give us a call on +61 2 9828 0111 (Sydney), +61 3 9240 6300 (Melbourne) or +64 9 263 8855 (Auckland) or drop us a note via the form below. Alternatively, you can find a full list of available services here.

Enquiry Form

"*" indicates required fields

Need urgent help?

Let us know what you need and how to get back to you. Please makes sure you give us all your details.


How can we best help you?

The more detail you can give us, the better our response can be.


This field is for validation purposes and should be left unchanged.

Coghlan integrates with the following providers.

And we're adding integrations all the time. So, if you don't see what you're looking for, it's probably in development. So please call us and we'll find a way to make everything work as seamlessly as possible for you.