Skip to main content

February 21, 2022

Implementing trust: Make your privacy platform a strategic decision

Summary: Does your site need privacy and security compliance for global privacy laws? Security platform implementation shouldn’t be an afterthought. Proper planning will ensure your site visitors trust you, and that you’ll not be exposed to risk.

Trust is easily the biggest factor affecting how users interact with your website. Your audience perceives trust through a myriad of components: site content, information architecture, performance, and more. Yet it is the trust our users place in our ecommerce or payment functions that can make or break our reputation and bottom line. 

Users need to trust that your site is secure and has the correct country-specific privacy measures in place so they can feel confident that their transactions are secure, and that their information won’t be sold or misused. 9 out of 10 Americans worry about online privacy and data security, yet 75% of customers are willing to share personal data with a brand they trust. 

Who needs a privacy solution platform? 

If your organization collects any sort of personal data, particularly payments, you need to invest in a privacy solution platform. Common use cases include: 

  • Ecommerce
  • Nonprofit organizations that accept online donations
  • Membership organizations that take online payments for dues or events
  • Healthcare systems that collect, process, and use personal information

Implementing a privacy platform

Your audience interacts with your privacy platform from the moment they encounter your site and select their cookie preferences, until they complete the transaction. Since your users encounter your privacy platform throughout their entire journey, it needs to be properly strategized from the beginning and not left as an afterthought.  Here’s what you need to do to select and implement your privacy platform.

Determine your security requirements

Your security requirements have a direct impact on how you do business operationally. While this does manifest on your website, your organization’s privacy and security goals are likely more pervasive. Talk with your leadership, Chief Security Officer, Chief Information Officer, Data Protection Officer and others about your goals today and how they might change in the future. 

You should also definitely involve your legal counsel in this phase, to ensure that your requirements are in compliance with applicable laws. 

Gather your requirements

Once you know your goals, gather your requirements. Typical requirements might be: 

  • For users to explicitly consent to opt-in to specific categories of cookies, you must identify which category each cookie belongs to. Uncategorized cookies will be automatically set on a user’s browser without the user’s explicit consent.
  • To configure the Cookie Compliance User Preference Center to include a cookie list, you must identify which category each cookie belongs to for grouping within the cookie list.
  • To use cookie auto-blocking features, you must identify the category each cookie belongs to for the feature to auto-block by category.

Allow time for testing

Though the user interface of a privacy platform may seem simple, it’s critical to make sure that it’s properly functioning behind the scenes. By planning ahead and prepping your requirements early, you’ll have a better chance of allowing ample time for testing. 

Ongoing maintenance

Implementing a privacy platform is not a once-and-done exercise. Your implementation will require revisiting periodically to make tweaks and updates, as your organizational requirements and policies change. This is essential to maintain compliance, as well as give your users a positive experience on your site. 

OneTrust implementation 

One platform that Reason One has implemented for clients recently is OneTrust. 

OneTrust is one of the largest and most widely used platforms that manages site wide privacy and security compliance according to global privacy laws. We have integrated this platform for a variety of ecommerce and nonprofit organizations which have complex privacy and security needs. 

Before getting started, it’s crucial to confirm your privacy requirements as mandated by law. These should be confirmed by either individuals or groups responsible for privacy within your organization. 

Here’s how we approached implementation:

  1. First, we create Primary Insurance Amount and Data mapping questions to document data flows and determine privacy risk. 
  2. Identify and prioritize business projects, initiatives and systems that need privacy review.
  3. Setup access roles and define approval workflows across business stakeholders.
  4. Identify integration points into business processes and setup triggers for Privacy By Design.

To create the most thorough implementation possible, we took it a few steps further by:

  1. Assessing the maturity of client privacy, security and data governance programs and benchmark against similar organizations.
  2. Scan client websites to identify cookies and trackers and generate geo-specific cookie banners, preference centers and cookie policies.
  3. Identify and mitigate vendor risks based on key use cases and standards.
  4. Map business practices to meet the standards of internal rules and external regulations.

Then, this component moves into design. We take into consideration your brand logo, brand color and site global privacy laws for the OneTrust banners. 

We then set up testing sandboxes in OneTrust to build and test designs and functionality. Any styles that are available to be customized can be configured and built by our team of experts. 

Here’s how it looks for users: 

The Toronto Region Board of Trade homepage, featuring a bottom bar that reads, "Cookie Consent, By clicking 'Accept All Cookies," you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts." To the right of that message is a link that takes users to Cookie Settings, as well as two buttons: one that invites users to "Reject All" and one that invites users to "Accept All".

The bottom banner alerts users that the site is collecting cookies, and gives users the opportunity to customize their cookies.

An open modal on the TRBOT home page, allowing users to select their cookie preferences.

The subsequent modal opens, providing more context for how Sir Speedy will utilize data, and gives users a more customizable way to control their personal data collection. 

Choosing an implementation partner

As we’ve outlined, choosing and implementing a privacy platform should be treated as a strategic part of your entire website. At Reason One, we consider all key components such as this from a strategic point of view, ensuring that your privacy goals aren’t left to the last minute. 

Our experts are available to discuss your options and considerations with you, no matter where you are in the process. Drop us a line today.