Skip to main content

Compliance and Regulation in Commerce


The below section will take care of some of the critical considerations when designing any commerce platform. This is not a comprehensive list though.

Data Privacy and Protection -  This is a crucial decision to keep customer data protected against all odds. There are several data protection and privacy compliance for all types of customer data, specially important in financial, healthcare, and social integration scenarios.

Cambridge Analytica’s use of data from Facebook to influence US election in 2016 was a massive issue and questioning all the social media sites about how they treat with customer personal data.

  • Few important directions are Data Protection Directive 95/46/EC of 24 October 1995, General Data Protection Regulation (GDPR), United States Privacy Act, Safe Harbor Act, Health Insurance Portability and Accountability Act (HIPPA) to name a few.
  • Basically for any platform to be deployed in India, Information Technology Act, 2000 is important. Recently Indian government posed a law to not share or store customer sensitive data (transaction or non-transactional) outside India. All the banks and payment gateways have strict guidelines to conform to this guidelines. Refer to “Niti Aayog” guidelines for further information.

Few of the critical data under privacy are : Email, user id, Passwords, Demographic information, Financial information such as bank account or credit card or debit card or other  instrument details, Physical, physiological and mental health condition, Sexual orientation, Medical records and history, Biometric information, Browsing history, Personal interests.

GDPR - The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.  There are eight data protection principals, need a data protection officer to evaluate and audit the current state before taking any action for data privacy. The main characteristics include consent management, data archival, data cleanup, customer’s request for access or correction to their data.
It is not only applicable for applications hosted or running in EU region, even if any application running outside EU but accessed by citizens residing in EU are part of this directive.

All the major commerce platforms like SAP Hybris Commerce, IBM WCS, ElasticPath, Salesforce Commerce support framework to support GDPR.

W3C and WCAG 2.0 – This is Web Accessibility Requirement worked with World-wide consortium. Web Content Accessibility Guidelines (WCAG) 2.0 covers a wide range of recommendations for making Web content more accessible. Following these guidelines will make content accessible to a wider range of people with disabilities, including blindness and low vision, deafness and hearing loss, learning disabilities, cognitive limitations, limited movement, speech disabilities, photosensitivity and combinations of these.

There are multiple levels like A, AA, AAA to conform, depends on the type of the application and website. A set of principles and guidelines are there under WCAG to follow for the website.
ADA (Americans with Disability Act) is one of the main consideration under WCAG.

PCI -DSS - The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
There are 12 requirements to follow here, important considerations are tokenization, two-factor authentication, 3D security.

PART 11 (Data retention and archival policy) – Important regulation for archiving data specially in US. Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures (ERES). Any projects running in US should consider Part 11 specially if the application is handling content and records management.

EUROPEAN COOKIE LAW – All the websites Owned by EU or targeted for citizens in EU need to show a consent to the visitors to store and retrieve any information in the browser.

COMPLAINCE FOR CHILD AGE (COPPA) – In US, any site accessed or targeted for children under 16 years of age need to have parent or legal guardian’s consent to collect and process data. The retail sites which sells goods or merchandize for children come under this category mainly and need to comply with this compliance.

Comments

Post a Comment

Popular posts from this blog

Performance Improvement in Hybris eCommerce

Below points will specially help   grocery   based projects where adding   50-60 products per cart   is a common trend and where   complex promotions   are used using   drools   engine. Add/Update to cart     à   In OOB Hybris whenever any new product is added to cart or quantity of existing product is updated in cart (from PLP, PDP, Search page etc) then calculateCart() method is called in order to calculate total price of the cart. This call can be prevented (to increase   performance ) in case the business requirement is to just show notification of add to cart without total price in minicart. View Cart   à   In case 50-60 products are added in cart and approx. 30% of the products have promotions applied then OOB Hybris view cart can take between 10-15 seconds to load (based on complexity of promotion). In order to avoid custom waiting 10-15 sec to see view cart this operation of can be split into below ...
Post a Comment
Read more

SmartEdit & its Personalization in Hybris

SmartEdit introduced  in 6.0 Hybris version and  Personalization (based on SmartEdit)  enabled in 6.1 Hybris version Onwards . SAP Commerce SmartEdit allows content managers to easily create and manage their website content on-the-fly in different inflection points and make it available to their customers with the click of a button. Personalization (based on SmartEdit) provides an integrated, user-friendly way of building experiences that are relevant to your customers, which is key to driving engagement and conversion.  Personalization encompasses modules and extensions that facilitate using Personalization Mode in SmartEdit to create a fully customized user experience. Personalization capabilities work across both content and commerce in an integrated way, so that you can build customer experiences consistently across channels and functionality. Using SmartEdit for Customer Experience, you can see the end-customer experience as...
Post a Comment
Read more

Use of PartOf in Hybris

Definition PartOf modifier is used to define the aggregation relationship between Parent and Child objects. To explain it better I would say PartOf is used to defining cascade delete.  When we delete a Parent object then all its child objects(partOf) will be deleted automatically. Why or When to use PartOf? PartOf may make sense when the relationship involves "is part of" description. For example, an OrderEntry record(AbstractOrderEntry) is part of its parent Order(AbstractOrder), and older entries will never be shared between multiple orders. If the Order were to vanish, the OrderEntry should as well, and an order entry without an Order would be a problem. How to use PartOf? Looking into the following items.xml snippet we can able to understand the importance of PartOf This also can be defined at the attribute level. Like <itemtype code="User" extends="Principal" jaloclass="de.hybris.platform.jalo...
Post a Comment
Read more