Skip to main content

Compliance and Regulation in Commerce


The below section will take care of some of the critical considerations when designing any commerce platform. This is not a comprehensive list though.

Data Privacy and Protection -  This is a crucial decision to keep customer data protected against all odds. There are several data protection and privacy compliance for all types of customer data, specially important in financial, healthcare, and social integration scenarios.

Cambridge Analytica’s use of data from Facebook to influence US election in 2016 was a massive issue and questioning all the social media sites about how they treat with customer personal data.

  • Few important directions are Data Protection Directive 95/46/EC of 24 October 1995, General Data Protection Regulation (GDPR), United States Privacy Act, Safe Harbor Act, Health Insurance Portability and Accountability Act (HIPPA) to name a few.
  • Basically for any platform to be deployed in India, Information Technology Act, 2000 is important. Recently Indian government posed a law to not share or store customer sensitive data (transaction or non-transactional) outside India. All the banks and payment gateways have strict guidelines to conform to this guidelines. Refer to “Niti Aayog” guidelines for further information.

Few of the critical data under privacy are : Email, user id, Passwords, Demographic information, Financial information such as bank account or credit card or debit card or other  instrument details, Physical, physiological and mental health condition, Sexual orientation, Medical records and history, Biometric information, Browsing history, Personal interests.

GDPR - The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.  There are eight data protection principals, need a data protection officer to evaluate and audit the current state before taking any action for data privacy. The main characteristics include consent management, data archival, data cleanup, customer’s request for access or correction to their data.
It is not only applicable for applications hosted or running in EU region, even if any application running outside EU but accessed by citizens residing in EU are part of this directive.

All the major commerce platforms like SAP Hybris Commerce, IBM WCS, ElasticPath, Salesforce Commerce support framework to support GDPR.

W3C and WCAG 2.0 – This is Web Accessibility Requirement worked with World-wide consortium. Web Content Accessibility Guidelines (WCAG) 2.0 covers a wide range of recommendations for making Web content more accessible. Following these guidelines will make content accessible to a wider range of people with disabilities, including blindness and low vision, deafness and hearing loss, learning disabilities, cognitive limitations, limited movement, speech disabilities, photosensitivity and combinations of these.

There are multiple levels like A, AA, AAA to conform, depends on the type of the application and website. A set of principles and guidelines are there under WCAG to follow for the website.
ADA (Americans with Disability Act) is one of the main consideration under WCAG.

PCI -DSS - The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
There are 12 requirements to follow here, important considerations are tokenization, two-factor authentication, 3D security.

PART 11 (Data retention and archival policy) – Important regulation for archiving data specially in US. Part 11 is the part of Title 21 of the Code of Federal Regulations that establishes the United States Food and Drug Administration (FDA) regulations on electronic records and electronic signatures (ERES). Any projects running in US should consider Part 11 specially if the application is handling content and records management.

EUROPEAN COOKIE LAW – All the websites Owned by EU or targeted for citizens in EU need to show a consent to the visitors to store and retrieve any information in the browser.

COMPLAINCE FOR CHILD AGE (COPPA) – In US, any site accessed or targeted for children under 16 years of age need to have parent or legal guardian’s consent to collect and process data. The retail sites which sells goods or merchandize for children come under this category mainly and need to comply with this compliance.

Comments

Post a Comment

Popular posts from this blog

SmartEdit & its Personalization in Hybris

SmartEdit introduced  in 6.0 Hybris version and  Personalization (based on SmartEdit)  enabled in 6.1 Hybris version Onwards . SAP Commerce SmartEdit allows content managers to easily create and manage their website content on-the-fly in different inflection points and make it available to their customers with the click of a button. Personalization (based on SmartEdit) provides an integrated, user-friendly way of building experiences that are relevant to your customers, which is key to driving engagement and conversion.  Personalization encompasses modules and extensions that facilitate using Personalization Mode in SmartEdit to create a fully customized user experience. Personalization capabilities work across both content and commerce in an integrated way, so that you can build customer experiences consistently across channels and functionality. Using SmartEdit for Customer Experience, you can see the end-customer experience as...
Post a Comment
Read more

Performance Improvement in Hybris eCommerce

Below points will specially help   grocery   based projects where adding   50-60 products per cart   is a common trend and where   complex promotions   are used using   drools   engine. Add/Update to cart     à   In OOB Hybris whenever any new product is added to cart or quantity of existing product is updated in cart (from PLP, PDP, Search page etc) then calculateCart() method is called in order to calculate total price of the cart. This call can be prevented (to increase   performance ) in case the business requirement is to just show notification of add to cart without total price in minicart. View Cart   à   In case 50-60 products are added in cart and approx. 30% of the products have promotions applied then OOB Hybris view cart can take between 10-15 seconds to load (based on complexity of promotion). In order to avoid custom waiting 10-15 sec to see view cart this operation of can be split into below ...
Post a Comment
Read more

How does Disney Hotstar capture 5 Billion Emojis during a tournament?

  Here is my understanding of how the system works. 1. Clients send emojis through standard HTTP requests. You can think of Golang Service as a typical Web Server. Golang is chosen because it supports concurrency well. Threads in GoLang are lightweight.  2. Since the write volume is very high, Kafka (message queue) is used as a buffer. 3. Emoji data are aggregated by a streaming processing service called Spark. It aggregates data every 2 seconds, which is configurable. There is a trade-off to be made based on the interval. A shorter interval means emojis are delivered to other clients faster but it also means more computing resources are needed. 4. Aggregated data is written to another Kafka.  5. The PubSub consumers pull aggregated emoji data from Kafka.  6. Emojis are delivered to other clients in real-time through the PubSub infrastructure.  The PubSub infrastructure is interesting. Hotstar considered the following protocols: Socketio, NATS, MQTT, and gRPC, a...
Post a Comment
Read more