Ask online consumers customers why they haven't made purchases over the Net, and they'll probably cite fears about two related, but distinct issues: online security and online privacy.

"The media first jumped on security issues," said Pete Sfoglia, a partner in Ernst & Young's Internet Security practice in Los Angeles. "If I send information from point A to point B, how do I know that someone in C or D can't hack it and see what I'm doing?"

More and more, however, these security issues have been solved by calling on a variety of technologies, including software, firewalls, hosted servers, encryption and virtual private networks. Now, privacy is emerging as a major issue.

For example, a common privacy issue involves online retailers who sell their customer lists to other organizations. Customers might also worry about misuse of personal information, such as social security numbers or family data. The possible abuses are chilling. Could the medical history of a consumer buying medication via a Web site, for instance, somehow end up in the hands of a potential employer?

What's more, consumers may not even be aware that Web browsers and Web sites can query their PCs and pull down data without their knowledge. Little wonder that a recent study found that 61% of people who don't use the Internet say it's due to worries regarding possible misuse of their personal data. Even netizens have worries. That same study found that more than 70% of people who do go online say privacy concerns keep them from using the Internet more than they do.

"Addressing fears about privacy is absolutely critical for an Internet business' survival," said Bill Barrett, leader of Ernst & Young's Internet Services Practice in the Pacific Southwest. "If consumers don't trust a site or perceive little or no benefit from sharing personal information, businesses stand to lose valuable customer knowledge that can be translated into competitive advantage."

For instance, knowing more about customers enables a business to tailor and improve customer service, new product development, marketing, and sales,all of which touch the bottom line.

"There's a lot at stake for Internet retailers," said Barrett. "Every company doing business online should be addressing the privacy issue,sooner rather than later."

Where to begin?

Ernst & Young offers these four guidelines:

1. Establish appropriate privacy policy and practices. Ensure that your policy meets or exceeds Fair Information Practices being established by leading industry groups, such as the Online Privacy Alliance, or other international bodies, such as the Organization of Economic Cooperation and Development. Be sure to post your policy and practices prominently and clearly.

2. Ensure that internal practices and controls can enforce your policy and satisfy regulations. You'll have to make sure that your business processes and technologies are aligned to enable your policy.

3. Develop a privacy compliance process for adequate monitoring and reporting. You can do this via self-compliance and/or third-party involvement.

4. Provide third-party certification and trustmarks regarding your privacy practices. This will assure Internet shoppers of your ongoing compliance. One prominent trustmark is that from TRUSTe, with more than 500 sites covered by its program. Another is the Council of Better Business Bureaus' online service mark.

As online commerce increases, privacy will become even more crucial, noted Sfoglia.

"Some research houses have said that by 2002, electronic commerce will reach a level of $350 billion. Right now it's at $20 billion," he said. "One reason why electronic commerce hasn't grown as rapidly as expected is because it hasn't been able to grow within an environment of trust. Building a confident, trusting consumer base must be a top priority for all Internet retailers."

Adrienne Hedger is with Ernst & Young LLP.

For reprint and licensing requests for this article, CLICK HERE.