Archive for December, 2009

Converting an application to .Net 3.5 and Visual Studio 2008 from .Net 2.0 and Visual Studio 2005

December 24th, 2009 Arghya Mahapatra 1 comment

As this is my first step in .net 3.5 and Visual Studio 2008 both, so I was thinking why not just try with my existing web application in .net 2.0 which I daily work on using Visual 2005. Because creating a new application is not that much challenging I guess but converting an application from an older framework to latest framework is little bit challenging.

Before I put my 1st step I needed .net 3.5 framework and Visual Studio 2008 Professional Edition in my place. You can also get free downloads of .net 3.5 framework from Microsoft’s official site (you can use ) and please buy a genuine copy of Visual Studio 2008 before you follow my steps bellow.

Step 1:

When you are ready with VS 2008 and .net framework 3.5 in your system and you have configured default setting in VS 2008, then you can open VS2005 solutions. So, go to File >> Open >> Project/Solution (Ctrl + Shift + O); Open Project dialog will be opened. Select a VS 2005 solution and open it. It will open a wizard to convert the solution from older version to new 2008 version.



Step 2:

Click Next to backup your current project. Check Yes, create a backup before converting radio give the location for backup



Step 3:

Click Next to finally complete the conversion.



Step 4:

Click Finish to complete the Wizard. It will open a Message Box and ask you to upgrade the project’s framework from .Net 2.0 to .Net 3.5.



Step 5:

Do not check the check box for all solutions unless you want it to convert all .net 2.0 solutions in .net 3.5 whenever you open it using VS 2008. Click Yes to upgrade the framework. You will get the Conversion Complete window of the wizard.



Step 6:

Check the checkbox to view the conversion log and click close button to close the wizard and open the Log like bellow screen.



Step 7:

So now you have completed all the steps. Your solution is converted to VS 2008 version and project framework is converted from .net 2.0 to .net 3.5. You can check all files and directories in your Solution Explorer. Now we need a build to run the application. Follow the steps to change the Target Framework to .Net 3.5 : Right Click on the Solution >> Select Properties >> Click Application Tab >>  Select .Net Framework 3.5 as Target Framework. Save the Properties and Build the application.

Step 8:

Now you may be thinking that I will tell you to configure IIS to run the application properly in .net 3.5. That's not required –  Since Net 3.5 is just an extension of .Net 2.0. So the same aspnet_isapi.dll of .net 2.0 is used. So, there is no change in IIS. In fact you will not get any option of .Net Framework 3.5 in IIS. (For more information )

As web.config changes were taken care of by the wizard I don’t need to tell you the changes but if you want to see the changes you can check the following link

Now the time is to check the running application to confirm the successful conversion.  Yahoo I got the first screen of my application. I was pretty happy that time. My application was running in .Net 3.5.

Ooops! I got the bellow screen when I browsed one of the ajax page where I used ScriptManager.



To overcome this issue I deleted all my \bin filesand rebuilt the application. I browsed the application again and checked the same page and it was working fine. (For more details

I got stuck with another issue when I browsed a page where I used the Ajax toolkit. 



To fix the issue I downloaded the latest Ajax tool kit from and copied AjaxControlToolkit.dll and System.Web.Ajax.dll from AspNetAjaxLibraryBeta0911\WebForms\Release to bin and then rebuilt.

Now I can smoothly run my old .net 2.0 web application in .Net 3.5 framework.

This post is written by Arghya Mahapatra. Arghya is a Tech Lead in the eCommerce Practice at Ignify. Ignify is a Global Microsoft Dynamics Inner Circle Partner specializing in ecommerce for Retail, Distribution, and Manufacturing businesses. Ignify has been included as the fastest growing business in North America for 3 years in a row by Deloitte, Inc Magazine and Entrepreneur Magazine.

Make your ERP project more than just a new system that works like the old one did

December 18th, 2009 Sandeep Walia 1 comment

I'm still surprised at how many customers still insist that the new system work exactly the last one does or supports their business process like they had it before the project. A fundamental question then is - why are you doing this project? If you are just looking for a nicer looking interface with no meaningful results then don't even waste time on an ERP project. Modern ERP systems bring with them bundled best practices. And an ERP project is the perfect time to re-evaluate your business processes and bake those processes into your new implementation.

I lead the implementation for an global Activity Based costing (ABC) effort for a 1 billion dollar division of a Fortune 10 customer. Of the many things I was analyzing, one key element was how people spent their time.One report in particular took about 5 person days of time to get ready every month. An annual cost of over 15,000 ($40/hour X 12 month x 5 days x 8 hours a day).This particular unit had a net profit margin of just $1 million on revenues of $1 billion and such reports were a gold mine to bring that net margin up. However, the cost to auotomate this report was estimated to be in the $45,000 range as it was a fairly complex report. The management balked at this cost. So we started digging into ways of simplifying the report. The report was initiated by a person in San Jose, California. Other data was filled by a finance person in Singapore and then by a team members in UK, Phoenix, Malaysia, UK and Germany. Certainly a lot of coordination and time. When finalized, the report was distributed to about 50 executive team members. I took the approach of reaching out to each recipient to ask them what was truly critical in the report so we could eliminate some of the complexity of the report. The results were staggering – none of the recipients ever readthe report and felt it was something that others probably found useful. Instead a simpler report was designed that cost only $2,000 to write and built in a day and was actually useful to all the divisional heads in improving their bottom-line. The report was completely automated and required no manual intervention.However, the fact that we developed a report that saved $15,000 is not so significant as the fact that had we not dug deep enough to find out the true pain we would have spent $45,000 ensuring the system worked like the client worked prior to the implementation and achieved nothing in the process. Are you sure you are not doing this to some degree?

I even found traces of this at Ignify. When we cut over to Dynamics AX – we got the ability to attach each receipt or expense with an AP invoice. We no longer had to sort and catalog these on a portal as Dynamics AX automatically catalogued our attachments with the invoice that was posted. However, our booking team members for a full 6 months after going live on Dynamics AX kept uploading the booking receipts to the portal while our payables team kept cataloging this in Dynamics AX. Of course we stopped the earlier process of uploading to the portal as soon as we found out. We had found a better way to do this, adopted it but forgot to tell someone to stop doing what they were doing :-) . How much work goes on that is useless and redundant. In my ABC analysis project that I had done – I found it was very significant. Employees were spending approximately 40% of their time doing non value-adding activities. When you cut over to a new system – leverage its intrinsic benefits of best practices. There is no better time to re-engineer your business process and ask 'How can I make this better simpler and more cost-effective' for every process. Weigh the cost with the benefit. The highest benefit with the lowest cost is when you can leverage what is out of the box and use that.

When Ignify adopted Dynamics AX globally, we cut out several redundant and manual processes – the workflow and ability to review postings, role-based security allowed us to cut out all the manual approvals that we had.We are still learning to improve but we implemented Dynamics AX globally for 300 employees across seven offices in 6 weeks by staying vanilla. We made zero customizations and drove our business to the best practices Dynamics AX provided to us. We spent a lot of time on business process design and how each process can be improved over what we had today. We spent time writing up process training documents for pretty much every finance, accounting, collections, and AP job – how to post a credit card transaction, how to post vendor invoices, how to post wire transactions, how to apply a customer payment. It was great- suddenly we moved from an undocumented, disorganized set of processes to a methodical way of doing business that supported our core consulting and software implementations.And these processes were written 100% by the Dynamics AX task recorder tool and have Microsoft Dynamics AX screen shots in them. At the heart of it we asked ourselves if we were a complex business and the answer was a resounding no. We are a simple business model and we wanted everything to be simple and easy to understand. Our goal was to make our processes even simpler and yet have the desired level of controls which Microsoft Dynamics AX did a great job of bringing to the table.

Microsoft Dynamics AX was great for us and has been great for our customers but I'm not proposing that as your ERP. I'm proposing that whatever system you choose to work with, that you leverage its native strengths and use the ERP implementation as a way of strengthening and simplifying your business processes and getting more for less. I've also run into situations where customers want to wait for writing up the perfect business process before starting an ERP project.That can take a really long-time and you may never start. The ERP application you choose will give you business processes out of the box as a starting point – use that as a spring board to move to the next level.

Sandeep Walia is the President & CEO of Ignify. Ignify is a technology provider of ERP, CRM, and eCommerce software solutions to businesses and public sector organizations. Ignify is a Microsoft Dynamics Inner Circle Partner and ranked in the top 18 Microsoft Dynamics partners. Ignify has been included as the fastest growing business in North America for 3 years in a row by Deloitte, Inc Magazine and Entrepreneur Magazine.

What Should My eCommerce Store Conversion Be

December 9th, 2009 Ranjit Goray No comments

Every online retailer, at some point during their evolution, asks the question:  “what should my conversion be?”.  The hope is that, if you could only find this holy grail number, it would serve as a panacea for all of your online business ills and allow you to finally know where your online business should be when optimized.  If you jumped when you saw the title of this article, we can assume you might be one of these hungry souls.  The good news:  you can finally stop looking.  The bad news:  it’s because there is no answer. 

When You Can Find Data, It Varies Widely
The first challenge you encounter on your quest is actually finding published conversion data for comparison.  The reality is that there is no online retail metrics clearinghouse in the sky where online retailers faithfully subscribe and dutifully report all of there closely-held internal financial information.  There are a number of different sources that publish aggregate conversion data, but a quick review of these sources highlights significant disparities, overly broad ranges, and dissimilar definitions that make any attempt at comparison all but meaningless.

 None of the Data Exactly Matches Your Business
 When you look across the published data you are faced with the challenge of deciding which number to compare to your business.  The reality is that there are dozens of differences between your business and even your closest competitor – different brand strength, different assortments, different promotions, number of offline stores, different geographies covered, marketing budgets, size of e-commerce teams, the list goes on and on.  So many variables can ultimately affect conversion that it severely limits the instructive value of the the metric itself.

A Fixation on Conversion Can Be Dangerous
Attempting to oversimplify your business and fixate on a single metric can also lead to incorrect conclusions and dangerous decisions.  Take the example illustrated below.  Scenario A depicts a retailer at “steady state.”  Scenario B depicts the same retailer after making in incremental investment in some low-cost marketing that drives additional but much less qualified traffic.

What should my conversion be

Does Scenario B represent an undesirable outcome?  But it must… clearly the conversion went down.  In fact the incremental traffic converted at 50% the rate of the steady state traffic.  But revenues increased (materially).  Marketing return also increased.  Why would we possibly focus on just the conversion number? 

Should You Ever Be Happy With Your Conversion?
Nielsen Online published the data depicted below in March 2009 showing top converting websites. 

What should my conversion be

What insights should we draw from this data?  If your conversion rate is currently at 1% should you resign now in disgrace and head towards the nearest bridge (or pub, I prefer pub)?  And what if you are Schwan’s with a staggering 50.5% conversion rate?  Should they declare victory, put things on auto-pilot and take an extended vacation (or head to the nearest pub)?  The one thing we can be certain of in either case is that senior executives at both your company and Schwans will be giving the same orders tomorrow:  get those numbers higher.  The bottom line:  there is no “final destination” for this metric — and if you think you have room for improvement you probably do.

Try a More Balanced Approach to Measuring Your Business
The reality is that is naïve to think that we can measure and run our businesses on an single, oversimplified equation like “traffic x conversion x average order value” any more than a brokerage can run theirs on the mantra of “buy low, sell high”.  Instead, we need a more pragmatic, balanced approach.  We recommend an adaptation of Kaplan and Norton’s famous balanced scorecard approach.

Building a “Balanced Dashboard” for Your Online Business
For our online retail balanced dashboard, we recommend focus on the following four areas:

  • Transactional Measures — Yes we should track conversion, but only in the company of a number of other meaningful metrics that span the customer experience.  This set should most likely include not only online metrics but also broader offline and brand impact measures (assuming those are part of your business objectives).  A cross-section of traffic measures, shopping funnel and related metrics across the online experience will shed light on how well visitors are behaving and moving through the buying process.


  • Repeat Customer Measures — Repeat customer measures should be given equal or even greater emphasis than transactional measures for one simple reason:  customers who return over and over again are evidence of a solid underlying value proposition (whether the value proposition is product, price, or experience-based).  Repeat customer measures should include not only the overall repeat purchase rates but also more granular breakdowns including tiering of repeat customers, average valuations and migrations within each tier, and new-to-repeat conversion ratios.  


  • Customer Feedback Measures — Customer feedback measures can serve as early warning systems for bigger problems down the line.  Tools such as site intercept surveys, email surveys, and net promoter scores can be used in conjunction with monitoring of return patterns and trends in service calls to identify problems and gauge the pulse of both visitors and customers.

What should my conversion be

  • Internal Process Measures — The final set of measures cannot be found in a web analytics package but are probably equally helpful in improving your business.  The goal of this set of measures is to gain visibility into what types of activities your online group is investing time in and which types it is not.  A high-performing online organization will spread their time across a range of value-added activities.  Average online groups, by contrast, will repeatedly get mired in a few areas (e.g. endless iterations regarding the home page spot or design of the next email creative) while ignoring more productive activities like customer monitoring, experience optimization, and product presentation.  Start with some simple time tracking by major activity area to see where your team is investing its time and you should quickly highlight some needed changes.

Once you’ve developed your dashboard, a baseline should be established for each set of measures at which point your task becomes tracking and monitoring these measures at meaningful intervals and investigating changes.

Slightly More Work, But a Better Result
If you’re seeking an answer to the question “what should my conversion be?” the answer is simple:  it should be higher.  If you’re seeking an answer to the question “is my business where it should be?”, take a little extra time, develop a balanced dashboard and the data that will provide you with the answer.

This post is written by Ranjit Goray. Ranjit is the Senior Manager-eCommerce in the eCommerce Practice at Ignify. Ignify is a Global Microsoft Dynamics Inner Circle Partner specializing in ecommerce for Retail, Distribution, and Manufacturing businesses. Ignify has been included as the fastest growing business in North America for 3 years in a row by Deloitte, Inc Magazine and Entrepreneur Magazine.

MOSS 2007 – Show/Hide ‘Workspace’ on New/Edit Form

December 4th, 2009 Atul Shukla No comments

Somebody asked me about hiding a field called 'Workspace' from Calendar: New Event or Edit existing event.
I was wondering that there should be some easy way to hide any field available on 'New' or 'Edit' page.

I googled around, and I found couple of responses, for example:

  1. Modifying the NewForm.aspx page in SharePoint Designer 2007, hiding existing List Form Web Part, and then adding Custom List Form. Then delete the Workspace row from the form.

    Let me talk about the disadvantages of this option:

    • a. Attach File will NOT work. You need to investigate further to make it work. Still painful process.
    • b. Try to create a 'Recurring' event; it will not work as expected.

    Considering these advantages, I thought that this is very tedious process, and one has to make the changes to all calendar lists. And then this change is required to be done on NewForm.aspx and EditForm.aspx. How about that? So it is really very painful process.

  2. Another option is again, modifying the NewForm.aspx or EditForm.aspx, and add following script (However, it didn’t work for me though), but it is worth adding it here, just in case, if people are trying to solve the problem in this manner.

    <script language='JavaScript' type='text/javascript'>
        var toolbar = document.getElementByName("<name attribute value>"); = 'none'; = 'none';

    This can be added in asp:content ContentPlaceHolderId="PlaceHolderTitleAreaClass".
    Once again as I said that it didn’t work for me, but it can be done this way too.

  3. Recommended way. First thing is that it is a feature, and can be found (12 Hive folder) at C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\Template\Features\EventsList. Yes, it is event list feature. Now the modifications are required in schema.xml that can be found under Events folder (folder location, once again, is ..\12\TEMPLATE\FEATURES\EventsList\Events). This file can be modified in notepad.exe.

    While looking into the Calendar List Settings in Internet Explorer, I noticed that this field 'Workspace' is of type 'Cross Project Link'. This is important to remember, and search 'CrossProjectLink' in schema.xml file. I noticed there is only one instance of it.

    Secondly, the field is SharePoint field so looked for the corresponding class which is SPField. I looked into SPField Class Members on MSDN and found a couple of interesting properties (and used two of them), for example, ShowInDisplayForm, ShowInEditForm, ShowInListSettings, ShowInNewForm, ShowInVersionHistory, ShowInViewForms. I was interested in ShowInEditForm and ShowInNewForm properties only. So in schema.xml file, for Field of Type="CrossProjectLink", added these two properties as attributes, and set the value="FALSE".

    IMPORTANT: attribute value should be set as ShowInNewForm="FALSE" (case sensitive). If you set the value as ShowInNewForm="false", it will not work, so be careful here.

    My final <Field> is looked like:

    <Field ID="{08fc65f9-48eb-4e99-bd61-5946c439e691}" Type="CrossProjectLink" 
        Name="WorkspaceLink" Format="EventList" 
        DisplayName="$Resources:core,Workspace;" DisplayImage="mtgicon.gif" 
        HeaderImage="mtgicnhd.gif" ClassInfo="Icon" 
        Title="$Resources:core,Meeting_Workspace;" Filterable="TRUE" 
        Sealed="TRUE" SourceID="" 
        StaticName="WorkspaceLink" ShowInEditForm="FALSE"

    As mentioned, I added only two attributes. Save the schema.xml file.

Now the task is to publish the feature with changes. And since the feature is already installed and activated, so it is mandatory to de-activate it and then un-install it.

To smoothen the process I wrote two batch files one each for de-activate, un-install and install, activate:

script for uninstallfeature.bat

path="C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN"
cd \
cd "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN"
stsadm.exe -o deactivatefeature -filename EventsList\Feature.xml -url http://moss2007:8551/sites/Demo1
stsadm.exe -o uninstallfeature -filename EventsList\Feature.xml -force
cd \

It is straight forward to understand, however, if you want instructions for the same, can send me request.

script for installfeature.bat

path="C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN"
cd \
cd "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN"
stsadm.exe -o installfeature -filename EventsList\Feature.xml
stsadm.exe -o activatefeature -filename EventsList\Feature.xml -url http://moss2007:8551/sites/demo1
cd \

URL is required to install the feature, in this script, I am deploying the feature for a specific website.
Don’t forget to do ISRESET

I am done, and when I tried to create or edit a calendar event, I don't see 'Workspace' option in there. I double checked that attach file is working, and I am able to create a 'Recurring' event too.
It is really very useful tip for me, so thought let me add it here for future reference too.

This post is written by Atul Shukla. Atul is a Manager in the Microsoft SharePoint Practice at Ignify. Ignify has over 300 person years of SharePoint experience with multiple SharePoint implementations. Ignify also internally leverages Microsoft SharePoint as a tool to collaborate across all its offices and for all its projects. For help on SharePoint Services email us at

Data Security 2010: Lessons learned from 2009 and how to move your Internet Retail business into the future

December 3rd, 2009 Pankaj Kumar 1 comment

Data Security has been top of our minds at Ignify. We spent over 18 months strengthening the security for Ignify eCommerce including taking it through its PCI compliance. I am glad to report that the PCI Standards Council passed Ignify eCommerce on the PA DSS II standard and makes us the only eCommerce platform that offers integration with mid-market ERPs to have achieved that. Based on my experiences in leading this effort – I came up with some trends and tips that can help you and any business that is looking or is selling online. Some background first – per the DataBreaches website,  2009 has been the first year that the number of data breach incidents recorded has actually dropped, since 2005. If that makes you feel a little more secure – there is a counter side. The same site reports on personal records that have been exposed – 220 million records in 2009 as compared with 35 million in 2008.

There are two important trends to note here. The first – Technology advancements (and simplifications) have made breaches increasingly difficult. Second – The people side of the equation; where small entry errors have lead to large scale breaches sometimes becoming more difficult to manage than technology issues. The fact is that there are people involved with keeping information secure. It is extremely critical that processes such as implementing an immediate access termination when employees leave an organization, are well oiled and working at all times.

My prediction is that 2010 will see more breaches due to human errors rather than technology errors. For example, there have been 11 breaches reported on in November 2009. Out of these 8 breaches are human errors while 3 are technical holes or hacks. 

With a poor economic state and online shopping becoming a necessary tool for tough times, merchant readiness for handling confidential data both on the technology and people front is critical for a successful online presence. As the New Year approaches, it is important to review the lessons learned from the past year and reflect how we can use past trends to correct and innovate data security in 2010.

What have we learned in the past year?

Lesson 1: Be ready to handle confidential data before you turn on the switch

The healthcare industry was attacked with a flurry of data breaches in 2009. Most recently and noticeably in August, Anthem Blue Cross and Blue Shield of California was involved in a data breech of more than 850,000 physicians throughout the United States including critical personal information such as; Social Security, taxpayer ID, and NPI numbers, may have been compromised when a laptop containing sensitive data was stolen in Chicago.

What can we learn from this very basic case of information theft? Anthem and Blue Shield were not prepared to handle confidential data. Carrying secure data on physical media has specialized security needs and merchants should have those processes well tied together. At times, it boils down to simple processes that include how authorization and communication is carried out in an organization.

Technology has matured thanks to collective learning becoming a part of the technology itself; but organizations do not assimilate best practices at the same pace – people unfortunately make mistakes and security mistakes can be fatal to your business.

Once the switch is turned on and systems start humming, there is a human tendency to start focusing on day to day operational issues and data security begins to take a back seat. As a merchant, it’s important that you have your people related systems in place to conduct regular audits and trainings to keep data security in the front. Does it have to be expensive – No – Simple devices such as funny posters on the wall or creative emails do a great job of reminding everyone of the threat.

Lesson 2: Think about Data Security upfront while working on your online initiatives

Whether you are working with a vendor or in-house staff, ensure that you have proven expertise on board. With a vendor this could mean checking if their systems have necessary security certifications. As an example – PCI PA Certification applies to all software vendors handling card data in any form or fashion and the certification body has published information of certified software for public access. For in-house staff, there are a couple of options – SSCP certifications for network administrators and CSSLP certifications for developers.

Using these public initiatives – you can learn about data security and make decisions that have the data security green light.

Lesson 3: If you are an eCommerce merchant, get PCI certified

PCI over years has become a leading authority for merchants to learn around data security threats and mechanisms to prevent those. As a merchant you can get PCI DSS certified by ensuring that you meet all criteria laid out by the Security Council. The cost for such certifications has been coming down but they may still be prohibitive for some merchants. In such cases there is self assessment available that any merchant can use to ensure that they can handle confidential data.

Treat PCI certification as a fixed asset purchase, it would serve you over a longer period and would get you a benefit – trust of your customers – that has a very definite ROI icon-inline-shopover a period of time.

Lesson 4: Compliance is not a golden ticket: Secure your systems: once, twice, three times.

In July, Network Solutions LLC, a web hosting firm announced a data breach of approximately 574,000 individuals’ credit card information. The company claimed that it discovered unauthorized code on servers that supported its e-commerce merchants' websites. It was determined that the transaction data of about 4,343 of its merchant websites was breached sometime between March 12, 2009 and June 8, 2009. In a statement release by Network Solutions, the firm claimed to have been violated despite is PCI compliance status.

What can we learn? Being compliant is the minimum bar required to switch your online systems. Remaining compliant means you work carefully with your team and processes that handle confidential data. Security standards and guidelines are great to learn from but they are not a solution in itself. Data security is fast becoming a people problem and not a technology problem. Having right people in your team to do regular audits and compliance checks becomes a very difficult and expensive lesson to learn after a data breach occurs.

Lesson 5: Be transparent with your customers at all times!

So what if a breach finally happens? What should you do? First thing is to inform everyone who got affected and immediately reach out to law agencies for help.
Anthem was heavily criticized for not notifying the victims of the theft (mostly healthcare providers) in a timely manner. Reports indicated that several states, of the 50 states affected, were not notified until up to two months after the breach, giving cyber criminals more than enough time to wreak a significant amount of damage with your personal information, under the radar.

Transparency is important if a data breach incident occurs. The quicker response you have to a data breach, the faster and easier the issues can be resolved and data can be recovered and/or protected. It is critical that your customers are educated and aware of the dangers of the marketplace. There are free resources that allow consumers to monitor, freeze and simply check their credit status with the three major reporting agencies Equifax, Experian and TransUnion to protect themselves from personal data breaches; putting the power in their own hands.

As a merchant or data custodian, it is your responsibility to educate all affected parties on the steps they can take to avoid the damage.

The future of Data Security: Where do we go from here?

Finally, the law seems to be catching up – With the recent pass of The Data Breach Notification Act (Bill S. 139), introduced in January by Senator Dianne Feinstein, D-Calif., data security has become a hot topic discussion with all types of businesses. The Data Breach Notification Act will require any federal agency or business entity to notify an individual of a security breach involving personal information without “unreasonable” delay, meaning “any time necessary to determine the scope of the security breach, prevent further disclosures, and restore the reasonable integrity of the data systems and provide notice to law enforcement when required.” The bill also requires that major media outlets notify residents of respective states that are affected by the breach.

A complimentary bill to the Data Breach Notification Act also passed concurrently, the Protecting the Privacy of Social Security Numbers Act (Bill S.141), introduced in July by Sen. Patrick Leahy, D-Vt. This bill sets notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach and requires businesses to implement preventive security standards to guard against threats to their databases.

Data Security now has increasing legal ramifications as well. Just the way you would invest in your business to comply with local laws of the land; data security is another investment being made mandatory by law, which is good. The maturity of technology and related people challenges means that merchants of all sizes have to continuously worry about the people they put in charge for keeping the systems secure and handling confidential data.

Let 2010 be a year when you commit to train and educate your people to make your organization ready to handle confidential data. Rework your processes next year to have a continual audit of your systems to make sure that they remain ready. At the end of the day; your processes should NOT be like this one.

Pankaj Kumar is the CTO of Ignify. Ignify is a technology provider of ERP, CRM, and eCommerce software solutions to businesses and public sector organizations. Ignify eCommerce is the only PCI certified eCommerce solution in the market that integrates with the Microsoft Dynamics ERP and Sage ERP solutions.  Ignify has been included as the fastest growing business in North America for 3 years in a row by Deloitte, Inc Magazine and Entrepreneur Magazine.