Retailers can gather, analyze, and use more detailed and extensive customer information than ever before. But should they? Recent events suggest that any company that gathers customer data needs to consider some precautions and limitations before it takes the big data plunge.

In particular, companies need to consider how customers react to corporate uses of their data. People do not like to feel manipulated or taken advantage of, even if they have agreed to provide the information (e.g., by signing up for a loyalty card program). Thus, retailers must impose some reasonable self-constraints to avoid relationship management attempts that seem just plain creepy. More seriously, they need to acknowledge customers’ inherent rights to privacy, especially as facial recognition and mobile tracking technologies advance and spread. At a minimum, retailers should post clear, obvious information about any data they collect from consumers while they are in the store.

Privacy considerations gain particular power when a retailer suffers a data breach—an event that involves not “if” questions, but “when” ones. Hackers are really good. To combat the ever-present threat of data breaches, retailers should be proactive. Although no explicit laws mandate retailers’ responsibility for data, several recent moves suggest that legislation will soon be coming. For example, a proposed law would mimic regulatory oversights in other sectors, such as healthcare, and require similar privacy protections. In addition, the Federal Trade Commission has asserted its right to penalize firms that exhibit persistent failures to protect customers’ data, though that power has come in for a legal challenge.

For proactive retailers that don’t want to wait to be told what they need to do to keep customers’ confidence, there are four key recommendations:

1. Adopt a “privacy by design” approach strategically and throughout the business. For every new tactic chosen or decision made, the retailer should solicit input from various departments, including marketing, legal, human resources, and IT, to think about how the choice will affect customers’ privacy, both immediately and throughout its implementation.
2. Retain customer data only for as long as they are being used. After a reasonable usage period, destroy the data. Doing so drastically reduces the chances of a data breach that could go undetected by companies and consumers.
3. Undertake an explicit legal review to determine what personal information consumers may access and edit. Do consumers have the right to know exactly what information retailers are gathering about them? The answer might not be evident, but it is something that companies should seek to answer for themselves.
4. Buy better security measures. Companies need to invest substantially in this corporate asset, because it can mean the difference between corporate scandal and survival.

Discussion Questions

What should retailers do to protect the privacy of their customers?

 

Source: Marc Roth, CSN, March 30, 2015