Seventy percent of Americans participate in at least one customer-loyalty program, according to a July 2012 survey by Polaris Marketing Research. Most of those shoppers are happy to give up personal information in exchange for discounts and special offers. But as retailers grab more data, will customers revolt? That depends on how retailers approach data collection and privacy, suggests Andrew Smith, a partner at Morrison & Foerster who concentrates his practice on retail financial services, privacy, and related issues.
Retailers capture data such as items purchased, items purchased in tandem, and amount and frequency of purchase. If they can associate that information with a particular customer through, say, a frequent-buyer program, they can build a customer profile. If they can link a credit-card number with a ZIP code, they can associate demographic information such as property value or income. If they have an email address, they can use a technique called “reverse append” to purchase a mailing address. And so on.
There are laws protecting specific kinds of information, such as personal data about children, health, or finances. “But in terms of general protection for general commercial data, there is not a single omnibus federal privacy law,” Smith says. Instead, the U.S. takes a “sectoral” approach to privacy, backstopped by the FTC’s ability to prosecute unfair or deceptive trade practices.
Some state laws address the collection of consumer data, notes David McDowell, a Morrison & Foerster partner and former co-chair of the firm’s Consumer Litigation and Class Action practice group. For example, California prohibits businesses from requesting personal information such as a ZIP code during a credit-card transaction and requires businesses to disclose when they share customer information for marketing purposes.
As retailers capture more data and get better at analyzing and applying it, customers are receiving more finely targeted promotions—to the point they might feel their privacy is invaded. That should give companies pause. “Because some of this information is individual, there are individual views about what’s private and what isn’t,” says Andy Serwin, a partner in Morrison & Foerster’s Global Privacy and Data Security practice group. “So you can’t simply say that collecting a certain type of information is always good or always bad.”
When collecting and using customer data, businesses will always want to be within the law. “But in this context, collecting and using consumer data is often just a way to do more targeted marketing,” Serwin notes. “You have to consider the type of information you’re collecting, which customer segments you’re collecting it from, and what you’re providing in return. If your target market doesn’t like what you’re doing, they won’t respond in the way you hope they will.”
