The recent bankruptcy of bookstore chain Borders Group Inc. may be just another casualty in the retail market, but it also raises ethical questions for any company offering a customer loyalty rewards program.
What responsibility does a company have in protecting and informing its customers about the use of its CRM data, especially in the event of corporate changes such as bankruptcy? Most companies do spell out their policies, but the information is often in densely worded privacy documents. Is it strictly the consumer’s responsibility to dig out all pertinent information, or could companies do more to inform customers about CRM data usage?
StorefrontBacktalk, a blog for IT and e-commerce retail executives, was first to raise concerns about these CRM data issues related to the book store. It blogged about Borders’ demise and asked questions about where the book store’s CRM data would end up (subscription required) if it was sold as an asset of the company.
Some industry analysts suggest that’s a question all companies should consider.
“It’s going out of business, so [other companies] may not care,” said Kimberly Collins, a research vice president at Gartner Inc. in Stamford, Conn. “They may feel there is no backlash, but I think it sets a bad precedent if that data is sold. It could impact how customers feel about giving information to other loyalty programs.”
In its privacy statement, the company spelled out the many different potential scenarios for its customer data, and this information was and still is readily available to customers.
It included the following statement: “In the event that Borders or all of its assets are acquired in such a transaction, customer information would be one of the transferred assets.”
Borders did not respond to a request for comment on this story.
But should companies take this a step further and more clearly communicate to their customers about what could happen to their information?
Existing privacy policies are often wordy and difficult to read. Opt-out options are available, but customers may not be clear on just how to take advantage of these.
Further, Starbucks customers may not be aware of all the information the company is collecting about them. For example, it states in the privacy document that “if you use our mobile applications to buy goods using a Starbucks Card, information such as your device ID, your location and stores near you and visited by you may be collected.”
A Starbucks spokeswoman declined to comment for this article.
“Companies have to be very careful,” Gartner’s Collins added. “Companies need to understand where the data is, who owns it and what others can use it for. Then, take the high road and have a plan for this data.”
At a minimum, Collins recommends that organizations create a policy around customer information and be explicit about what happens “when data is exchanged.”
Collins noted that many consumers may not be aware of the potential for their information to be used by organizations beyond the one with which they have the loyalty agreement. She cited the airlines as an example. Often they will need to share information with partners that provide the merchandise customers collect from their frequent flier miles.
Or, take Barnes & Noble Inc. and its co-branding policy spelled out in its privacy statement:
A Barnes & Noble spokeswoman declined to comment.
While the reaction to the Borders’ CRM data uncertainty was minimal, that may not always be the case.
“Loyalty marketers need to keep watching which way the wind blows,” said Suresh Vittal, an analyst and vice president in the customer intelligence practices at Forrester Research Inc., in Cambridge. “If there is a consumer backlash — which there doesn’t appear to be — against companies who are unclear about how they guard their data, then they will have to make consumers aware of how this data is protected.”