Retail: Addressing Data Privacy and Security Concerns

data-1590455_1920As a retailer in the age of big data, knowledge is power. It’s no secret that consumer shopping data is a hot commodity in today’s digital age, and shoppers are willing to sacrifice data about themselves in order to reap the benefits of loyalty programs and special offers. According to a recent privacy and consumer loyalty study entitled “Mobility, Vulnerability and the State of Data Privacy” by SAS:

Globally, 72% of consumers would provide their email address and 60% would provide their name in order to receive personalized discounts and coupons. In addition, 42% would share their birthday month and 34% would share their birthday year to receive special offers at certain times of the year.

Yet the same study also shows that Canadians are concerned about the usage of their data:

In Canada, 64% of consumers report concern about what businesses do with their personal data; 24% of respondents feel they have no control at all over what businesses do with their information, and only 13% believe they have total control.

This data that is collated by retailers is often sold without the personal identifiers needed to know exactly who a consumer is. However, by layering all this data on top of other sources such as online traffic and shopping habits, third-party companies can pretty easily to narrow the data set down to an individual and use that information for targeted marketing, among other things.

So if it’s possible to learn so much about an individual, why isn’t the use of data more stringently regulated? In Canada, Federal Legislature known as the Personal Information Protection and Electronic Documents Act (PIPEDA) “sets out ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities.” Yet according to a paper published by the Public Interest Advocacy Centre (PIAC), PIPEDA has limited capacity to bring corporate practices into compliance.

The real issue here when it comes to a consumer giving away their data is “out of sight, out of mind.” Most consumers click blindly through an app’s or loyalty program’s legal jargon, and are never actively aware of what they’re agreeing to when it comes to their data. When they start seeing the same targeted ads when browsing online over and over, they may start to question how these ad servers know so much about them, but might not make the link between their shopping habits and ads served online.

As for apps, consider the wildly successful mobile app Pokemon Go which uses a Google login and keeps track of players’ movements. According to the game’s privacy policy, Niantic has the right to share non-identifying information with third parties “for research and analysis, demographic profiling and other similar purposes.” That data is valuable to many different people, and as it’s linked to a user’s Google account, it can be pretty easily established where that user lives, and their demographic, making it easier to market specifically to them.

“You can build a game that superimposes graphics over the real world, that relies on maps and locations, without having to know a person’s name,” said Marc Rotenberg, the president of the Electronic Privacy and Information Center, a privacy group based in Washington. “Niantic made the choice not to do that… I think people care about their privacy but the reality is that there is very little they can do about it and they know that. When it comes to giving up too much data, “Pokémon Go” users have two options: Use the app or don’t.”

What’s more, databases are constantly being hacked for their users’ data – the popular game DotA 2 recently had its databased hacked and almost 2 million of its users’ emails, IP addresses, usernames, user identifier and hashed passwords were stolen.

It is in every retailer’s best interest to cover their bases when it comes to the collection, management, storage and encryption of consumer data. In the Dota 2 case, the hacker took advantage of an SQL injection vulnerability used by the older vBulletin forum software. What’s more, the passwords were encrypted with an outdated MD5 algorithm. Keeping up to date with the latest in data security software and practices is key, and there are plenty of tips out there for data handlers; Symantec produces an annual “Internet Security Threat Report” which offers tips to help keep data security practices current.

Yet security aside, consumers still get chagrined by intrusive targeted advertising and start using VPNs and opting out of cookies to avoid letting companies take advantage of their personal data on the web, not to mention blocking revenue-generating ads. As a retailer who wants to use that data, the lesson to be gained from this is simple: be transparent. Rather than bury data-use intentions in small print, retailers can let customers know how the data will be used and the benefits the customer stands to gain. It is in a company’s best interest to be fully open with the usage of consumer data so that when those users are targeted with ads, they’re not surprised or upset. In fact, if done right, the personalization gained from the use of that data can actually be a pleasant surprise rather than feeling intrusive.

Coming up in the final blog of our retail series, we’ll discuss how the personalization of ads, offers and experiences, when done right, can lead to a lift in sales and overall customer satisfaction.

More Blogs on Retail:

1. The Value of Dashboards for Store Reporting
2. Market Basket Analysis and Planograms 
3. Privacy and Consumer Data
4. Personalizing the Shopping Experience

Leave a Reply

captcha *