This is page 2 of:
Think Your CRM Files Are Invasive? You Ain’t Seen Nothing Yet—And Neither Has Your Lawyer
But no law would prevent, say, your local Starbucks from creating such a database. I am not suggesting that 7-Eleven will be a proxy for DHS in creating facial-recognition databases or that Baskin-Robbins will seek to supplement its income by selling your genetic code. But it could. No law prevents it. And there may be good money in it. It just happens to be a really bad idea that may be perfectly legal.
Although most retailers consider a product as something they sell to their customers, for some retailers information about their customers is the product. Behavioral information about customers can be collected by both brick-and-mortar and online merchants, and technologies enable the capture and use of even more personal data—often in ways both merchants and their customers are only beginning to appreciate. The collection of these new data streams is often unregulated and may ultimately be lucrative, but most come at the cost of potential customer dissatisfaction and abandonment. Be careful what you collect about your customers, or they may no longer be your customers.
Retailers currently capture a bunch of information about their customers. When shoppers use credit or affinity cards, retailers can link purchases to individuals. Security cameras capture consumers’ behaviors. We can know if consumers use coupons, when and where they shop, and other information. Online retailers can know what items consumers looked at and didn’t buy, how they found the site, what their approximate location is, and the type and configuration of their Internet browser. All of this is just the tip of the potential iceberg, however.
The problem lies not so much with what retailers capture, but what they feel they can do with the information captured.
Take your standard video-surveillance camera. There is no problem using the camera to prevent theft, protect customers or even defend the retailer in a possible “slip and fall” case. Some retailers may use cameras to see how customers respond to ads and see what sales are garnering attention, in addition to other unidentified uses. But more sophisticated high-definition digital cameras are capable of much more. They can link faces and names (capturing the name from the credit card and linking it to a high-quality image).
Is that information “public” or “private”? Is it personally identifiable information (PII)? Is it PCI data? Legally, probably not. Does this mean that the information from these images can be used to create a vast database of names and pictures (and browsing habits) that can then be sold with impunity?
If you disagree with me, I’ll see you in court, buddy. If you agree with me, however, I would love to hear from you.
-Marc
September 8th, 2011 at 2:22 pm
This data is open to manipulation then use for nefarious means. The data is also stored probably unencrypted in various locations that are subject to hack hence theft and the worse case of identity theft every.
“1988” may be just a little late but it is here never the less.
What of my self do I really own and have the right to protect? My DNA is no longer mine! Obviously someone else believes that they own my finger, voice and retinal prints. What next human organs?
Not good, not good at all.