Using CRM To Defend Your Chain Against Lawsuits

Written by Mark Rasch
March 6th, 2012

Attorney Mark D. Rasch is the former head of the U.S. Justice Department’s computer crime unit and today serves as Director of Cybersecurity and Privacy Consulting at CSC in Virginia.

If a customer slips and falls in a large box store and then decides to sue the store, it would certainly be appropriate for the retailer to examine the videotapes relating to the slip and fall, see whether the customer did—in fact—fall, observe how that person was behaving before the fall and afterward, and determine what the condition of the floor was at the time of the incident.

But when Vons customer Robert Rivera sued the grocery store after he allegedly slipped on spilled yogurt, the supermarket in litigation called up Rivera’s purchasing habits, determined he had purchased “a lot” of alcohol and questioned his sobriety at the time of the accident. (Vons denied the allegation, and the lawsuit was reportedly thrown out of court.)

What if a customer alleges some injury and the store has a record from the in-house pharmacy showing the customer had been prescribed, and purchased, pain medication for months or years before the alleged injury—suggesting a pre-existing condition. How about a customer suggesting that a retailer’s conduct caused severe weight gain or loss. Could that person’s purchasing records of sizes worn be used against him or her? If a customer purchases a book titled “How to Sue Anyone for Anything” (sounds like my next project) in the days or weeks before initiating litigation, could the retailer pull up these records for examination in the litigation?

As long as the privacy policy is written in a way that warns consumers that their personal information may be used in this way (and there is no law prohibiting such use, like HIPAA does for certain health data), then lawyers for the retailer could at least make a colorable claim that it is fair game.

But be careful what you wish for. If customers know that you intend to monitor their every activity and use that information against them, they may be less likely to shop at your store. And they may be less likely to share accurate personal information with you. In some cases, as with AT&T, the company may have no choice; virtually all telecommunications providers have the same or similar policies. There, the only alternative is two Dixie cups, a string and a friend on the other end with a bad memory.

Big data can be good data or bad data, depending on which side of the table you find yourself.

As a retailer, you have access to a wealth of information about your customers. Not only can this information be used to help you sell and market to those customers, but it can likely be used to devastate them should they ever choose to sue you or an affiliate—or it may even be used to scare customers into not suing you.

Your phone company, for example, may listen in on your calls. Your E-mail provider may read your mail. Your Internet service provider may track every Web site you visit. And then this information may be made public should you have the temerity to sue, or threaten to sue, any of these entities.

Ordinary brick-and-mortar stores may similarly collect and use personal data about customers not only as a shield against false claims but as a hammer to intimidate potential litigants. Their power to do so seems, for now, to be limited only by the terms of the privacy policies they themselves write.

As retailers not only collect but have access to more and more information about customers, and as retailers increasingly become not only stores but technology and service providers, the opportunity for misuse and abuse of personal information increases. Nowhere is this more evident than in the areas of online retail, telecommunications and the Internet, not only because these companies collect and store so much information about their customers but also because of the intimate nature of the information they collect—and their broad retained powers to use it.

Let’s say you are upset with AT&T.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.