Privacy Laws, CRM and Marketing: A Potential Mess

Updated: April 30, 2009

The showdown at the Not-So-OK Corral, where customers booed Facebook en masse for revealing purchases that individual members made on other Web sites, revealed new liabilities found only at the point where CRM, marketing and privacy laws collide.

"This is an example of zealous marketing replacing common sense," said Michael Weathersby, attorney and partner at Evert Weathersby Houff. "I can envision legal action being a logical response to false light defamation and misappropriation of image, in addition to privacy-law suits. I can assure you that a jury of offended citizens will seek to award extreme relief to an injured private citizen."

Sears Brand LLC similarly ran afoul of customer goodwill and privacy laws when the company began collecting information — including sensitive banking and health care data - from customers who signed up for the My SCH Community and downloaded software that was actually provided by comScore Inc., an online data-marketing firm. In tiny and confusing print on the license agreement, the retail giant stated that it would do far more than place a cookie on users' computers and would indeed collect anything and everything (including banking log-on information and passwords) on the user's computer. All the data collected was then placed on CRM files for use by Sears Brand, its affiliates and possibly even third parties beyond comScore.

Law Behind the Curve

The problem is twofold: In both cases an opt-out option was nonexistent or hard to find, and the law is too slow in punishing abuses.

"The legislatures are behind the curve in providing remedies that would amount to a commercial prohibition against these abuses," said Weathersby.

"In most jurisdictions, damage awards are quite modest today. Proof of actual damages — opposed to damages to feelings (noneconomic losses) — can be very difficult," he said.

Because of a lack of self-restraint and a hobbled U.S. legal response, corporations will continue to up the ante on data collection for their CRM systems to either use in their own marketing efforts or to sell to third parties for additional revenue. Sadly, even if laws do catch up, the damage cannot be undone, as the information will likely forever be available on the Internet or otherwise too widely disseminated to retract.

In the end, it may be foreign countries that safeguard U.S. citizens' private information in a roundabout way. After all, most corporations with enough CRM power to collect such massive amounts of data are likely to be international in scope.

"First, it depends on what data we're talking about. Second, it depends on what country you are talking about. For example, the EU has much stronger laws on privacy then does the U.S.," said Lonny Nathanson, partner at Levitate IT.

Rules Change at the Border

Staying in compliance with a multitude of privacy laws in many different countries is tricky business for even the best and most honorable CRM programs. When companies like Facebook push the edge of the envelope, they're likely to come back bleeding.

"Laws in the EU, Canada and other privacy-sensitive countries forbid the transfer of personally identifiable information outside of the country. This includes both customer and employee information," said Jennifer Albornoz Mulligan, an analyst at Forrester. "Information that is even viewed on a screen in a different country is considered to have been transferred, even if the database isn't stored in that country."

The resulting penalties against U.S. companies that collect and share such data can be severe, resulting in fines large enough to close some businesses down. Some countries even give jail time to company executives for such offenses.

The problems with mismatched privacy laws and enterprise practices can even lead to foreign companies shunning U.S. companies — as vendors or partners — completely.

"A practical implication of the Patriot Act may be that individuals will choose to deal with businesses that do not share their information with U.S.-linked affiliates or service providers," wrote attorneys Wendy Gross and Michelle Kisluk in an article titled "Canada's Privacy Laws Vs. the USA Patriot Act " at FindLaw. "With heightened media attention given to the reach of the Patriot Act, and therefore increasing awareness of the act, as well as its inherently political nature, clients may be scared off by the hype — even if in practice the result is not that different than before the Patriot Act."

Stay Inside the Lines?

The article goes on to explain that Canadian companies could find themselves in compliance with U.S. laws but at fault by Canadian privacy laws and vice versa — hence the veiled recommendation of avoiding working with U.S. companies at all.

In a day and age when even U.S. government agencies are turning to CRM, and privacy laws worldwide are growing more teeth by the moment, perhaps it's time to rethink corporate marketing policies with an eye to the long term and a well-turned ear toward customer concerns.

Featured Research
  • The 2017 CRM Comparison Guide: Q2 Edition

    If you’re in the market for CRM software, we’ve got good news. We’ve updated our CRM comparison guide for Q2. more

  • Are You Using These 8 CRM Features?

    One of the biggest mistakes that businesses make when it comes to their CRM software is the features they don’t use. This happens because they invest in CRM with a handful of problems in mind, so they’re content as long as it solves them. But if you want to maximize your ROI, you should be utilizing every feature available to you. more

  • 2017 CRM Software Cost Guide

    Would you believe that 89% of businesses expect to compete primarily on customer service in the upcoming years? With that in mind, it’s no surprise that CRM software is becoming such an integral part of business operations. But not all solutions are created equally, especially when it comes to the value they deliver to your business. more

  • Top 10 Trends in CRM for 2017

    There’s some big things happening with CRM software that you should to be aware of. Technological advancements and changes to business processes have led to developments and new features that are making CRM more valuable than ever. Things like mobile capabilities and greater integration with other software are at the front of this progress. more

  • SMB CRM Providers Comparison Guide

    A good SMB CRM system can be an incredibly valuable asset for your business. As more businesses recognize this value, the amount of SMB CRM vendors is expanding quickly. Navigating the pricing plans, features, and service terms of all these can be a decision-making nightmare. more