When Privacy Laws and Hosted CRM Collide

Updated: April 30, 2009

Every corporation needs to keep information on its customers close at hand. How else could a company expect to adequately service thousands of virtual strangers or appropriately dote on big spenders? But to do so can put your business at odds with pesky privacy laws that can do more than just dampen its good intentions — they can seriously cut into profits.

"Unfortunately, some enterprises are not addressing this issue at all because they are not aware of the danger," said Jennifer Albornoz Mulligan, an analyst at Forrester.

The issue is particularly blindsiding if your company uses a hosted CRM solution and hasn't safeguarded itself from liabilities outside of its premises and its control.

"Common pitfalls are not asking or thinking about where your information is stored ," warned Mulligan. "Laws in the EU , Canada and other privacy-sensitive countries forbid the transfer of personally identifiable information outside of the country to countries with nonadequate privacy protection. This includes both customer and employee information."

"Using an outsourcer or hosted CRM makes it very easy to accidentally or blindly transfer data outside of the country without the necessary legal protections," she said.

Where It Is Viewed Is Where It Is

But just ensuring that your hosted CRM vendor is storing your data in the U.S. is not adequate protection against prevailing privacy laws.

"Information that is even viewed on a screen in a different country is considered to have been transferred, even if the database isn't stored in that country," said Mulligan.

Even in the U.S., the law is tightening its grip on who knows what, when and how.

"There is a very wide range of local legislation in place and emerging in the various states," warned Michael Weathersby, an attorney and partner of Evert Weathersby Houff. "There is little doubt that these restrictions will become more prevalent as irresponsible dissemination of personal data results in or becomes an attributed source of identity theft."

In short, privacy laws are growing in reach and number in the U.S. and elsewhere.

To combat these problems, many companies are battening down the hatches.

"I worked at a large health care company and implemented a national CRM application based on a hosted CRM system. Although they were OK with contact information, they would not approve any health-protected information [HPI] from being stored on outside servers," said Lonny Nathanson, partner at Levitate IT. "Regardless that the information was encrypted , stored apart from other companies' data, could not be 'seen' by the vendor and had strong passwords for users, they were not about to let any HPI data outside their own firewalls."

Avoiding Missteps

There are a number of steps your company can take to build its own shield.

"The best practices are to thoroughly investigate what your outsourcers and hosted companies are doing with your information. Their promises of compliance to laws should be included in your contracts, and penalties [should be] listed for noncompliance," said Mulligan.

Ultimately, the burden of responsibility lies with your company.

"You cannot transfer the risk to the outsourcer. If you are the data owner, and that data violates data privacy laws, it is your responsibility, no matter who you hired," said Mulligan. "Therefore, you need to have serious conversations with your vendors so that you understand what they intend to do with your data and if it meets your needs."

Featured Research
  • 7 Ways Your CRM Helps Convert Leads

    Failure to convert interested leads can impact your bottom line drastically and simultaneously increase your operational costs and decrease your profits. The most common reason for this failure is lack of follow through from a sales team. Did you know that 74% of CRM users said that their CRM gave them improved access to customer data? And that by properly implementing a CRM, a business could shorten the sales cycle by 8 to 14%? more

  • Is Your CRM a Liability

    Is your CRM a liability? Before you answer too quickly with a no, just think about all the advancements that have taken place over the years regarding this technical solution. In fact, just in over the past decade there has been a dramatic shift away from on-premise systems to cloud based solutions. more

  • 12 Must-Have CRM Features

    Having a CRM is absolutely essential to any modern day business's success. In fact, 91% of companies with 11+ employees now utilize a CRM solution in their business. When making the decision to purchase or upgrade your CRM solution, it can be quite overwhelming determining which features are essential to your success versus those that pack more fluff than punch. more

  • Making the Case for a New CRM

    Did you know that having an outdated CRM is just as bad as not having one at all? Do you find yourself working even just a little too hard to make your current CRM work to maintain your contacts and relationships? While it is increasingly more difficult to reduce customer churn, modern CRM tools are much more powerful and provide much more opportunity to develop stronger relationships with your clients that can provide more stability and revenue to your company and bottom line. more

  • Don't Make These 10 CRM Mistakes

    Finding and buying a CRM is exciting. It is also quite daunting as you want to be as prepared as possible so as to avoid making a costly mistake. We have seen that many businesses fail when implementing a CRM, as they repeatedly make the same errors over and over again. more