Privacy Laws, CRM and Marketing: A Potential Mess

Updated: April 30, 2009

The showdown at the Not-So-OK Corral, where customers booed Facebook en masse for revealing purchases that individual members made on other Web sites, revealed new liabilities found only at the point where CRM, marketing and privacy laws collide.

"This is an example of zealous marketing replacing common sense," said Michael Weathersby, attorney and partner at Evert Weathersby Houff. "I can envision legal action being a logical response to false light defamation and misappropriation of image, in addition to privacy-law suits. I can assure you that a jury of offended citizens will seek to award extreme relief to an injured private citizen."

Sears Brand LLC similarly ran afoul of customer goodwill and privacy laws when the company began collecting information — including sensitive banking and health care data - from customers who signed up for the My SCH Community and downloaded software that was actually provided by comScore Inc., an online data-marketing firm. In tiny and confusing print on the license agreement, the retail giant stated that it would do far more than place a cookie on users' computers and would indeed collect anything and everything (including banking log-on information and passwords) on the user's computer. All the data collected was then placed on CRM files for use by Sears Brand, its affiliates and possibly even third parties beyond comScore.

Law Behind the Curve

The problem is twofold: In both cases an opt-out option was nonexistent or hard to find, and the law is too slow in punishing abuses.

"The legislatures are behind the curve in providing remedies that would amount to a commercial prohibition against these abuses," said Weathersby.

"In most jurisdictions, damage awards are quite modest today. Proof of actual damages — opposed to damages to feelings (noneconomic losses) — can be very difficult," he said.

Because of a lack of self-restraint and a hobbled U.S. legal response, corporations will continue to up the ante on data collection for their CRM systems to either use in their own marketing efforts or to sell to third parties for additional revenue. Sadly, even if laws do catch up, the damage cannot be undone, as the information will likely forever be available on the Internet or otherwise too widely disseminated to retract.

In the end, it may be foreign countries that safeguard U.S. citizens' private information in a roundabout way. After all, most corporations with enough CRM power to collect such massive amounts of data are likely to be international in scope.

"First, it depends on what data we're talking about. Second, it depends on what country you are talking about. For example, the EU has much stronger laws on privacy then does the U.S.," said Lonny Nathanson, partner at Levitate IT.

Rules Change at the Border

Staying in compliance with a multitude of privacy laws in many different countries is tricky business for even the best and most honorable CRM programs. When companies like Facebook push the edge of the envelope, they're likely to come back bleeding.

"Laws in the EU, Canada and other privacy-sensitive countries forbid the transfer of personally identifiable information outside of the country. This includes both customer and employee information," said Jennifer Albornoz Mulligan, an analyst at Forrester. "Information that is even viewed on a screen in a different country is considered to have been transferred, even if the database isn't stored in that country."

The resulting penalties against U.S. companies that collect and share such data can be severe, resulting in fines large enough to close some businesses down. Some countries even give jail time to company executives for such offenses.

The problems with mismatched privacy laws and enterprise practices can even lead to foreign companies shunning U.S. companies — as vendors or partners — completely.

"A practical implication of the Patriot Act may be that individuals will choose to deal with businesses that do not share their information with U.S.-linked affiliates or service providers," wrote attorneys Wendy Gross and Michelle Kisluk in an article titled "Canada's Privacy Laws Vs. the USA Patriot Act " at FindLaw. "With heightened media attention given to the reach of the Patriot Act, and therefore increasing awareness of the act, as well as its inherently political nature, clients may be scared off by the hype — even if in practice the result is not that different than before the Patriot Act."

Stay Inside the Lines?

The article goes on to explain that Canadian companies could find themselves in compliance with U.S. laws but at fault by Canadian privacy laws and vice versa — hence the veiled recommendation of avoiding working with U.S. companies at all.

In a day and age when even U.S. government agencies are turning to CRM, and privacy laws worldwide are growing more teeth by the moment, perhaps it's time to rethink corporate marketing policies with an eye to the long term and a well-turned ear toward customer concerns.

Featured Research
  • 8 Reasons SMBs Should Invest in a CRM

    Adopting a CRM platform early offers many advantages, including the fact that it increases the odds of long-term success. While the cost of CRM software used to be prohibitive for most small businesses, this is no longer true. Cloud-based solutions have made the pricing much more competitive, and as many as 87% of companies now rely on them for their CRM software. more

  • 7 Ways Your CRM Helps Convert Leads

    Failure to convert interested leads can impact your bottom line drastically and simultaneously increase your operational costs and decrease your profits. The most common reason for this failure is lack of follow through from a sales team. Did you know that 74% of CRM users said that their CRM gave them improved access to customer data? And that by properly implementing a CRM, a business could shorten the sales cycle by 8 to 14%? more

  • Is Your CRM a Liability

    Is your CRM a liability? Before you answer too quickly with a no, just think about all the advancements that have taken place over the years regarding this technical solution. In fact, just in over the past decade there has been a dramatic shift away from on-premise systems to cloud based solutions. more

  • 12 Must-Have CRM Features

    Having a CRM is absolutely essential to any modern day business's success. In fact, 91% of companies with 11+ employees now utilize a CRM solution in their business. When making the decision to purchase or upgrade your CRM solution, it can be quite overwhelming determining which features are essential to your success versus those that pack more fluff than punch. more

  • Making the Case for a New CRM

    Did you know that having an outdated CRM is just as bad as not having one at all? Do you find yourself working even just a little too hard to make your current CRM work to maintain your contacts and relationships? While it is increasingly more difficult to reduce customer churn, modern CRM tools are much more powerful and provide much more opportunity to develop stronger relationships with your clients that can provide more stability and revenue to your company and bottom line. more