When Privacy Laws and Hosted CRM Collide

Updated: April 30, 2009

Every corporation needs to keep information on its customers close at hand. How else could a company expect to adequately service thousands of virtual strangers or appropriately dote on big spenders? But to do so can put your business at odds with pesky privacy laws that can do more than just dampen its good intentions — they can seriously cut into profits.

"Unfortunately, some enterprises are not addressing this issue at all because they are not aware of the danger," said Jennifer Albornoz Mulligan, an analyst at Forrester.

The issue is particularly blindsiding if your company uses a hosted CRM solution and hasn't safeguarded itself from liabilities outside of its premises and its control.

"Common pitfalls are not asking or thinking about where your information is stored ," warned Mulligan. "Laws in the EU , Canada and other privacy-sensitive countries forbid the transfer of personally identifiable information outside of the country to countries with nonadequate privacy protection. This includes both customer and employee information."

"Using an outsourcer or hosted CRM makes it very easy to accidentally or blindly transfer data outside of the country without the necessary legal protections," she said.

Where It Is Viewed Is Where It Is

But just ensuring that your hosted CRM vendor is storing your data in the U.S. is not adequate protection against prevailing privacy laws.

"Information that is even viewed on a screen in a different country is considered to have been transferred, even if the database isn't stored in that country," said Mulligan.

Even in the U.S., the law is tightening its grip on who knows what, when and how.

"There is a very wide range of local legislation in place and emerging in the various states," warned Michael Weathersby, an attorney and partner of Evert Weathersby Houff. "There is little doubt that these restrictions will become more prevalent as irresponsible dissemination of personal data results in or becomes an attributed source of identity theft."

In short, privacy laws are growing in reach and number in the U.S. and elsewhere.

To combat these problems, many companies are battening down the hatches.

"I worked at a large health care company and implemented a national CRM application based on a hosted CRM system. Although they were OK with contact information, they would not approve any health-protected information [HPI] from being stored on outside servers," said Lonny Nathanson, partner at Levitate IT. "Regardless that the information was encrypted , stored apart from other companies' data, could not be 'seen' by the vendor and had strong passwords for users, they were not about to let any HPI data outside their own firewalls."

Avoiding Missteps

There are a number of steps your company can take to build its own shield.

"The best practices are to thoroughly investigate what your outsourcers and hosted companies are doing with your information. Their promises of compliance to laws should be included in your contracts, and penalties [should be] listed for noncompliance," said Mulligan.

Ultimately, the burden of responsibility lies with your company.

"You cannot transfer the risk to the outsourcer. If you are the data owner, and that data violates data privacy laws, it is your responsibility, no matter who you hired," said Mulligan. "Therefore, you need to have serious conversations with your vendors so that you understand what they intend to do with your data and if it meets your needs."

Featured Research
  • 8 CRM Tools You Need for a Winning Lead Nurture Strategy

    Does your business have an effective lead nurturing strategy? Before you answer that, keep in mind that a good strategy is different than having a few good sequences in place. This is not an area you want to overlook. The more you develop and test your lead nurturing strategy, the more sales you will enjoy - there is a direct correlation between the two. It should be no surprise that CRM tools are one of the secrets to doing this. more

  • 8 Reasons SMBs Should Invest in a CRM

    Adopting a CRM platform early offers many advantages, including the fact that it increases the odds of long-term success. While the cost of CRM software used to be prohibitive for most small businesses, this is no longer true. Cloud-based solutions have made the pricing much more competitive, and as many as 87% of companies now rely on them for their CRM software. more

  • 7 Ways Your CRM Helps Convert Leads

    Failure to convert interested leads can impact your bottom line drastically and simultaneously increase your operational costs and decrease your profits. The most common reason for this failure is lack of follow through from a sales team. Did you know that 74% of CRM users said that their CRM gave them improved access to customer data? And that by properly implementing a CRM, a business could shorten the sales cycle by 8 to 14%? more

  • Is Your CRM a Liability

    Is your CRM a liability? Before you answer too quickly with a no, just think about all the advancements that have taken place over the years regarding this technical solution. In fact, just in over the past decade there has been a dramatic shift away from on-premise systems to cloud based solutions. more

  • 12 Must-Have CRM Features

    Having a CRM is absolutely essential to any modern day business's success. In fact, 91% of companies with 11+ employees now utilize a CRM solution in their business. When making the decision to purchase or upgrade your CRM solution, it can be quite overwhelming determining which features are essential to your success versus those that pack more fluff than punch. more