Is Your Personal Data Private? Is It Safe?

Whenever you use a credit or debit card to buy somethingonline, in a store, by mail, or over the phoneyour purchase is recorded and stored in the retailer's database (as well as in the bank's database). Analyzing your purchasing patterns helps the companies develop more appropriate offers and more targeted communications. A growing number of consumers worry, however, that the names and numbers in these databases might be stolen electronically or through the theft of laptops or data. That is exactly what happened when hackers broke into the computer network of the parent company of retailer TJ Maxx and stole more than 45 million credit and debit card numbers. Because of that theft, millions of consumers had their banks cancel those cards and issue new cards.

Each year, millions of U.S. consumers fall victim to identity theft, having credit card numbers or other details stolen and used to make fraudulent purchases. The government estimates that $50 billion worth of goods, services, and funds is stolen annually through identity theft. With so much data being gathered and stored by so many companies and government agencies, security is an important concern. Sometimes consumers are hoodwinked into revealing information in response to e-mails, letters, or phone calls that appear to be legitimate but are not.

Even when you are just clicking around the Internet, some sites are collecting personal information about you, and you may not even know it. Many websites place cookiessmall data fileson your computer's hard drive to track your movement around each site and to determine which pages and items you looked at, how long you lingered, and which links you clicked on. The benefit gained from this tracking is that sites can customize your online experience by knowing what items you have searched for or looked at. At the same time, your online behavior may be tracked by software that can determine which ads you will see based on the sites you have visited. This situation worries privacy advocates, who want firms to clearly disclose exactly what they are tracking and why and to get the consumer's permission before tracking. The Center for Digital Democracy and other groups have been pushing for a federal "do not track" listsimilar to the "do not call" listso that consumers can opt out of online tracking.

Although many sites post privacy policies to explain their data collection practices, consumers may not always notice these policies or understand what the data is being used for. Google [http://bi.galegroup.com/essentials/company/927326?u=tlearn_trl], for example, has addressed such concerns by changing its policy to hold information about searches conducted by consumers for 18 months and then to delete those searches. Consumers can also view their stored Google search data, edit out personal details, and have all search data erased, if they choose.

However, sometimes companies take actions that seem inconsistent with their privacy policies. For instance, the pharmaceutical firm Eli Lilly [http://bi.galegroup.com/essentials/company/305219?u=tlearn_trl] violated its privacy policy by inadvertently revealing the names of people who had signed up to receive information from its Prozac.com website. In response, the Federal Trade Commission ordered Eli Lilly to set up a system to protect customer data for the next 20 years and to report every year on its security processes.

The social networking site Facebook [http://bi.galegroup.com/essentials/company/1360265?u=tlearn_trl], has also had problems with privacy. Not long ago, it launched an advertising feature in which a user's actions (such as scoring high on an online game or buying a movie ticket) popped up on the user's page and on the merchant's site. After an outcry from users and privacy advocates, Facebook changed the feature so that such actions would only be visible when users specifically allowed them to be posted

Case Questions :

1. What would you recommend that TJ Maxx do to reassure shoppers that their credit and debit card data will be safe in the future?

2. From a marketer's perspective, what are the pros and cons of complying with a "do not track" list that would prevent you from collecting online behavioral data about the consumers who are listed?

3. If you were on the marketing staff of Facebook, how would you address the concerns expressed by privacy advocates?