Legally Speaking: Data Privacy and Protecting Your Customer

Tom Clement
Thomas Clement, Vice President, Operations and General Counsel

For retailers, good customer service is absolutely essential to success. Effective customer service does not occur just when the customer is in the store, but is a continuum from marketing efforts, to the shopping experience, and post-purchase. With that in mind, retailers have to be cognizant of how they use customer data. In today’s world of personalized marketing and customer analytics, none of us are immune from the onslaught of emails, texts, and other forms of communication. At some point we’ve all gone on an “unsubscribe” mission. 

In some states, the concern about customer data has led to unnecessary, costly, and overly restrictive legislation. These regulations are put in place despite the fact that good acting retailers already have a vested interest in customer data security and follow identity theft laws and Payment Card Industry standards. While Michigan currently has no such legislation, there is a bill draft circulating that would be harmful to retailers and their business practices, is vague in its mandates, and would impose harsh penalties. MRA is actively lobbying against this proposed bill draft. 

Best practices when it comes to data security are relatively straightforward. First, make sure you have a secure method of collecting and storing information, and are regularly reviewing what data you have, what purpose it serves, and how long you are keeping the information. Cyberattacks by bad actors have skyrocketed over the past several years and are a problem across every industry. Second, only collect data that is necessary for your business purposes and allow the customer an opportunity to opt out of any communications. Third, be transparent with your customers by specifically indicating what information is gathered and why. 

Retailers and their customers do not need overly burdensome regulations to govern data privacy. Retailers are good stewards of customer information, which is both the right approach to take and a good business practice. Forced and overly broad regulation will only increase costs and make operating a business more complicated without adding substantial additional protections to customers.