In an age of litigation and increasing government scrutiny of corporations, retailers must protect customers’ privacy — and they may not be doing a good job of it, according to a new international survey led by Retail Systems Alert Group and sponsored by 3Com Corp. and Ingrian Networks. The study measures the extent to which retailers are capturing and using consumer-specific data to offer unique value to customers, and examines what retailers are doing to protect consumers’ privacy.
The survey results show that most retailers rely on internal control audits to ensure the security, confidentiality, and integrity of consumer-specific data. More than 50% of the respondents have assigned responsibility to a security program coordinator, and an even greater number provide training to employees regarding consumer privacy and information security. Only 43% of retailers, however, have formal incident response plans, and even fewer test those plans.
Most retailers do not encrypt customer-specific data within the database itself, and only 40% are capturing forensic data about how customer-specific data are captured and accessed. Most retailers do not use an external certification program to ensure controls.
Customers don’t fare very well either. They have little control over how data specific to them are used, and only 60% of retailers allow customers to opt out of frequent-shopper or club programs. Surprisingly, retailers’ internal staff members have ad hoc access to consumer-specific data, according to almost 50% of the survey respondents. Most retailers do not share event-aggregated data with business partners, and very few share transaction data.
Other key findings from the study include the following:
* Even though 60% of retailers are collecting customer-specific data, most are not yet using them to offer personalized in-store promotions.
* Consumer buying trends are used to fine-tune promotional activities.
* More than one-half of respondents link POS transaction data to customer profiles.
* While many retailers are associating demographics with consumer-specific data, most do not ask customers to provide lifestyle or buying-preference information.