Is Your Personal Data Private? Is It Safe?

Whenever you use a credit or debit card to buy something online, in a store, by mail, or over

the phone your purchase is recorded and stored in the retailer's database (as well as in the

bank's database).

Analysing your purchasing patterns helps the companies develop more appropriate offers and

more targeted communications. A

growing number of consumers worry, however, that the

names and numbers in these databases might be stolen electronically or through the theft of

laptops or computer tapes. That is exactly what happened when hackers broke into the

computer network of the parent company of retailer TJ Max and stole more than 45 million

credit and debit card numbers.

Because of that theft, millions of consumers had their banks cancel those cards and issue new

cards. Each year, millions of U.S. consumers fall victim to identity theft, having credit card

numbers or other details stolen and used to make fraudulent purchases. The government

estimates that $50 billion worth of goods, services, and funds is stolen annually through identity

theft. With so much data being gathered and stored by so many companies and government

agencies, security is an important concern. Sometimes consumers are deceived into revealing

information in response to e-mails, letters, or phone calls that appear to be legitimate but are

not.

Even when you are just clicking around the Internet, some sites are collecting personal

information about you, and you may not even know it. Many websites place cookies small data

files on your computer's hard drive to track your movement around each site and to determine

which pages and items you looked at, how long you delayed, and which links you clicked on.

The benefit gained from this tracking is that sites can customize your online experience by

knowing what items you have searched for or looked at. At the same time, your online

behaviour mav be tracked ov software that can determine which ads vou will see based on the

sites you have visited. This situation worries privacy advocates, who want firms to clearlv

disclose exactly what they are tracking and why and to get the consumer's permission before

tracking.

The Center for Digital Democracy and other groups have been pushing for a federal do not

track" list similar to the "do not call" list so that consumers can opt out of online tracking.

Although many sites post privacy policies to explain their data collection practices, consumers

may not always notice these policies or understand what the data is being used for. Google, for

example, has addressed such concerns by changing its policy to hold information about

searches conducted by consumers for 18 months and then to delete those searches. Consumers

can also view their stored Google search data, edit out personal details, and have all search

data erased, if they choose.

However, sometimes companies take actions that seem inconsistent with their privacy policies.

For instance, the pharmaceutical firm Eli Lilly violated its privacy policy by unintentionally

revealing the names of people who had signed up to receive information from

its Prozac.com website. In response, the Federal Trade Commission ordered Eli Lilly to set up

a system to protect customer data for the next 20 years and to report every year on its security

processes.

The social networking site Facebook, where users post all kinds of personal thoughts, photos,

videos, and more, has also had problems with privacy. Not long ago, it launched an advertising

feature in which a user's actions such as scoring high on an online game or buying a movie

ticket popped up on the user's page and on the merchant's site. After an uproar from users and

privacy advocates, Facebook changed the feature so that such actions would only be visible

when users specifically allowed them to be posted.

Case Ouestions

1. What would you recommend that TJ Maxx do to reassure shoppers that their credit

and debit card data will be safe in the future?

2. From a marketer's perspective, what are the pros and cons of complying with a "do

not track" list that would prevent you from collecting online behavioural data about

the consumers who are listed?

3. If you were on the marketing staff of Facebook, how would you address the concerns

expressed by privacy advocates?