Should e-mails and other personal info be for sale?
While not as disturbing as an all-out hack, shoppers are often surprised to find their personal information sold to a competing retailer or another marketing entity.
The latest case involved last week’s sale of about 114 million shopper files and 25 million e-mail addresses from The Sports Authority to Dick’s Sporting Goods. Dick’s also attained the Sports Authority name and e-commerce domain in a bankruptcy auction for $15 million.
Such sales of consumer information are legal as long as the policies are spelled out. Hidden on its website, Sports Authority states, “We may transfer your personal information in the event of a corporate sale, merger, acquisition, dissolution or similar event.”
A Los Angeles Times article notes that with the rise of digital advertising such information has become significantly more valuable versus the pre-internet days when your home address seemed to be regularly resold. Dick’s could use the information to reach new customers, further bond with existing customers who visited both stores, optimize real estate planning, and for numerous other purposes.
At the same time, consumers have no guarantees that the new owner of their personal info will protect their data as well as the former one, possibly even selling it to spammers. Understanding their e-mail addresses, cell phone numbers and other personal information may be sold without granting express permission only increases the apprehension shoppers may have about sharing personalized information.
In one case that drew wide attention, RadioShack in its bankruptcy proceedings last year attempted to sell 67 million customer contacts, despite its policy against such sales. Under a settlement reached after protests from a coalition of 38 states, all the consumer data collected by RadioShack — except for e-mail addresses over the last two years — was destroyed. Affected consumers also had a 30-day window to opt out of providing those e-mails.
- In Sports Authority bankruptcy, customer e-mail data commands hefty sum – Los Angeles Times (tiered sub.)
- Sports Authority is going to auction off customer emails. Can it do that? – Christian Science Monitor
- Bankruptcy Judge Approves Sale of RadioShack Name and Data – The New York Times (tiered sub.)
- RadioShack sale protects most customer data – CNN
Discussion Questions
DISCUSSION QUESTIONS: Should retailers have policies against selling the customer data they collect? Do you expect that many Sports Authority customers will be upset that Dick’s acquired some of their personal information without explicitly asking permission to use it? How should Dick’s handle irate customers?
Poll
BrainTrust
Ian Percy
President, The Ian Percy Corporation
James Tenser
Retail Tech Marketing Strategist | B2B Expert Storytelling™ Guru | President, VSN Media LLC
From a personal perspective the answer is yes. Even if I didn’t read the fine print, I gave company X my data for a reason. Perhaps I had to in order to get a delivery made to my home (which requires a phone number and emails for notifications), etc. However, I didn’t expect it to be sold for whatever reason.
From a business perspective, it is an asset and has value. As such, it is something that can be used for the benefit of the company, its shareholders and/or creditors. A company going out of business may not care because they don’t have to worry about customer relationships anymore but that certainly doesn’t help all the remaining companies that depend on gathering customer data endear a lot of trust.
Names, addresses and emails of consumers are a valuable commodity for retailers. How they use this information could cause severe repercussions. Yes, a retailer might bury the ability to transfer customer data in the event of a sale or change of ownership in their fine print, but it does not sit well with consumers, and if used non-judiciously could cause a customer backlash and loss of business. I expect that many Sports Authority customers will be unpleasantly surprised to be contacted by Dick’s, unless they are given the opportunity to opt in.
They paid $15 million for the sportsauthority.com domain in addition to the email addresses. They’ll contact them from that domain and use on-boarding tactics to turn 25 percent or so into Dick’s customers.
My only quibble with Tom is that selling personal information is absolutely as disturbing as an all-out hack. At least you can defend against hackers. In a strange way there’s more honesty there. Hiding an unreadable disclaimer in a website hardly makes selling personal information virtuous.
My point is that we’ve all been cut up into little pieces and ripped at by swarms of corporate piranha. Sold off as data-parts. Why do companies want our bits? Because then they can send us “personalized” special offers. Of course that means we become trained to wait for these special deals. We should get something for our sacrifice, after all. Then these same retailers complain about declining profit margins. Sure worked out well for Sports Authority.
Restore the soul to retail — assuming it’s not too late — and we’ll see retail revitalization.
While this sale of customer data is disturbing, the larger point is that retailers view data as an asset. Now if they would just use it to engage in relevant dialogues with consumers …
Considering the cumulative investment and competitive advantage built into a customer database, corporations are compelled to recognize their value on the books. Then they routinely lie in policies that promise not to transfer or re-sell personal data.
Well you can’t have it both ways: Either a customer data list is a transferable asset with a market value or it’s a proprietary asset that must evaporate in the event of a corporate transaction or bankruptcy dissolution.
On a philosophical and perhaps legal level, it comes down to who owns the e-relationship — the shopper or the retailer? As a practical matter the retailer has control, and that’s that.
So maybe it’s necessary to split the difference. Ban reselling of customer data to third parties like list brokers and other outside marketing entities under any circumstance, including liquidation. But permit transfer of whole customer lists as core assets when a corporate merger takes place, with a key caveat: Require an audit-able, voluntary opt-out notification and simple procedure on the part of the acquiring entity. I’d append a rule requiring adherence to the pre-existing privacy policy for two years.
This might force the acquirer to align its interests with the best interests of the list members. Win them over with kindness, or lose them forever.
This is an off-the-cuff proposal, so I’d invite critics and collaborators to chime in.
After not having read the pages of fine print when I clicked “I agree” to the privacy policy of the retailer, (some section of which no doubt said “and we can unilaterally amend this policy to whatever we want, whenever we want and not tell you,” I have the illusion of comfort in knowing that the email address I created specifically for signing up to spammy sites (which seems to be all of them) really isn’t private, and somehow the big data analysts have figured out it’s really me anyways. Anyone who thinks their information on the internet is somehow private should think again.
What choice did I have when I was “forced” to say “I agree”? Of course, I did not have to place the order, but I wanted whatever it was they were selling so inexpensively. In order to get it I either had to read the entire agreement and then check it off or not read it and check it off. Either way it is buy or don’t buy, and go to a brick and mortar location and hope they have my size in stock. Seems we are stuck. So I did what Peter did and created a dummy email address. It doesn’t matter. They “gotcha” either way. So come on Dick’s, keep sending those ads and coupons. Now I am getting them twice.
Yes. Yes.
Obviously they could just throw the data base away, but I’m not sure how many “irate customers” there are (at least beyond the usual handful any large company has). This seems like a situation ripe for legal remedy, as few companies will be motivated to curb a practice which — though objectionable to (many) consumers — presumably has some benefit to them, and which few people even know about.
If I were making the call for Dick’s, I would make 4 basic principles come to life:
1. Let the shopper make the call.
Yes, do send an immediate opt-out to everyone. Having an opportunity for them to immediately say no will diffuse the grumps. Just be nice about it. Those that stay are a ripe target prospects, ready by default to shop at Dick’s.
2.Start the conversation.
Listen to what your new prospects desire from you. This group is open to pertinent two-way communications. Figure out where they want them. Then accommodate.
3. Don’t get over excited about just sending out deals.
Why train a new prospect to wait for deals? Invite them to meet you in the store. Take them on a tour.
4. Help the shopper.
It is the only real thing she/he wants. Cultivate experiences with helpful staff in stores and via online chat help. Provide HELP.
If I were Dick’s, I would immediately send an explanation and opt-out note to the listees. Good publicity and good customer relations.
(Ok, I sign up for sites and thereby give them my email address for their purposes, but I’ll always be surprised by the alacrity with which most of today’s consumers give away their email or personal contact information — or, in many cases, fall for scams).
Of course it’s obvious that this data is important to retailers, but it is more important to respect some rights of the e-mailee.