If you’re like me, you carry around a pack of “customer loyalty cards” every where you go. I have one for my favorite Chinese restaurant (Buy 7 buffet dinners, get the 8th for free), a used CD store (Buy 15 DVDs, get the 16th, free), and no less than 3 customer loyalty cards for coffee shops (Border’s Cafe, Weaver Street Market, and Cup-A-Joe).

Most of these loyalty cards are simple and benign. They are just business card sized pieces of paper which the sales clerk at the store marks when you make a purchase. Because they have no personal information associated with them, I like to think of them as anonymous customer loyalty cards. Their simplicity is a tremendous advantage to stores. For a fairly low cost, the issuers of these cards can build repeat business.

I can’t help but note that their simplicity is accompanied by a complete and utter lack of security. The only thing that keeps these loyalty cards from being subject to spoofing attacks (i.e., customers falsifying marking purchases on their card), is the honor system, as far as I can see. But that’s a subject for a different blog.

There is another class of consumer loyalty cards, which I call profile cards, that aren’t nearly so benign. Most commonly these are found in grocery stores. A customer fills out a customer profile survey and is issued a card with a unique identifier. The Harris-Teeter where I shop calls them “Very Important Customer” cards and I’m proud to report that I am Very Important Customer #4-098911769-1. Every time I buy something at my local Harris-Teeter, I flash my VIC card and get discounts on various items. You can bet your bottom dollar that Harris-Teeter keeps track of all purchase I make with my VIC card and uses that information for various marketing and business analytics purposes.

On the whole, is this such a bad thing? If Harris-Teeter knows that I am going to buy 4, 2-liter bottles of Diet Dr. Pepper every Friday afternoon on my way home from work, maybe they’ll make sure it’s on the shelf when I get there. And if they give me 10 cents off the price just for associating the purchase with my name, why not?

The problem is that profile customer loyalty cards are getting stores into trouble on multiple ways. First, the profile information such as your personal buying habits are increasingly becoming subject to subpoena requests in various criminal and in some cases even civil court cases. If John Doe bought a 12-pack of Rolling Rock beer 90 minutes before he was involved in a late-night car crash, it could potentially be used as evidence to support charges of drunk driving.

As far as I can tell, the situation hasn’t gotten so bad yet. So far stores have been reasonably successful in refusing to divulge such information. But in an era where government officials can demand that libraries hand over your book check out records (thank you PATRIOT Act), one can only imagine that the pressure to hand over customer profile buying habits will increase, not decrease.

In addition to being criticized for handing over customer data in legal proceedings, these stores are also feeling pressure to use the information they collect in ways that they don’t want to. Imagine this scenario. a batch of ground beef is found to be tainted and the FDA issues a recall on the meat. The grocery store pulls the meat off the shelf, but some of it has been sold already. Does the grocery store have an obligation to search through its customer profiles and try to find the people who bought the meat and notify them. This scenario is the subject of at least one class action suit from customers.

So these profile customer loyalty cards, as valuable as they are to the stores that issue them, can have significant negative consequences associated with them. At minimum the stores that issue them can find themselves keeping several lawyers busy in court fending off various lawsuits relating to how they use or don’t use the data, not to mention the uneasiness that an increasing number of shoppers have about the potential privacy invasion. Some stores have abandoned their customer loyalty program for these reasons.

Dropping the customer loyalty program all together is not the only option however. The customer loyalty card programs can be saved, and can continue to be valuable to both the customers and the stores that issue them without raising the sticky privacy issues that currently plague profile based customer loyalty cards.

I think the problem stems that our society as a whole is infatuated with computers and databases and in the IT industry, customer relationship management is one of the hottest areas. In my opinion, the problem is that companies take a default position of collecting all the information they can about their customers without thinking of the legal obligations or troubles that it might cause. We have an “all or nothing” approach to customer loyalty cards.

But there’s a third way. It’s entirely possible for companies to get most of the benefits from their customer loyalty cards while incurring none of the legal headaches. All they have to do is simply stop associating their customer loyalty cards with individuals.

The problem with my VIC card is not that it has a unique number on it, the problem is that it has my name and address associated with it. So imagine a third kind of customer loyalty card, let’s call it the “deidentified customer loyalty card.” Suppose my Harris-Teeter simply gave away cards with the unique numbers on them but did not collect the names and addresses of the people who held the cards. This would still allow Harris Teeter to build some fairly sophisticated profiles about my buying habits and would enable them to market to me with instant coupons issued at the cash register, etc. It would still allow them to sell trend data to consumer goods manufacturers which they could analyze for business trends etc. But gone would be those pesky subpoenas to hand over data about a person’s buying habits because they simply would not have the information. Likewise, the “failure to notify” lawsuits would go away for the same reasons. And finally, Harris Teeter could truly say that they are protecting the privacy of their customers because all of the information is deidentified from the start.

To muddy the waters a bit, Harris Teeter could collect some general demographic data while still protecting keeping the information deidentified. I’m not likely to care if Harris Teeter knows that card number #4-098911769-1 is associated with a white male living in zip code 27517 and is in the 30-40 age group. And such information would not targetable by lawyers.

To summarize, anonymous customer loyalty cards are great for generating repeat business but can’t be used for business analytics because there is literally no data associated with them. Profile-based customer loyalty cards give value to the customer and can help generate repeat business while at the same time, generating a wealth of customer profile information that can be analyzed and used for various business purposes. However, profile based customer loyalty cards are a land mine of potential legal lawsuits and consumer fears. Deidentified customer loyalty cards could still be valuable to customers, generate repeat business and could still generate profile information that is almost as valuable as the profile-based cards, while removing the many thorny legal issues and reassuring customers of their privacy.

In this case, the innovation is not a new technology. Sometimes innovation comes from giving careful thought to what you are doing. Sometimes innovation comes from collecting less data, not more.

–Calvin Powers

This entry was posted by Calvin () on Friday, September 10th, 2004 at 3:14 pm and is filed under Privacy Policies. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Note: Blog posts are the opinions of their authors and do not reflect the official opinion of the National Science Foundation or North Carolina State University.