Retailers face privacy concerns

Consumers becoming increasingly concerned about retailer requests for their personal information.

A report from Canada’s privacy commissioner indicates that consumers are becoming increasingly concerned about retailer requests for their personal information.

Based on a survey carried out by Ipsos-Reid in December 2007 and which polled 1,001 adults, the research showed that 52% questioned retailers about why information such as an address, postal code or phone number was required when purchasing something from their store.

Almost half (45%) said they do not provide such data, while 13% said they deliberately gave out false information.

Chief among these respondents’ reasons for keeping their info to themselves included a fear of identity theft, of it potentially being placed on the Internet, and fraud concerns.

Recent high-profile retail data breaches have helped to make many consumers skittish about volunteering personal data at the checkout counter. In early 2007, TJX (NYSE: TJX), which operates 191 Winners and 71 HomeSense outlets in Canada, admitted that its data storage systems had been breached. Before the insecure wireless network connection that allowed the theft to take place had been fixed, 45.7 million customer credit, debit, check and merchandise return transaction numbers had been stolen by hackers.

That’s the type of privacy nightmare that retailers fear and which have prompted governments to step up their efforts to help prevent other such occurrences.

In Canada, regulations governing retailers’ actions in regards to customers’ personal information are contained in the Personal Information Protection and Electronic Documents Act (PIPEDA).

Among other things, it stipulates that retailers must limit the amount and type of information they are gathering, identify the reasons they are collecting it, and ensure that appropriate safeguards and security measures are in place to protect the information in their care.

Heather Ormerod, spokesperson for the privacy commissioner, said the office was “pleased that people are taking charge of their own information and are asking why it is being used and what for.”

Surrendering personal data is the individual’s decision, Ormerod added, “so we encourage them to ask the right questions. If businesses can’t give you a good reason why they are asking for your personal information, it’s probably best not to give it out.”

According to Derek Nighbor, senior vice-president, national affairs for the Retail Council of Canada, the report did not point out that there are legitimate reasons why retailers ask for certain pieces of personal information. These are mainly related to increasing fraud levels, he said.

“Retailers will want to look at identification to confirm that this credit card does belong to this consumer.”

Fraud is also on the rise at returns and exchanges desks, Nighbor said. Retailers will often accept returned merchandise without a receipt, but will ask for the customer’s name, address and phone number to track “repeat returners” and monitor through exception reporting any possible fraudulent activity.

Retailers, Nighbor said, are well aware that privacy protection has become “front—of-mind” for consumers. He called the Commissioner’s findings a “call to action” for such businesses. Clearly letting customers know why data is being collected and what will be done with it is critical to success, and can be accomplished by in-store signage, availability of pamphlets, or by posting policies on company Web sites or on the back of receipts, he added.