Privacy and Customer Relationship Management: Can They Peacefully Coexist?

06SANDBERG.DOC 3/4/2002 1:19 PM PRIVACY AND CUSTOMER RELATIONSHIP MANAGEMENT: CAN THEY PEACEFULLY COEXIST? Christopher K. Sandberg† I. INTRODUCTION ....................................................................1147 II. CRM .....................................................................................1148 A. Background.............................................................. 1148 B. Why Are Businesses Interested in CRM?........................ 1148 C. What do Customers Think?......................................... 1149 III. FAIR DATA PRINCIPLES .........................................................1151 A. Overview.................................................................. 1151 B. Application of the Fair Data Principles to CRM ............. 1153 IV. WHY SHOULD MANAGEMENT CARE ABOUT PRIVACY?..........1155 V. OTHER LAWS ON PRIVACY WITH POTENTIAL CRM IMPACT .1158 VI. CURRENT STATUS OF PRIVACY AMONG BUSINESSES .............1160 VII. CONCLUSIONS AND RECOMMENDATIONS .............................1162 I. INTRODUCTION Customer Relationship Management (“CRM”) is one of the hottest topics for businesses entering the age of e-commerce. CRM is often described as the processes and systems that help companies better understand and service their customers. It includes the gathering, manipulation, storage, and analysis of many forms of data about a company’s customers. CRM advocates maintain that it can identify the most profitable of a company’s customers, lead to a richer product set being offered to customers, improve sales opportunities for the business, and improve customer acquisition and retention. Since a key component of CRM is the acquisition and storage † Mr. Sandberg is a partner in the Minneapolis law firm of Lockridge Grindal Nauen PLLP, where he practices in the areas of technology, on-line, and telecommunications law. He is also an Adjunct University Associate Professor at St. Mary’s University of Minnesota Graduate Center in Minneapolis. 1147 06SANDBERG.DOC 1148 3/4/2002 1:19 PM WILLIAM MITCHELL LAW REVIEW [Vol. 28:3 of many data elements about a company’s customers, the issue arises of how to balance the company’s desire to collect and use personally identifying information with customers’ desires to protect their privacy and control others’ use of information about them. This article will examine the legal and policy implications of CRM, and consider issues that arise from the law as it is today and as it is emerging in the United States and the European Union. II. CRM A. Background CRM software can be generally described as processes and systems that help companies better understand and service their customers. CRM software began as contact management programs designed to generate more sales leads. While that function remains important to business users, CRM software vendors have added more intelligence to their programs to focus on customer loyalty 1 and retention and “lifetime” customer value. Companies using CRM see value in launching automated marketing programs that 2 target “the right customer . . . at the right time,” or maximizing relations with customers while helping sales, raising productivity, 3 and improving customer morale. Vendors claim that CRM integrates people, process, and technology to maximize relationships with all of a business’s customers and partners, including traditional customers, “eCustomers,” distribution 4 channel members, internal customers, and suppliers. B. Why Are Businesses Interested in CRM? According to vendors and industry pundits, CRM can create greater customer loyalty, sales, and satisfaction. In markets characterized by numerous providers of a commoditized product 1. John Berry, Marketing Automation Gives CRM a Lift, INTERNETWK., Mar. 20, 2001, available at http://www.internetweek.com/indepth01/ indepth032001.htm. 2. Id. 3. Mike McCleary, Jr., Airing CRM’s Dirty Laundry, INTERACTIVE WK., Mar. 26, 2001, at 40. 4. Digital Consulting Institute, CRM Conference and Exposition Program, June 20-22, 2001, at 2. 06SANDBERG.DOC 2002] 3/4/2002 1:19 PM CUSTOMER RELATIONSHIP MANAGEMENT 1149 or service, customer service is seen as a differentiator between competing providers. The North American market for CRM software has been projected to “jump from $3.9 billion in 2000 to $11.9 billion by 2005, according to the business information 5 company Datamonitor.” The Garner Group has projected worldwide CRM sales to rise from $23 billion in 2000 to $76.3 6 billion in 2005. However, industry analysts are starting to recognize that poorly performed CRM can actually tarnish a business’s relationship with its customers, and bad CRM can cost a company financially. C. What do Customers Think? Customers who are dealing with vendors online report that they want personalization of their interactions with those vendors, but do not trust others easily. In particular, buyers’ increased exposure to the Internet has raised both their willingness to provide information and their concerns about its use. These factors, coupled with growing customer demands for more accountability, have placed privacy in the spotlight. In May and June 2000, a Pew Internet Poll found that 54% of 2,117 U.S. resident respondents (1,017 of whom were Internet users) believed that tracking consumers’ online habits is a privacy invasion, but the same percentage had provided personal 7 information in order to use a web site. Ninety-four percent of the respondents believed that the government should punish Internet 8 firms and executives for violating online privacy. A Cyber Dialogue Survey, also taken in 2000 by the same online market research/database company, found that 38% of 500 online adults who were polled saw a benefit in interacting with a vendor through a personalized Web site with targeted marketing messages, as compared with non-targeted “spam” marketing 9 messages. Of the 500 respondents, 88% said they would give their 5. Jim Battey, E-Business Barometer, INFOWORLD, Mar. 26, 2001, at 17, available at 2001 WL 8083377. 6. Id. 7. Susannah Fox, Pew Internet & American Life Project, Trust and Privacy Online: Why Americans Want to Rewrite the Rules, Aug. 20, 2000, at 2, available at http://www.pewinternet.org/reports/pdfs/PIP_Trust_Privacy_Report.pdf. 8. Id. at 3. 9. Kevin Mabey, Privacy vs. Personalization: Where Do We as Marketers Draw the Line Between Anonymity and One-To-One Communication?, CYBERDIALOGUE.COM 5 (2000), available at http://www.cyberdialogue.com/pdfs/wp/wp-cd-2000-privacy.pdf. 06SANDBERG.DOC 1150 3/4/2002 1:19 PM WILLIAM MITCHELL LAW REVIEW [Vol. 28:3 name to a vendor, 90% would give their level of education, age, and hobbies, 59% would give their household income, but only 41% would give their salary, and only 13% would give their credit 10 card number. The respondents in that survey generally agreed they would not accept distribution of their personal information 11 without permission or compensation. Forr (...truncated)