Ever since we became dependent on our social media, online e-commerce, and the plethora of apps on our mobile devices, our lives are almost entirely driven by our data. These tools can improve consumer access to information and make shopping, from within the apps, much faster and easier. However, this sense of convenience has also made our personal information more widely available. It allows marketers to target our behaviors based on this data. These e-commerce sites and applications can collect and share personal data to an extent not previously possible. One might be surprised to learn that the data collected could include names, nicknames, addresses, passport numbers, social security numbers, and geolocation data, employment, and physical and behavioral characteristics.
When this data becomes susceptible to breaches, cyberattacks, and unauthorized sharing, we should be concerned as to what degree data is protected, and why isn’t our personal data completely secured? How does one know what types of personal data, and how much of our personal data it is out there, and being shared? On a daily basis, businesses profit from our personal information, and there should be some limitations on how they can use or share this data. Additionally, customers should have greater control within an app or directly within an online transaction to define our data preference.
If businesses desire to profit from our personal information, they should follow regulations to ensure that customers’ data is being protected with extensive measures. These measures may present themselves as a bill or law passed within a state government, but there is no single data protection legislation in the US. Instead, a jumble of hundreds of laws enacted on both the federal and state levels.
California recently passed a bill to give its residents more control over their personal information. The California Consumer Protection Act went into effect on January 1, 2020. This Act granted Californians several fundamental rights: to know what personal information is being collected about them, to access this information, to know whether it is sold and to whom, to ask that their data be deleted, to refuse to allow that it keeps being sold, to receive equal service and price even if they have exercised the previous request to opt-out.
One example that put the CCPA to test is Hanna Andersson, a children’s clothing store and online retailer who notified their customers in January 2020 that hackers had scrapped various customer data from September 16, 2019 to November 11, 2019. Shortly after the announcement from Hanna Anderson to their customers, a class action complaint filed by Krista Gill and Doug Summerfield accused both Salesforce and Hanna Anderson of “failure to exercise reasonable care in securing and safeguarding their customers’ sensitive personal information, including customer names, payment card numbers, payment card expiration dates, and payment card security codes.”
This complaint was only one of many in relation to attacks on an e-commerce platform, additionally it was also the second attack recently to happen to Salesforce Commerce Cloud Unit. It was reported that the defendants could have prevented this type of data breach as similar attacks on e-commerce platforms are common. The retailer and e-commerce platform failed to adopt more secure technology and neglected to safeguard customer data. Thus, hackers can install malware that is undetected for close to two months which can allow them to access personal user data, as explained in this case.
Even with the new regulations on data privacy, consumers are willing to trade off sharing their data in exchange for the experience. Most consumers have no issues with providing their data, and thus businesses only need to refocus on how they treat targeted marketing. Those most affected are the third-party vendors that rely on the exchange of data to grow their business. Third-party vendors will struggle as the data inventories begin to dwindle and marketers may become weary, but third-party data’s downfall is not necessarily bad for business. The “dirty-data” has always been questionable as it comes from unknown, questionable sources.
The CCPA may lead to reduced access to third-party data and puts pressure on companies to improve their collection of first-party data acquisition channels. However, many businesses may be surprised that when they scrap the dirty old data, what remains is more accurate, secure data that will ultimately improve their marketing campaigns.
- Crowl, Jonathan. “How the CCPA Will Change Marketing (and Why It’s a Good Thing)” Jebbit, Jebbit, 14 September 2019, https://www.jebbit.com/blog/how-the-ccpa-will-change-marketing-and-why-its-a-good-thing
- Leprince-Ringuet, Daphne. “What is the CCPA? Everything you need to know about the California Consumer Privacy Act right now.” ZDNet, CBS Interactive, 20 December 2019, https://www.zdnet.com/article/california-consumer-privacy-act-everything-you-need-to-know-about-the-ccpa/
- “2019 Consumer Data Privacy Legislation.” National Conference of State Legislatures, 3 January 2020, https://www.ncsl.org/research/telecommunications-and-information-technology/consumer-data-privacy.aspx
- Errick, Kristen. “Salesforce and Hanna Andersson Face Second Suit Over Data Breach.” Law Street Media, 6 March 2020, https://lawstreetmedia.com/tech/salesforce-and-hanna-andersson-face-second-suit-over-data-breach/#:~:text=Hanna%20Andersson%20is%20a%20children’s,to%20scrape%20various%20customer%20data.
- Lazzarotti, Joseph J. and Gavejian, Jason C. “CCPA Data Breach Class Action Litigation Begins.” Jackson Lewis P.C., 6 February 2020, https://www.workplaceprivacyreport.com/2020/02/articles/california-consumer-privacy-act/ccpa-data-breach-class-action-litigation-begins/
- Images by Joel Koch