Now that we’ve looked at advertising in Part 1, it’s time to consider the situations in which you may be directly contacting your customers to advertise or market your products, and collecting their information to do so.
Collecting customer information will be done in different ways online and offline, and has a number of different legal and privacy issues tied up in it that you need to consider. Let’s take a look.
Privacy issues when collecting customer information
Most countries around the world have some kind of privacy legislation in place that governs how you should collect personal information, store it, and protect it. These laws also usually set out what you need to tell your customers when you are collecting their information, such as the fact that you are collecting information, what you are collecting, and what you will do with that information.
Let’s examine a couple of pieces of legislation, from the U.S. and from the U.K.
So, what is the law?
The U.S. doesn’t have an overarching privacy law like many other countries, but they do have specific privacy legislation that applies to areas such as health information privacy (HIPAA) and protecting the private information of children (COPPA).
- The types of data gathered,
- How the data may be shared with other parties,
- The process your customer can follow to review and make changes to the data you have on them, and
- The policy’s effective date and a description of any changes since then.
If you run an online store and are based in the U.S., it is highly likely that you have Californian customers over the internet, so it pays to comply with the Californian state law. If you have international users, you may also need to comply with E.U. and U.K. law, as well as the laws in other countries where you anticipate you may have customers.
The U.K. follows what is called the EU Data Protection Directive 1995, which sets out seven principles of data collection:
- Notice: Users should be given notice when their data is being collected
- Purpose: Data should only be used for what you say you will use it for
- Consent: User data should not be shared without your users’ consent
- Security: Collected data should be kept secure
- Disclosure: Users should be informed about who is collecting their data
- Access: Users should be allowed to access their data and make corrections to any inaccurate data
- Accountability: Users should have a method available to them to hold data collectors accountable for not following the above principles
Now, let’s look at how to comply with these laws in practice, both offline and online.
Offline data collection
In store, one of the main ways in which you might collect data is by asking your customers to sign up for a membership club or loyalty program.
Some of the information you might usually collect through a loyalty program could be customer name, mailing address, email address, cellphone number, or even their date of birth. This is all “personal information” for the purposes of most privacy legislation around the world.
- What information you are collecting;
- Why you are collecting it;
- What you will use the information for;
- How you will keep the information secure;
- When you might release the information, and to whom;
- How your customers can amend or correct the information you hold on them; and
- What dispute resolution procedures are in place if there is a disagreement.
Online data collection
- customer’s internet domain;
- IP address;
- when your website was accessed;
- type of browser and operating system used;
- pages visited; and
- what site the customer came from.
Web forms will also be collecting user data, and if you use something like Google Analytics, even more data will be gathered behind the scenes.
Implied agreement in a physical store is gained by displaying your policies in prominent places, such as on the counter or on the door of your shop. This is usually sufficient for a legal agreement to be made between you and your customers, as long as you make sure that the policies are displayed in places where they will be brought to your customers’ attention and they will have plenty of opportunities to read them.
Unlike the implied agreement in your physical store, browsewrap methods like this are usually not enough online.
For a browsewrap method to be legally binding online, you need to display your policies prominently and frequently, which means that you can’t just put small links down the bottom. For this method to be effective, you could put the link at the top of the page and highlight it in bold, or with red text to draw your customer’s attention to it. It should also be displayed on every page that the customer visits.
Here’s an example from YouTube of what I mean by using a tick box:
Here’s another example where you can see the clickwrap method is being used with a submit button:
Next, Part 3 of this article looks at contacting your customers by email or post.
Does your website use the browsewrap or the clickwrap method?