Privacy Concern in CRM Service

and Haiyu Huang2



(1)
School of Law, Xiamen University, Xiamen, China

(2)
School of Management, Xiamen University, Xiamen, China

 



Abstract

Customer relationship management, known as CRM, is a concept for increasing companies’ profitability by enabling them to identify and concentrate on their profitable customers. Electronic commerce customer relationship management or ECCRM chiefly relies on Internet or Web-based interaction of companies with their customers. As a tool of CRM, the purposes and methods of data mining for firms are manifold and often help the firms to analyze business-critical data including person-related information. Indeed, there are norms in the USA and European Union that should be taken into account when implanting a CRM system. This paper reviews the US and EU CRM service-related legal regimes with emphasis on privacy protection at first. Then, it discusses the privacy concern in CRM service by doing some case study, mainly in the States. Finally, this paper probes into some practical suggestions for enterprises’ better CRM service reference.


Keywords
CRMECCRMData miningPrivacy concern


Published by “Proceedings of Int’l Symposium on China Hospitality Management & Business Information 2007”, August 7–9, 2007, pp. 533–538.<ISTP indexed>



10.1 Introduction


Customer relationship management, known as CRM, is a concept for increasing companies’ profitability by enabling them to identify and concentrate on their profitable customers. From a strategic point of view, CRM closely combines the most advancing information technologies (IT) together: Internet and electronic commerce, multimedia technology, data warehouse, and data mining, expert system and artificial intelligence, etc. Briefly speaking, CRM provides for the field of companies’ sales, customer service center, decision-making support, etc., a solution to business automation.

CRM can be viewed from two perspectives. Operational CRM refers to the business strategy that focuses on the day-to-day management of the customer relationship across all points of customer contact and is enabled by sales and service technologies. Analytical CRM is the part of the CRM business strategy that drives increased customer intelligence and makes information actionable across all touch points. It encompasses a host of data mining applications (e.g., marketing, forecasting, and budgeting) that enable companies to develop greater customer intelligence and accordingly customer-specific strategies.

In analytic CRM, data miners often analyze customer data with the specific intent of understanding individual behavior and instituting sales campaigns based on this understanding. Researchers in economics, demographics, medicine, and social sciences are trying to understand the relationships between behaviors and outcomes (Edelstein and Millenson 2003). For example, if an employer has access to medical records, they may screen out people with diabetes or have had a heart attack. Screening out such employees will cut costs for insurance, but it creates ethical and legal problems.

As to ECCRM, it chiefly relies on Internet or Web-based interaction of companies with their customers. The prospect of higher profitability has lured many companies into launching CRM initiatives and, in particular, ECCRM projects as a central element of their electronic commerce activities. Market projections at the time of the Internet hype saw corporate investments into CRM in general grow at annual rates as high as 50 %, eventually matching and surpassing expenditure on ERP systems (Meta Group 2000). Even after the end of the hype, there are projections still predict double-digit growth rates for the years to come (Forrester Research 2002).

The fast progress in networking technologies has led to an enormous amount of digital information stored all over the world. This process has been accompanied by a rise of tools, e.g., data warehouse and data mining that are able to collect data, add them to databases and find information that could not be discovered in an obvious way. The analysis of huge data amounts is of particular relevance in e-commerce, where companies are given the opportunity to learn more about their customer profitability and customer segmentation. While yielding benefits to the companies (marketing, etc.), these analyses of customer behavior, preferences, and interests may provoke the fear of privacy breaches (Kobsa 2002).

Therefore, the legal aspects of CRM including ECCRM, the laws affecting it among others, cannot be forgotten. Indeed, there are norms in the USA and European Union that should be taken into account when implanting a CRM system. This paper reviews the US and EU CRM service-related legal regimes with emphasis on privacy protection at first. Then, it discusses the privacy concern in CRM service by doing some case study, mainly in the States. Finally, this paper probes into some practical suggestions for enterprises’ better CRM service reference.


10.2 US and EU CRM Service-related Legal Regimes with Emphasis on Privacy Protection


As a tool of CRM, the purposes and methods of data mining for firms are manifold and often help the firms to analyze business-critical data including person-related information. The knowledge about customers is a valuable asset for the company in a competitive landscape no matter online or offline. However, data privacy protection regulations rightfully limit the use of person-related data.


10.2.1 The USA Data Privacy Laws and Regulations


Although the USA had no comprehensive privacy law, Congress had passed the Children’s Online Privacy Protection Act (COPPA) in 1998. It had also passed regulation of online privacy practices in health and financial services, namely, the GrammLeachBliley Act of 1999 applying to financial institutions and the Health Insurance Portability and Accountability Act (HIPAA) of 1996 applying to health care providers. The Federal Trade Commission (FTC) and the National Telecommunications and Information Administration (NTIA) are the two bodies charged with monitoring online privacy.

Currently, the FTC has taken the lead in enforcing privacy rules in the USA. The FTC requires companies to follow evolving privacy rules labeled “Fair Information Practice Principles” (FIPPs) including:



  • Notice/Awareness: Web site is required to provide consumers notice of their information practices, such as what information they collect and how to use it.


  • Choice/Consent: Web sites are required to offer consumers choices as to how that information is used beyond the use for which the information was provided (for example to consummate a transaction). In other words, customers must be able to “opt-out” or must affirmatively “opt-in” to information collection practices.


  • Access/Participation: Web sites are required to offer consumers reasonable access to that information and an opportunity to correct inaccuracies.


  • Security/Integrity: Web sites are required to take reasonable steps to protect the security and integrity of that information.


10.2.2 US Safe Web Act of 2006