Everyone by now has seen the uproar caused by Facebook’s mishandling of customer data. While a great many of the social media behemoth’s 2.2 billion monthly active users still only regard Facebook as a way of sharing pictures and mundane daily updates (“look at the scarf my dog wore to the park today.”), Facebook, like many of its digital competitors, strives to extract as much data as possible out of every interaction, and then parlay that information into revenue from advertisers, marketers, and anyone that will pay them. This in itself is not illegal, nor if done with transparency is it wrong. However, when a company lets personal data out of its reach without clear intent or purpose, and that company allows 3rd party access to information about a consumer who did not knowingly agree for that access to occur, then a clear line has been crossed.

There’s a reason Mark Zuckerberg has been apologizing every chance he can, in speech and in print. His next stop will be in front of the U.S. Congress. There is and must be a certain level of trust with any personal-online or personal-business relationship, and once that is breached, it is hard to get back. Zuckerberg certainly wants to avoid reaching a point where the phrase “we don’t want to pull a Facebook” starts to mean any negative and unethical release of previously non-public information.

To be clear, the recent revelation of Facebook’s data privacy dilemma is different from a company that gets hacked and, in the process, has customer data stolen (whether due to inadequate security or not)—rather, this series of acts (either negligent or intentional) is simply without regard to customer expectations of privacy and data control.

What does this mean in retail? All retailers today are struggling with the balance of how to obtain as much consumer data as possible and use that to improve omnichannel shopper interactions (but not seeming invasive or “creepy’), all while keeping the data secure. This feat is truly a blend of science, art, and the oft low priority of common sense. As a consumer, we generally appreciate or at least tolerate when our favored brands provide updates on new items, promotions, and discounts for relevant products that fit our shopping patterns and lifestyle. However, most of us quickly get annoyed when an online retailer clearly uses our browsing history and cookies to insert flashing banner and pop-up advertisements into various non-shopping websites we visit. This can be particularly annoying when devices are shared among family members and these types of ads prematurely reveal potential purchases or investigations into gifts meant to be surprises.

Conversational commerce means a two-way dialogue between two consenting parties: the retailer and the consumer. Involving a 3rd party is, as usual, a crowd and muddies the relationship. Conversational commerce also means having the ability to turn down the volume on the dialogue. When this is not possible, when a retailer continues to shout at us, or worse, invites another into our conversation, we may just turn the conversation off. However, while sometimes viewed by the consumer as annoying, this type of retailer data use—primarily for marketing purposes—is fairly superficial and harmless. It is when that same data leaches outside the walls of the retailer that much larger issues begin to propagate.

We cannot emphasize enough how a corporate principle of genuine data responsibility must permeate companies’ policies, underlying systems, business processes, and even organizational roles and responsibilities. There are several “tenets” of how retailers should responsibly and ethically handle consumer data:

Trust. As with gaining new customers, trust must be earned by the retailer, and in today’s highly competitive, data-rich, and fickle environment it is typically a hard-fought battle. Trust is gained through a series of positive interactions—either physical, digital, or even not directly related to a specific consumer (as in a news story)—over the course of time. Again, once trust is violated, it is often extremely difficult—if not impossible—to regain.

Permission. Permission must be granted by the consumer, whether through acknowledgement by downloading an app, signing up for a loyalty program, or providing information during a transaction (“can I get your phone number?), the customer knowingly—or unknowingly—provides permission to access certain data. This is a tricky area, since in our age of instant-gratification and precious little time, most consumers—without giving it a second thought—quickly respond, click through, and/or don’t thoroughly read (if at all) any pop-ups or acknowledgements about their personal data to which they just offered permission.

Transparency. Transparency of what a retailer will or will not do with consumer data must be provided by retailer. Similar to naïvely granting permission, most consumers have no clue about their data usage or whereabouts. Some companies do provide follow-on communications in the form of emails or even “snail mail” to their consumers that provide detail about how data will be used after the initial consumer interaction, but it is the onus of the consumer to actually read and comprehend this information.

Relationship. The relationship factor is related to trust, but focuses on a long-term view of the consumer, as opposed to a short-term or transactional view. In a good relationship, the trust factor is inherent and reaches far beyond if or how any data will be used. Many small, independent retailers and/or locally-owned franchise environments have successfully developed loyal followings that are built solely on deep relationships with their customers—often over a series of generations. Larger retailers are beginning to understand how this dynamic remains relevant in this highly digital age. Forward-thinking retailers should learn how to leverage information gleaned from consumer data mining and analytics with relationship development skills and policies built into their front line associate training programs. Done correctly and without seeming invasive, stronger personal relationships can be developed at both the store and brand level. But the relationship will also always hinge on the retailer maintaining trust through understanding and actively managing the implications of permission and transparency.

For ages, retailers have touted about how consumers drive strategy and store assortments, focused on providing “exceptional customer service” and the best possible customer experience, and sometimes even delivered on the promise of “the customer is always right.” This consumer-focused mindset must now more than ever extend beyond corporate strategies, operational policies, and associate training programs into how the retailer handles and protects their shoppers’ precious data.

– Clay