Session No. 2 of the 2020 NAG/YEO Virtual Conference featured a pair of presenters with more than 50 years of combined experience with issues related to data collection and usage policies.
NAG President John Lofstock welcomed Alan J. Thiemann, general counsel for Conexxus Inc., the technology standards arm of the National Association of Convenience Stores (NACS), and Bill Hanifin, founder of the loyalty consulting firm Impact 21, to unravel the many legal threads of data privacy.
Alan J. Thiemann, Conexxus
Thiemann brings to the table four decades of experience representing retailers through NACS as well as other trade associations. He has also honed his expertise with data privacy issues through his work with Seattle tech/IP law firm Han Santos, where he leads the practice’s privacy/cybersecurity group.
Thiemann’s presentation revolved around the lack of regulation of consumer data privacy, whether at the federal or state levels.
Currently, California is the only U.S. state with a data privacy law in place, the California Consumer Privacy Act (CCPA). He ran down a laundry list of eight other states that are eying the CCPA as a model for their own, but none of those is expected to be adopted until 2021 at the earliest. More will surely follow.
Fortunately, many of these state laws will likely be similar enough, he said, that much of the legal and logistical legwork to meet compliance standards will apply to most of the statutes.
But even if more states were to adopt laws, much like data breach regulation — which relies overwhelmingly on individual states — no federal consumer privacy law exists that would provide a common, uniform compliance for retailers to follow.
“While as you can appreciate, if you’re doing business in multiple states or nationally, that creates a major headache and trying to run your business,” Thiemann said. “And we’re about to enter into the same kind of situation in terms of consumer privacy.”
According to Thiemann, the current patchwork of state law makes data collection difficult — and legally slippery — for retailers.
Theimann warned that, lacking federal regulation, retailers must be aware that the individual state laws apply not to the location of their home offices, but to the location of the consumer. That means the onus of compliance is then multiplied for c-store chains with multi-state footprint.
Thiemann outlined a six-step “Retailer Checklist” to help operators parse the many requirements that come with collecting even the most basic information about customers. Even video surveillance images are subject to consumer privacy restrictions.
Theimann provided an excellent breakdown of a topic that, at first glance, can seem overwhelming. He closed his talk with advice about what action retailers can take now to prepare for compliance with the future legislation that is sure to be adopted as states sort the issue out.
Bill Hanifin, Impact 21
For more than 20 years, Bill Hanifin has been helping businesses engage and satisfy consumers through customer loyalty programs. His Hanifin Loyalty by Impact 21 clients have included c-store retailers as well as some of the world’s biggest names in banking, financial services, publishing, foodservice and other industries.
Like the age-old business maxim, “Know your customer,” Hanifin advised that, for retailers, there’s no substitute for talking to people. “ … finding out what they like, what they don’t like, and that’s something that we clearly could do much, much more of,” he said. Operators have the ability, he stressed, within loyalty program to gain the information because it’s permission-based.
Still, that permission doesn’t come without some fear. Consumers want protection from misuse of the information about them. Hanifin said that efforts at regulation are being driven by consumers’ demand for transparency in data collection.
But that’s understandable. Retailers would do well to educate their customers that consumers and businesses aren’t enemies.
“So there’s suspicion, there’s uncertainty, and that’s what’s bothering the consumer these days,” Hanifin said, “and they are desperately looking for transparency.”
Don’t let that customer hesitancy cause retailer fear, though. Instead, it should be met with leadership about why retailers collect customer data — to better serve those very consumers. Hanifin said that retailers should tell customers: “There’s purpose in collecting data. It’s not just to collect it for the sake of collecting, but we actually collect it with purpose so that we can communicate better with you, we can deliver you more personalized value, and we can improve your experience in making purchases and visits with our brand.”
Retailers, he recommended, should seize some measure of control and work toward defining best practices for data collection and privacy. Hanifin cited Thiemann’s expertise and the work of Conexxus in working toward those standards.
Businesses, he said, will need to be proactive in the midst of a lack of governmental guidance.
“How do we become more specific in developing guidelines, standards and making recommendations to all retailers so that we have a common path to follow?” asked Hanifin.
The 2020 NAG/YEO Virtual Conference continues on Wednesday, Aug. 12, at 2 p.m. Eastern Time, with a session on “Effective Leadership: The Best Ways to Manage People.” For the entire eight-session agenda, visit https://nagconvenience.com/virtual-series-agenda/. To register click here: NAG/YEO Virtual 2020 Registration. For on-demand access to past sessions visit the NAG/YEO Virtual 2020 On Demand page.