Does Macy's <i>Really</i> Not Know Where It's Own POS Data Is?

In the ongoing saga of Macy's versus the Los Angeles District Attorney's office--where the DA is trying to subpoena POS and CRM data in connection with the sale of lead-tainted children's jewelry so that impacted consumers can be notified—the latest twist is that Macy's officials are saying that they don't know what data they have, nor where it is.

According to officials involved in the case, Macy's is saying that it has only been able to locate about 40 percent of the data involving some 2,900 tainted necklaces sold. (The next court hearing is slated for June 29.) Let's set aside for the moment the possibility that Macy's officials are being less than candid with the L.A. officials because they simply don't want to reveal the data. If we assume that they are being absolutely candid, what does it say about their data management? Macy's runs one of the most sophisticated IT shops anywhere in retail. They don't have full access to their own CRM data, showing loyalty card purchases of the necklaces? Their Macy's credit cards? They can't search their own records for a particular product and which cards were used to make those purchases?

This raises some intriguing questions about how well most large retail POS and CRM systems can tie specific product purchases to specific customers. If they use their loyalty cards, it should be easy, but what if they don't? PCI rules frown on a retailer retaining payment data longer than is necessary for transaction approval and return issues. But why not use that data and note the customer and the purchase, deleting the payment card and only retaining the customer name and the purchases? It could be used to wonderfully supplement CRM files and it could so under the consumer-friendly guise of being able to handle subsequent recalls.

This raises the always fun debate about the risk of retaining too much data. From an analytics perspective, the more data that is retained, the harder it becomes to find desired answers. From a legal perspective, the more data that is retained, the more info that may later have to be turned over to people suing you. (As a reporter, the guidance to destroy notes religiously after XX months was based on protecting sources and avoiding contempt of court penalties.)

From the IT perspective, the most cost-effective strategy is to retain only the data that you'll actually use and crunch. That's been an ongoing issue with some grocery chains and CRM programs. Given that most do little more than market basket analysis, paying for a CRM suite and retaining all of that data is absolutely wasted money. That said, it's only wasted if the data isn't crunched and put to good use. A chain has detailed product-to-customer data for a short time after transactions. Why not play with a token-like approach and marry the two—minus the payment card details—for later use? In short, is Macy's being sloppy or strategically smart? Say what you will about Macy, but sloppy just doesn't seem likely.