Wal-Mart, Eyeing Mobile And Online, To Revamp Its Privacy Policy

One month from now, Wal-Mart will unveil a radically changed privacy policy, one that envisions a merged channel world, where consumers are as likely to use their phone and laptop to interact with Wal-Mart as much as they would walk into a store or speak with a call center. The policy talks about data not merely from a PCI and a purchase history perspective, but also from a security camera's and cellphone's perspective.

"Our goal is to have it be completely comprehensive, for both online and offline," said Zoe Strickland, the Wal-Mart VP who serves as the chain's Chief Privacy Officer. "We need to govern all the different ways that we collect and use information. Privacy is not just about using the Web site. It's everything that happens when you're interacting with the company."

Some have recently argued that retailers need to show consumers what is in their CRM files, if those merchants truly want to gain the consumer's trust. Although Wal-Mart is far from offering to do that, the new policy—to take effect Aug. 23—does offer a way for consumers to request to examine the information Wal-Mart has about them, but the policy puts very little pressure on the chain itself to deliver.

"Contact us at the E-mail or postal address listed in the 'Contact Us' section of this policy," said the new document. "Please include your current contact information, the information you are interested in accessing, and your requested changes. We will provide you the information requested if reasonably available, or will describe the types of information we typically collect."

Although it's not much, it does go a little farther than most other retailers have gone. Still, it will be interesting to see what information Wal-Mart will end choosing to part with.

Much of the new policy deals with restrictions on use of personally-identifiable data, with few stated limits on data collected that is not associated with a consumer's name, above and beyond limits that are forced on Wal-Mart, such as privacy laws involving prescription drugs and handling of payment card data.

The policy also clarifies that data will only be given to Wal-Mart's partners and suppliers when there's a need to know, but it doesn't address the reverse situation, where Wal-Mart's partners have the information first and then provide Wal-Mart with only parts of that information. Can a supplier or a partner be made to comply to Wal-Mart's rules, when those suppliers also work for many other national retailers?

"Whether we get the data first or they get the data first, they're going to have to abide by our security concerns," Strickland said. The supplier data issue is only to get worse in the coming year as mobile companies work more closely with all of the major retail chains.

Strickland—who is Wal-Mart's first Chief Privacy Officer—said she is also closely watching "the tension between the personalization goal—which is just a goal" and Wal-Mart's efforts to protect consumer privacy at various levels. The eternal question: As consumers opt-in so they can take advantage of personalization and convenience, will they ever be able to regain control of that data?