When Is Data Collection Creepy? Mr. Macy, Meet Mr. Hooper

Macy's (NYSE:M) is not, repeat not, capturing signals from customers' mobile phones to identify them at POS. That's the main thing people are remembering from a presentation by Macy's customer strategy VP Julie Bernard at a conference last week. Aside from the implication that some other chains are doing that, it's too bad, because it misses Bernard's two key points. One is that customers demand marketing messages that are relevant to them, but they're at the point of paranoia about retailers collecting the information necessary to make the messages relevant. The other is that some ways of collecting that information truly are creepy.

But which ones? Gut-level intuition isn't a reliable guide, and it's especially hard for retail IT people to use as a gauge when they're dealing with ideas from marketers. What's needed is a more or less external standard for when CRM data collection has crossed the line. Fortunately, we have one, and we've used it before: The traditional human shopkeeper. The question: When it comes to invading customers' privacy, what could Mr. Hooper do?

That's not the way Bernard was thinking about it at the D2 Digital Dialogue conference in Cincinnati. "The media has spun this story so negative, and it's really a shame that people in our positions have not taken a more dominant position on speaking on the macro and micro economic benefits of delivering relevancy by responsibly using customer data," Bernard told an audience of marketers.

"There's a funny consumer thing. They're worried about our use of data, but they're pissed if I don't deliver relevance," Bernard added. "How am I supposed to deliver relevance and magically deliver what they want if I don't look at the data?"

Of course, lots of customers join loyalty programs and pile CRM data and personal information in retailers' laps, so clearly it's not just that collecting data is a problem. It's finding the line where it all turns creepy. And that may not be as hard as it seems. After all, the guy who ran the neighborhood corner store was constantly collecting information about customers. Most customers didn't mind, even when he occasionally overshared or made inappropriate recommendations. That was just Mr. Hooper.

So here's one potential filter: If this were Mr. Hooper's corner store, could he do the same kind of customer tracking that your chain is considering doing electronically?

Recognizing the customer? Sure. Remembering preferences and details about family and friends? Sure. Keeping an eye on a customer as she makes her way through the store? Drawing conclusions from what he knows? Making recommendations? Of course.

How about recognizing customers when they're not in the store? Knowing a customer's address and sharing it with the police if he thinks it's appropriate? Mixing and matching information from multiple customers to derive even more customer-preference information? Maybe even sharing information about some problem customers with other shopkeepers?

If anything, Mr. Hooper was even more invasive than most of the technologies chains currently use. And remember, recognizing a customer wherever that customer went was well within Mr. Hooper's capability, and he didn't need a smartphone's MAC address or an app to signal who the customer was.

And in fact, Mr. Hooper hasn't gone away. Lots of store associates recognize regular customers by sight, even if they're not in the loyalty program and always pay cash. They know customers' preferences even if they don't know their names.

And that's not creepy, at least not for most customers. Like Mr. Hooper, there's some familiarity and trust. But there are also real limits to what these human CRM databases can do.

Here's what Mr. Hooper couldn't do: He couldn't make copies of everything he knew and send them off to other shopkeepers to sift through. He couldn't track customers as they moved through every store (though he may have known exactly when each customer was in his store). He couldn't develop summaries of everything a customer bought in every store (even if he did know everything that customer bought in his store, regardless of loyalty data or how it was paid for).

Mr. Hooper didn't just have customers' trust. He also had limits. There were things Mr. Hooper literally couldn't do. Customers didn't need a long privacy statement from that old shopkeeper because they believed they knew what his limits were.

When those limits stop being clear, it starts to get creepy.

That's not a technology issue, or even a data security issue. It's an issue of privacy policy and data sharing. And, lawyers aside, it may be the best filter that retailers have at the moment for figuring out which side of the creepy line a data-gathering or data-use idea falls on.

If Mr. Hooper couldn't get away with it, your chain probably can't either.