Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

The Price of Online Privacy

It's about $49.... Too many indiscriminate policies require personal data (or money) in exchange for customer service.

By

March 24, 2006CSO

At the grocery store the other night, I bought a half-pound of turkey from the deli. Only when I got home I discovered that they gave me ham by mistake. I went back to return the errant cold cuts, but before the store clerk would wait on me, he asked me for my name and phone number. I refused, telling him that my request had nothing to do with that information. Then he asked for my store "loyalty card" number. I wouldn't give him that, either. I mean, it was just ham, and it was the deli's mistake! So he told me he couldn't help me until I paid a $49 fee first.

Absurd, right? That's because it's not exactly true. The grocery store didn't do that to me. Apple's iTunes Music Store did. And it wasn't a half-pound of turkey I bought; it was a $0.99 song download. The wrong song. I downloaded a track listed as a live version of this song and instead received a studio version. In other words, Apple's store gave me ham that was incorrectly labeled turkey. I called Apple, thinking the company would credit my account, and I thought I was doing a nice thing by letting the store know about the labeling error.

But Apple refused to take my call unless I gave my name and phone number. When I refused to do that, the support desk agent then requested the unique serial number to my iPod. "My iPod?" I asked, incredulous. "This has nothing to do with my iPod." That was when she informed me that in order to proceed with the call, I'd have to pay $49 (which, of course, would also require me to read my credit card number over the phone). I hung up.

Let's review: Apple's iTunes store failed to provide a service I paid for and, before Apple would rectify its own error, the company demanded that I turn over either personal information irrelevant to my request, or money. In other words, I pay in cash or in personal information for the chance to report a service failure even before I've been guaranteed any sort of satisfactory rectification of their mistake.

Does that seem right? How can a transaction that would be an unnecessary and practically ridiculous invasion of privacy in the real world somehow be de rigeur at an online store? (It's fun to apply the scenario to any kind of real-world storeimagine, say, a restaurant: "Before you can tell us your problem with the fish special, Ms. Smith, we'll need your social security number.")

In fact, retail stores in the physical world periodically try to grab unrelated personal information at check-out (Radio Shack used to ask for ZIP codes and now many stores ask for phone numbers). When that gets enough attention, it makes the national news, as it did in December last year on ABC. The various data companies are trying to acclimate people to invasions of privacy, said Chris Hoofnagle of the Electronic Privacy Information Center in San Francisco in the ABC News story.

Often, you can decline at the store (marketers prey on the fact that most people are uncomfortable with confrontation and will not decline) and the purchase continues. Though, in at least one case a colleague of mine wasnt allowed to pay with anything except cash unless she turned over private information.

But online, aggressive tactics like that are the rule, not the exception. Ceding unrelated private information was, in my case, a prerequisite to completing a transaction.

I e-mailed Apple PR to learn more about its privacy policies. For six days, I heard nothing, not even an acknowledgment that my e-mail had been received. I sent the request two more times, and on the eighth day, I finally received answers to the questions I had e-mailed. (See Apple's Verbatim Answers to the Author's Questions below.)

What I descried from the carefully crafted answers is that the iTunes' store isn't really a store at allit's just an online component of the iPod. Its a subtle but important distinction. Theres an old marketing trick of appropriating nomenclature for something so that we make positive assumptions about that thing, even if whats being marketed isnt what its called. A classic case of this is junk mail made to look like official business that implores you to open the Dated Material or Important Information about your account immediately. But when you do open it, you discover that, alas, its another credit card offer.

In some ways, online stores are doing the same thing. You are not really a customer at iTunes music store the way you are at the grocery store. You're an iPod owner using an associated service. All support is assumed to be related to the product, the hardware. Customers are asked for personal information so we may look up product registration data... And even though the product in this case was completely independent of the problem, Apple needs to be able to look up product ownership information. Why?

The presumption here is that the customer is calling because something is wrong with them and their product, not the companys service. At best, thats far too blunt an approach to customer service, and at worst, its arrogant.

Apples other argument was economic. The cost of providing support is too high to not screen out ineligible calls. That is, you cant use the stores bathroom unless you can prove that you bought something at the store. Apple argued, We have tens of millions of customers. If every customer were able to contact us in perpetuity, we would be unable to provide quality support to anyone.

But the assumption in that statement is that privacy is an all-or-nothing proposition. Either you cede it and get support or dont and lose support.

It doesnt have to be that way. We're not saying Apple or any business ought to let all calls come through unchecked. We're saying be reasonable, make more stratified privacy policies that take into account the spectrum of potential calls and what private information is really needed to complete that call.

What online stores like iTunes do now is throw one sweeping policy across all its products the way one throws a quilt across a fire to smother it.

Why not do right by the customer by approaching private data with more texture and nuance? In this case, for example, instead of assuming all calls somehow relate to the iPod, Apple should segment support so that the smaller number of complaints and concerns about service failures at the online store are sectioned off. Then, for those situations, instead of demanding personal information up front, move the gate-keeping function back so that it occurs after the customer has a chance to explain the problem. If the problem can be resolved without the transaction of personal data, do it. Dont ask for private data until it's needed to create a positive outcome and the customer agrees to it. Finally, when it is time to ask for personal information to resolve the issue, instead of asking for seemingly random, unrelated private data, ask only for pertinent information, like a credit card number to credit an account.

Sounds like a lot of work: New protocols to develop, more training for support staff, more complex phone trees, lawyers to pay for reworking privacy policies and so forth. That's true. It would cost vendors significant money to implement a support function that delivered a nuanced, consumer-centric perspective on customer privacy. (And, oh yeah, the marketing department wouldnt get their hands on as much data).

So don't count on its happening. For, of all of the answers to my questions, this one was most telling: Customers will find similar, if not identical, practices at all technical support divisions across the industry. I suspect that this was meant as a defense of Apple's policy, but I read it as an indictment, for two reasons. First, Apple views all of this as technical support and not customer service. And from a corporate perspective, the former is a burdensome cost to be minimized. And second, the Everybodys doing it rationale has never been a sound argument for justifying one's actionsnot with drugs, not with quasi-legal accounting practices and not with illogical customer service or privacy.

But, Apple's right. Everybody is doing it. I can't believe we customers put up with it online when, if it happened at the grocery store, we'd throw the ham across the counter and tell the guy asking for our personal information where to go.

Tell me your stories about privacy and online customer support at sberinato@cxo.com.

Post-Script: While waiting for responses to the PR query, after I had tried phone support, I sent my request for support online, which required me to log in first and, therefore, included much of the same personally identifying information up front I would have had to provide over the phone. It provides no enhanced privacy and I don't plan to use it again. My account was credited with 99 cents but, as far as I know, the problem with the song has not been resolved.

RESOURCE CENTER