Albertson’s Case Shows Hazards of Privacy Waters

I recently read in a DM News Article that Privacy Rights Clearinghouse, a nonprofit consumer advocacy group in San Diego, filed a lawsuit alleging that supermarket chain Albertson’s and its pharmacies violated consumers’ privacy by marketing to them on behalf of pharmaceutical companies without first receiving their consent.

In a nutshell, the lawsuit claims that Albertson’s and its pharmacy units Sav-On, Osco and Jewel-Osco were sending direct mail pieces and making calls in order to remind pharmacy customers that their prescriptions were about to expire, and urging them to renew those prescriptions. Sometimes they were urging consumers to switch to newer, more expensive drugs, according to the allegations.

The suit is a bit ironic given that Albertson’s was one of many grocers that resisted contacting its loyalty card customers — including those who may have purchased tainted beef — during the mad cow scare almost a year ago. According to an article in Information Week, Albertson’s cited privacy concerns as the main reason for its reluctance to contact customers.

One of the company’s “‘primary objectives is to protect our customers’ privacy, so we don’t want to jeopardize that,'” said Albertson’s spokeswoman Karianne Cole. This is another example of how difficult it can be for companies to navigate complex privacy issues.

I spoke with Beth Givens, founder and director of Privacy Rights Clearinghouse. Givens noted that an inconsistent application of Albertson’s pharmacy renewal and notification program can be a major impediment to consumer well-being.

“Many people take more than one medication. And it’s not uncommon for a pharmaceutical company to sponsor a reminder notice for one drug, but not for others,” she said. In other words, a patient might receive a reminder for their anti-depressant, but not for their blood pressure medication. “If the purpose of the program is to help the customer, then reminders would go out for all prescriptions.”

Albertson’s did not return calls requesting comment on this article.

Did Albertson’s violate HIPAA or another privacy law? Did it operate contrary to its own privacy policy? Were consumers misled or underserved? Most people would agree that if Albertson’s were to go against its stated privacy practices and sell its list of pharmacy customers to a drug company for the purpose of marketing to those customers, then the company probably would be in hot water.

However, that’s not what Albertson’s did. What the company allegedly did was far more subtle, and thus the legal implications are much less clear.

Frankly, the legal implications might be the least of its concerns. Not a single allegation has been proven in court, yet Albertson’s is clearly entering a difficult period regardless of the legal outcome. With that in mind, I’m not going to comment on the veracity of the claims of either side, but I am going to outline some potential consequences for Albertson’s.

Scenario 1: Completely innocent. Let’s assume for the sake of argument that every allegation Privacy Rights Clearinghouse made is false, and that Albertson’s will be vindicated. Unfortunately, by the time the truth comes out, Albertson’s will have spent a boatload of money in legal fees.

Moreover, guilty or not, its brand image will have taken a large hit. Allegations are usually printed on the front page, while retractions are often buried in the classifieds next to the tag sale ads. And in an environment where all pharmacies are created more or less equal, any negative press is likely to send some of its customers across the street.

Scenario 2: Enron part deux. Now let’s take the worst-case scenario. Let’s say it’s proven that Albertson’s took confidential customer prescription information, placed it into a database and then sold that data to pharmaceutical companies.

Then let’s say that the drug companies use that data to send mailings and place telephone calls to consumers reminding them to renew their prescriptions. And let’s say that these practices are found in court to be in violation of the law. The fallout of fines, legal bills, bad press and customer loss could be nothing short of devastating to the company.

Scenario 3: Middle of the road. Now let’s assume that the facts are somewhere in the middle. Maybe Albertson’s did send prescription reminders, and perhaps those reminders were financed by drug companies. Is that the same thing as selling consumer prescription data to the drug companies?

My point is that there’s a very subtle distinction between selling customer data to a third party and having that third party finance marketing campaigns to your customer lists. I’m not sure how Albertson’s alleged prescription plan differs from a traditional list rental situation. And even if Albertson’s is on the right side of the law, it will be in the unenviable position of defending its legal position at the expense of customer good will.

Consumers are not necessarily interested in subtle legal arguments if they feel that they’ve been misled or otherwise mistreated.

Bottom line. This is not the first time that a company will be taken to task on an issue of consumer privacy, nor will it be the last. Corporate marketing practices are under tremendous scrutiny these days.

A wave of transparency is going to be forced upon direct marketing, either through litigation, legislation, bad press or all of the above. This is why companies need chief privacy officers, and why the corporate privacy team needs to be inextricably linked to marketing.

Regardless of what happens to Albertson’s, of one thing I am sure. Sooner rather than later, a large corporation is going to be devastated as a result of a real or perceived privacy gaffe. Don’t let it happen to you.

Related Posts