Does Data Impose A Duty?

In this Dec. 20, 2008 file photo holiday shoppers make their way through the Northshore Mall in Peabody, Mass. Fallout from the dismal holiday sales season promises to have a lasting impact on how the retail industry operates. (AP Photo/Lisa Poole, File) AP Photo/Lisa Poole, File

This column was written by Evan Schuman, the editor of StorefrontBacktalk.com, a site that tracks retail technology, e-Commerce and security issues. Retail Realities will appear each Friday. Evan can be reached at e-mail and on Twitter.



Macy's recently sold some 2,900 children's necklaces labeled as "lead, nickel free." It turned out that the necklaces were anything but lead-free, with one federal report saying that lab results showed the necklaces as containing "high levels of lead." Macy's then removed the necklaces from their shelves.

The Los Angeles District's Attorney got involved and accused Macy's of misleading the public, which is a criminal misdemeanor. In the course of routine research on the case, the D.A.'s office subpoenaed Macy's to gather the names of anyone they sold the necklaces to so that the D.A.'s office could, among other things, contact those consumers to make sure that they stop their children from playing with the potentially lethal toys. Macy's refused-and is scheduled to defend that refusal in court next week (May 18) and therein lies the tale.

It's a tale of testing the uncharted legal limits of how much retailers can use payment and loyalty card information they collect and whether government agencies and courts can force them to do other things - possibly against their own interests - with it.

Put another way, does data impose a duty? If a retailer is collecting an ocean of facts about consumers to sell them more soap or to get them to buy a more expensive refrigerator, can they be forced to use that information to tell them about a recall or to help find a missing child or to even make sure that a doctor's orders are being followed?

In the Macy's case, the $25 billion 850-store chain using both the Macy's and Bloomingdale's names argued that it couldn't let the D.A. contact those parents because it would a be a violation of the customers' privacy.

"Macy's promises its customers to keep their personal information confidential except in certain limited circumstances. Macy's customers therefore have a reasonable expectation that any identifying information collected and retained by Macy's as a result of their purchases will be kept confidential and not disclosed unless Macy's is compelled to do so by proper legal process," wrote Macy's attorney Donald Etra.

"As the privacy concerns of third parties is high and the usefulness of the documents to the people's prosecution of the false advertising claims against Defendants is non-existent, production should not be required."

It's a new twist to the privacy argument, in that it's unlikely that most of the impacted consumers would object if they were alerted that they have children's jewelry with potentially toxic lead levels. How many of them would consider such contacts to be privacy violations?

The D.A.'s office, not unexpectedly, sees the matter rather differently.

"Macy's is attempting to conceal from customers the fact that it sold them lead-contaminated jewelry for their children," wrote Los Angeles Deputy District Attorney Daniel Wright.

Given that prior judges have ruled that a benefit to consumers is helpful in establishing the need for a subpoena to overcome retail privacy policies, Wright told Superior Court Judge Fred Rotenberg that "it is hard to imagine more of a benefit than allowing Macy's customers to take a toxic substance away from their children. (Macy's) is playing a dangerous game of hide the ball and the only one who loses are the children it puts at risk."

The government also pointed to an earlier case involving Macy's and lead-lined jewelry, in an attempt to support their argument that there's reason for a jury to believe that Macy's knew or should have known that the necklaces contained lead and that they were mislabeled. The D.A.'s office and the state of California said an earlier case in California established that "Macy's has repeatedly sold lead-contaminated children's jewelry and shows that Macy's was fully aware of the problem, the danger it poses, yet did nothing. Macy's previous prosecution by the Attorney General only shows that Macy's knew, or by the exercise of reasonable care should have known that children's jewelry it sold was not `lead free.' Macy's (earlier) prosecution is also a prior bad act and shows a common scheme or plan to sell lead-contaminated children's jewelry."

That earlier case began in 2004 when California accused a lengthy list of major retailers - including Macy's, Wal-Mart, Burlington Coat Factory, J.C. Penney, Kmart, Nordstrom, Sears, Forever21, Kohls, Walgreen, Target, QVC, Saks, The Gap and Toys R Us - of selling lead jewelry to children and not labeling it as containing lead. That case was settled in 2006 with the retail defendants paying substantial fines to the state of California.

Those details aside, the case is getting closely watched because of the broader legal implications. Some chains -including Costco, Price Chopper and Wegmans -have already started to contact customers if items they purchased are later recalled. One Washington state grocery chain is using payment data to contact customers if there is even a price drop on something they bought, days after they bought it.

But can retail chains be forced to do things that help consumers if those chains paid money to gather the information for pure profit purposes?
In the Macy's case, can the chain be forced to turn over customer information even if - as Macy's fears - it might make it easier for those customers to sue Macy's? If that door is opened, how far could it go?

Police sometimes try tracking down suspects - and missing persons - by looking for shopping patterns. For example, a criminal might try going totally dark, relocating under an alias and stop using cellphone and credit cards. But if that criminal likes to buy coconut-scented Prell shampoo, bok choy, mustard-flavored cereal and Mountain Dew, that pattern in point-of-sale records could serve as a detection method.

Or insurance companies might want to if any of their alcoholic customers are buying whisky? You could go one step further: Are heart attack patients purchasing high-cholesterol food?

As retailers become more digitized and consumers voluntarily give them more information in-person and on the Web, these issues are going to get more complex. And a judge next week is going to try and start figuring out limits.
By Evan Schuman
Special to CBSNews.com

  • CBSNews

Comments