Building a customer base is time-consuming and expensive. Engaging existing customers is often easier and more profitable than acquiring new customers. In the US, email and other targeted marketing is a low-cost and high-ROI way to foster this engagement, which makes collecting customers’ email addresses (and other personal information) a high priority for marketers. But, marketers beware: laws in California and Massachusetts that limit the collection of email addresses (and other personal information) at the point of purchase are an increasingly popular source of class action legal risk. While the laws in California and Massachusetts are popular with plaintiffs’ counsel now, several other states have similar laws, applying to different categories of information (e.g., some state laws only apply to address and telephone number) and transactions and varying enforcement mechanisms (e.g., criminal penalties or state attorney general enforcement).
Key Takeaways
- Ensure that retail location staff understand that the collection of a customer’s personal information that is not required to complete a transaction must be the customer’s choice. Requesting a customer email address or other contact data during the purchase process – such as for tailored discounts and rewards – is permitted as long as the customer knows it is voluntary, i.e., not required to complete the purchase transaction. Further, to avoid errors and discourage claims clearly delineate subscriptions from transactions by separating sign-ups from purchases.
- Check that etailer (i.e., e-commerce stores) purchase transaction flows do not require additional personal information that is not necessary to complete the transaction and clearly disclose to customers what is and is not required.
- Beware of personal information collection by cookies, pixels and similar technology active on purchase transaction web pages.
- Implement written policies and procedures – whether online or off – to document what personal information collected is mandatory vs. voluntary.