By Jay Cline, CIPP
When the nation's largest consumer-electronics retailer in 2003 decided to transform from a product-focused to a customer-centric company, privacy manager Sara Wood knew her job description had just changed. With a company-wide mandate to know more about customers in order to serve them better, Wood banked her new strategy on getting the privacy message out to all employees. Five years later, Best Buy is a case study in maintaining a continually refreshed employee-awareness program for data privacy.
"We look at each and every employee as an integral component of keeping our customers' personal information protected," Wood told Inside 1to1: Privacy.
To understand the importance of this strategic shift, some background on the company is needed. Best Buy got its start as a Sound of Music store in St. Paul, Minnesota. Founded by current chairman Richard Schulze in 1966, the music retailer grew slowly. The company's fortunes changed in 1981, however, when a tornado hit one of its dozen stores. The chain subsequently ran a "tornado sale" of steeply discounted products that was so successful it prompted a new business concept and name change for the company. The new Best Buy Co., Inc. became an instant hit, selling electronic products at the guaranteed lowest-price available.
Today, Best Buy employs 140,000 at more than 1,100 stores across the U.S., Canada, and China, and generates more than $40 billion in annual revenues. Best Buy's Geek Squad brand boasts 12,000 technicians who drive their distinct black-and-white Volkswagen Beetles to homes and small businesses to set up and secure their IT environments. Best Buy for Business, the company's recent foray into business-to-business sales of electronic goods and services, is also growing.
"Our core strategy of customer centricity is premised upon our belief that we can serve our customers better and provide them better value by learning more about them," said Todd Hartman, Best Buy's chief compliance officer.
"The success of that strategy depends on our continually earning our customers' trust through sound privacy practices," he added.
Early into its deployment of customer centricity, the company analyzed its transaction records and supplemented the information with purchased demographic data. Its goal was to better target its product and service selection to meet the lifestyles and needs of customers. At the same time, Best Buy launched a loyalty program, RewardZone, creating a new channel to maintain ongoing relationships with customers. Today, field employees are encouraged to get to know customers and their needs, instead of simply pointing them to the right aisle.
With this increased interaction with customer information, Best Buy also evolved in its thinking regarding the best placement for its privacy function. Originally situated within the company's marketing team, Hartman for the past two years has overseen the privacy group in his role in the company's General Counsel's office.
"We were among the first traditional retailers to make privacy a strategic business priority," Hartman explained. "As the company's business has evolved, the importance of privacy to our customer promise has only increased."
A light-bulb moment for Hartman and Wood came when a customer complained that Geek Squad employees had inappropriately viewed photos on the customer's laptop brought in for servicing.
"We learned from our customers that from a privacy perspective, their photos and music files were as or more important to them as their credit-card numbers or driver's license numbers," Wood said.
Following the complaint, Best Buy overhauled its data-retention and handling controls for customer devices, and educated its field staff on the company's enhanced privacy standards. A recent secret-shopper test in the Los Angeles area sponsored by a local TV station scored Best Buy as the only retailer to properly handle a computer brought in for servicing.
Hartman credits Wood's ongoing awareness program as being instrumental in that outcome. Branded with the motto "Know It - Respect It - Protect It," the program features internally produced computer-based-training modules; in-person training sessions; a video displayed on the company intranet and campus TV monitors; other materials distributed through internal publications and Web sites; and a mascot named the Protector.
After initial success with the program, however, Wood noticed a drop-off in participation rates in the e-learning modules. Internal queries revealed the content needed to be refreshed. Best Buy's field employees, which comprise 98 percent of its workforce, are young and have a high turnover rate, underscoring the need for a continually refreshed awareness program.
As a result, Hartman and Wood now undertake a more formal annual process to renew their awareness program, surveying corporate and field employees for their views and needs, and choosing new channels to convey the information.
So what's next on Best Buy's privacy agenda?
"We're consolidating elements of our privacy awareness programs with our information security and confidentiality programs," Hartman explained, "to help bring more resources and visibility to our common messages."
"Employees often find these topics confusing and duplicative. We believe we can leverage the current success of our privacy program to create unified messages that will coach our employees more efficiently and effectively."
Cline is President of Minnesota Privacy Consultants