Loyalty programs under fire in California

The National Retail Federation (NRF) and the California Retailers Association have asked state officials to preserve customer loyalty programs, protect businesses from potentially ruinous financial penalties, and address other provisions of a new privacy law set to take effect next year that could interfere with consumers’ expectations for customer service.

“Data drives retail and the customer experience,” said NRF Senior Vice President for Government Affairs David French. “Retailers are firmly on the side of consumers and collectively spend billions of dollars each year to enact policies and build systems to protect personal information. But we believe the California law will have far-reaching effects that will interfere with retailers’ ability to offer the customer service Californians demand.”

NRF and CRA today submitted comments to Attorney General Xavier Becerra as the state Department of Justice prepares to draft regulations for implementation of the California Consumer Privacy Act. The law, which was passed last summer and is scheduled to take effect in January 2020, places restrictions on how retailers and other businesses can collect and use information about consumers. The letter emphasized that retailers gather data about consumers primarily to better serve them, in sharp contrast to other industries that gather consumer data primarily to monetize it by selling it to other businesses.

According to NRF, the new law may saddle businesses with penalties of between $100 and $750 per consumer per data breach incident, resulting in “enormous and financially ruinous damage awards without regard to the size of the business, the circumstances of the breach or mitigating factors such as the good faith or level of cooperation of the business,” NRF and CRA said in the letter to Becerra. Companies that are breached are “not malicious or reckless bad actors but rather are the victims of often highly sophisticated financial fraud and computer crimes,” according to NRF.