top of page
  • Writer's pictureMaris Miranda

Santa is not the only one making a list: Privacy concerns on customer loyalty programs

You are not only spending away money this holiday season—you are giving away much more than that.

When you stroll around the mall then the radio crackles and you hear the all-too-familiar song that lulls you into the holiday blues—Jose Mari Chan, a Filipino Christmas icon, singing in the background—you know that the holiday season is here.

Filipinos love the holidays because it brings a certain feeling of lightness and happiness… and because of sales and discounts everywhere. People start flocking in malls and grocery stores to beat the holiday rush. A swipe here, a scan there. Indeed, it is one of the best times to accumulate points in your rewards cards.

Why are we suckers for customer loyalty programs?

Image source:

There are different types of customer loyalty programs (CLP)—points-based, loyalty card, reward-partnership, non-monetary, tiered, game and gift card—but they all aim for the same things: a higher retention rate and a higher profit for businesses by collecting and analyzing tons of our data. Almost all businesses have this program.

Armed with the power of predictive analytics and machine learning, companies can analyze customers’ spending behaviors and create customers’ profiles to predict their needs and provide them with customized services and advertisements. Most customers think that this a win-win situation: companies profit from their data and they get to enjoy the perks.

The possible harms of the overzealous collection of personal data by these companies may not be a cause for concern for many of us, as long as we are satisfied with what these companies have to offer…or until we experience firsthand the downside of the trade-in.

The trade-in

A lot of people may find CLPs helpful and convenient, especially given the amount of money one can save, but there are a few more things we need to uncover before we can say that there’s nothing wrong with CLPs:

1. Companies can track and profile you. To create an account or avail of a reward card, you need to provide the company some personal data like your full name, sex, address, contact details and data of birth. However, the list of data you provide does not end there. Like Santa’s naughty and nice list, companies also categorize you based on your purchases. The more you purchase something from the company, the more information it gathers about you (e.g., your preferences). It uses these information to paint a picture of who it thinks you are based on its own algorithms so it can provide you with targeted marketing materials.

Perhaps the example most often cited to prove this point is Target’s case wherein it revealed the pregnancy of a teenager to her father when it sent coupons for baby items to their home. It turned out that Target was successful in identifying the products that most expecting mothers purchase.

A note of caution: accuracy cannot always be guaranteed.

2. You do not know where your data ends up. Companies share (sell) your data to their subsidiaries, affiliates, service providers, and other third parties not only for profit, but also to develop a more accurate profile of you. This means that other companies which you have not transacted with most likely have your data, as well. You are kept in the dark as to the extent of what they do with your data.

The images below are three groups of companies to give you an idea how vast data sharing can be in the local context:

Image Source:

Image Source:

MVP Group of Companies also includes iPlus, PLDT Global, Asian Hospital and Medical Center, Cardinal Santos Medical Center, Makati Medical Center, Our Lady of Lourdes Hospital, Davao Doctors Hospital and Dr. Pablo O. Torre Memorial Hospital. Image Source:

Contrary to the belief that people are no longer concerned about their privacy, a survey conducted by Rainie and Duggan (2016) revealed that customers who were already using a loyalty card still expressed concerns about data sharing with third parties and the unsolicited telemarketing calls they might receive.

3. Their privacy policies do not guarantee your privacy, and of the people you know. Privacy policies are meant to inform you how companies process and protect your data. But if you read between the lines, it also tells you that they have found ways to get what they want while making you believe that they will respect your privacy and of the people connected to you.

For instance, they use the Privacy Policy (or Terms and Conditions) as a consent form forcing you to agree to their unfair terms, including unnecessary access to personal data of people connected to you (e.g., when installing a mobile application, it requests for access to your contacts and photos when access to which are not required to run it). In most cases, the opt-out option is hidden in fine print or in several pages of legal clauses, or worse, is not available. Unfortunately, most of us are not aware of this because we do not read the lengthy legal texts.

4. Companies are not good with protecting your data. It’s no big secret how good companies are when it comes to data collection, but the data breaches happening left and right also tell us that they are not as good with protecting them. Depending on the data collected and accessed by a merchant, compromised data may include your directory information, credit card details, habitual whereabouts, wealth, behavior, interests and health information, to name a few.

According to a global survey conducted by Gemalto, 50% of consumers say that they are unlikely to do business with a company where their non-sensitive data had already been stolen, and 64% if it involves financial or sensitive data.

Should consumers shy away from CLPs?

Customized retail experience is not all bad. After all, it is part of customer care. However, companies should do well to remember that customer loyalty cannot be earned solely by giving discounts and promos, and that customers are humans, not commodities. Respect for customers’ privacy is fundamental in earning their trust and loyalty.

Another strategy that retailers may consider is Vendor Relation Management, a concept akin to Customer Relationship Management but in reverse. This allows consumers to regain control over their personal data via an online tool. Through this online tool, an individual can choose which third parties may access his/her data and reject access whenever preferred.

Meanwhile, you, as the consumer, should be at the forefront when it comes to protecting your data. When joining a customer loyalty program, make sure that:

  • you are aware of what you are trading-in for—the perks and all the nooks and crannies (e.g., selling or sharing of data) and that it is fair and acceptable to you;

  • you will only provide the required information and be conscious about providing optional ones (e.g., in application forms);

  • you perform a quick check on how well they protect their data (e.g., previous data breaches, if any);

  • your purchase is not a one-time thing. Otherwise, you will unnecessarily give away your data and increase your vulnerability to data breaches;

  • you always manage the security of your account, if any (e.g., changing of password, in mobile app); and

  • you are willing to hold these companies accountable should there be any data breach or other unlawful and unfair processing of your personal data.

With these in mind, spend away!

29 views0 comments


bottom of page