Privacy and Security in the Age of Electronic Customer Relationship Management

Introduction

New technologies have fostered a shift from a transaction-based economy, through an Electronic Data Interchange (EDI) informational-exchange economy, to a relationship-based Electronic Commerce (EC) economy (Keen, 1999). We have moved from “first order” transactional value exchanges through “second-order” informational value exchanges to “third-order” relational value exchanges (Widmeyer, 2004). Three important types of EC relationships have been identified: between enterprises and customers (B2C); between enterprises (B2B); and between customers (C2C) (Kalakota & Whinston, 1996). Additional relationships between Governments (G2G), enterprises (G2B), and customers (G2C) have become more important as EC and e-government have matured, and legislation, regulation, and oversight have increased (Friel, 2004; Reddick, 2004); however, these are not the focus of this article. Relational value exchanges have become central to success and competitive advantage in B2C EC, and it is here that we focus on privacy and security in the age of virtual relationships.

Both enterprises and customers must carefully manage these new virtual relationships to ensure that they derive value from them and to minimize the possible unintended negative consequences that result from the concomitant exchange of personal information that occurs when goods and services are purchased through EC. The need to manage these relationships has resulted in the development of Electronic Customer Relationship Management (e-CRM) systems and processes (Romano & Fjermestad, 2001-2002). E-CRM is used for different reasons by enterprises and customers. It is important to understand how and why both of the players participate in “relational value exchanges” that accompany the economic transaction and informational value exchanges of EC.

Enterprises use e-CRM to establish and maintain intimate virtual relationships with their economically valuable customers to derive additional value beyond that which results from economic value exchanges to improve return-on-investment (ROI) from customer relationships.

Customers obtain goods, services and information (economic value) through EC for purposes such as convenience, increased selection and reduced costs. EC requires customers to reveal personal information to organizations in order for transactions to be completed. The exchange of information between customers and organizations leads to the possibility of privacy violations perpetrated against the customer. It is the responsibility of the organizations to provide privacy policies and security measures that will not endanger customer trust.

In this article, we present a series of models “sphere of privacy model,” “sphere of security model,” “privacy/security sphere of implementation model,” and then integrate them into the “relational value exchange model” to explain privacy and security in the context of e-CRM, from the perspective of both customers and enterprises, to provide guidance for future research and practice in this important area. It is important for both customers and firms to understand each others’ vested interests in terms of privacy and security, and to establish and maintain policies and measures that ensure that both are satisfactorily implemented to minimize damage in terms of unintended consequences associated with security breaches that violate privacy and lead to relationship breakdowns.

The remainder of this article is structured as follows: First, we explain why privacy and security are critically-important issues for companies and customers that engage in EC, and the consequences that can result from failure to recognize their importance or poor implementation of measures to ensure both for the organization and its customers. Second, we define privacy and security and their interrelationship in the context of CRM. Third, we present our relational value exchange model for privacy and security in e-CRM.