Customer Relationship Management (CRM) can be beneficial to both supplier and customer. The supplier reduces costs by offering only products that are wanted, when they are wanted, and he passes the cost savings on to the customer who signed up for the company's CRM. To implement such a system, extensive information about the customer must be collected and stored. The two concerns with regard to this system are customer privacy and the accuracy of the information collected.
Ethical issues originating with the collection of customer data for CRM are related to secure collection methods and to the verification of the information. Ethical companies ensure that sensitive information such as credit credit card numbers or medical histories are collected in a secure environment and transmitted back to the databases securely. During data collection, it is also critical to verify the identity of the customer and the accuracy of the information being submitted. High security for these functions is costly but ethically necessary.
Once customer data is safely in a company database, ethical companies adhere to four principles regarding storage. Data is only stored with the agreement of the customer. Customers must be able to view their data and either change their data or ask for it to be changed. Customers can withdraw from the program, and such a withdrawal causes their data to be erased. The ethics behind these principles are that the data belongs to the customer and the customer must be able to control his data.
Given that much of the customer data for CRM is sensitive, ethical companies ensure the data is kept private to the maximum extent possible. To achieve this, the company must store the data in a form or in a location not generally accessible. The data must only be consulted when necessary for the fulfillment of a CRM task, and only those employees who handle the data to complete the task are able to access the data. When sub-suppliers need to use the data, they must first commit to restrictions similar to what the CRM company has in place.
Since customers must be able to withdraw from the CRM program and since their data is then erased, the company needs a procedure in place for safely destroying customer data when it is no longer needed. While deletion from the database is initially sufficient as long as the database remains secure, data on obsolete equipment and equipment that changes status to non-secure is at risk. An ethical company has detailed policies and procedures for tracking and destroying data and keep accurate records of such activities.