IAPP-GDPR Web Banners-300x250-FINAL


By Jay Cline, CIPP

When the nation's largest consumer-electronics retailer in 2003 decided to transform from a product-focused to a customer-centric company, privacy manager Sara Wood knew her job description had just changed. With a company-wide mandate to know more about customers in order to serve them better, Wood banked her new strategy on getting the privacy message out to all employees. Five years later, Best Buy is a case study in maintaining a continually refreshed employee-awareness program for data privacy.

"We look at each and every employee as an integral component of keeping our customers' personal information protected," Wood told Inside 1to1: Privacy.

To understand the importance of this strategic shift, some background on the company is needed. Best Buy got its start as a Sound of Music store in St. Paul, Minnesota. Founded by current chairman Richard Schulze in 1966, the music retailer grew slowly. The company's fortunes changed in 1981, however, when a tornado hit one of its dozen stores. The chain subsequently ran a "tornado sale" of steeply discounted products that was so successful it prompted a new business concept and name change for the company. The new Best Buy Co., Inc. became an instant hit, selling electronic products at the guaranteed lowest-price available.

Today, Best Buy employs 140,000 at more than 1,100 stores across the U.S., Canada, and China, and generates more than $40 billion in annual revenues. Best Buy's Geek Squad brand boasts 12,000 technicians who drive their distinct black-and-white Volkswagen Beetles to homes and small businesses to set up and secure their IT environments. Best Buy for Business, the company's recent foray into business-to-business sales of electronic goods and services, is also growing.

"Our core strategy of customer centricity is premised upon our belief that we can serve our customers better and provide them better value by learning more about them," said Todd Hartman, Best Buy's chief compliance officer.

"The success of that strategy depends on our continually earning our customers' trust through sound privacy practices," he added.

Early into its deployment of customer centricity, the company analyzed its transaction records and supplemented the information with purchased demographic data. Its goal was to better target its product and service selection to meet the lifestyles and needs of customers. At the same time, Best Buy launched a loyalty program, RewardZone, creating a new channel to maintain ongoing relationships with customers. Today, field employees are encouraged to get to know customers and their needs, instead of simply pointing them to the right aisle.

With this increased interaction with customer information, Best Buy also evolved in its thinking regarding the best placement for its privacy function. Originally situated within the company's marketing team, Hartman for the past two years has overseen the privacy group in his role in the company's General Counsel's office.

"We were among the first traditional retailers to make privacy a strategic business priority," Hartman explained. "As the company's business has evolved, the importance of privacy to our customer promise has only increased."

A light-bulb moment for Hartman and Wood came when a customer complained that Geek Squad employees had inappropriately viewed photos on the customer's laptop brought in for servicing.

"We learned from our customers that from a privacy perspective, their photos and music files were as or more important to them as their credit-card numbers or driver's license numbers," Wood said.

Following the complaint, Best Buy overhauled its data-retention and handling controls for customer devices, and educated its field staff on the company's enhanced privacy standards. A recent secret-shopper test in the Los Angeles area sponsored by a local TV station scored Best Buy as the only retailer to properly handle a computer brought in for servicing.

Hartman credits Wood's ongoing awareness program as being instrumental in that outcome. Branded with the motto "Know It - Respect It - Protect It," the program features internally produced computer-based-training modules; in-person training sessions; a video displayed on the company intranet and campus TV monitors; other materials distributed through internal publications and Web sites; and a mascot named the Protector.

After initial success with the program, however, Wood noticed a drop-off in participation rates in the e-learning modules. Internal queries revealed the content needed to be refreshed. Best Buy's field employees, which comprise 98 percent of its workforce, are young and have a high turnover rate, underscoring the need for a continually refreshed awareness program.

As a result, Hartman and Wood now undertake a more formal annual process to renew their awareness program, surveying corporate and field employees for their views and needs, and choosing new channels to convey the information.

So what's next on Best Buy's privacy agenda?

"We're consolidating elements of our privacy awareness programs with our information security and confidentiality programs," Hartman explained, "to help bring more resources and visibility to our common messages."

"Employees often find these topics confusing and duplicative. We believe we can leverage the current success of our privacy program to create unified messages that will coach our employees more efficiently and effectively."

Cline is President of Minnesota Privacy Consultants


If you want to comment on this post, you need to login.


Related Posts


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»