Cast your mind back to the mid 1990s. Assume you wanted to go to the rugby. To get your tickets, you would have physically gone to a ticket office, or phoned the office and given them your credit card number.
The slow-moving, manual nature of these transactions meant that there wasn’t a lot of opportunity for those in the ticket office to collect information beyond what they needed to sell you your ticket.
Fast forward to 2016 and things are different. Not only can you buy rugby tickets online, the time savings and diminishing cost of storing data have given organisations a much greater ability to collect and use data about their customers.
This was the experience of someone who made an enquiry to our office. He had been trying to buy tickets online to an All Blacks game from NZ Rugby. The system would not let him purchase a ticket without registering as a member of “Team All Blacks,” which required information such as his name, email address and birth date.
He did not want to part with this personal information, but did not see a way he could purchase tickets without doing so – so he called our office for advice.
Priv-o-Matic to the rescue!
From a legal point of view, this is not necessarily a problem, as long as the business explains what information they are collecting and what they will use it for. NZ Rugby did this through a privacy statement, which they had recently reviewed with the help of Priv-o-Matic, our online privacy statement generator. This meant that they were legally covered; people could choose not to part with their information by choosing not to buy tickets online, and instead buy tickets over the phone or in person without joining “Team All Blacks”.
Some best practice points
But there’s more to privacy than just legal rules. Following good privacy practice can be a sound business decision as well. Consumers are becoming increasingly aware of privacy in their buying decisions, so businesses with the best practices can get a relatively cheap advantage over their competition.
We gave NZ Rugby a couple pieces of advice:
1) We advised against collecting exact birth dates, as we were concerned that this particular piece of personal information increased the risk of identity theft in the event of a data breach.
2) We advised that NZ Rugby should give people an easy way to buy tickets without sharing their personal information. This option was already available – by buying tickets on the phone or in person – but their website didn’t make it obvious that this was the case. We suggested that they add a note telling people that they have this option.
NZ Rugby has indicated to us that they are happy to work towards implementing these suggestions to help improve the experience of fans. We were pleased to be able to help an organisation offer its customers more choice when it comes to privacy and personal information.
Photo credit: Archives New Zealand via Flickr