Customer Lawsuits: Best Avoided

Providing timely, reassuring and comprehensive customer service has been an axiom of good business for as long as people have been doing business.

The inability of a business to provide competent, secure customer service is damaging to more than just revenues. Besides the direct monetary losses that come with customer lawsuits, businesses typically end up having to belatedly invest in employee training, security and information systems upgrades, all the while trying to stem what often turns out to be a customer exodus.

Business managers can find themselves faced with an insurmountable crisis of confidence and credibility, steadily eroding in-store and online traffic and flagging sales.

The Case of the Lost Laptop

Recent examples illustrate the extent of monetary and collateral damage that can result from poor customer service. Best Buy, for instance, now finds itself the defendant in a US$54 million lawsuit brought by a customer whose laptop was lost after bringing it in for servicing.

The possibility that personally identifying information (PII) and private credit card and financial information was compromised figures into the size of the claim. “The biggest change in recent months is the contribution that laptop computers are making to the identity theft challenge,” opined John Livingston, CEO of Absolute Software. “Consumer laptops are generally laden with sensitive banking information and other valuable files. Corporate laptops may carry this information on thousands or millions of consumers — making them especially valuable targets for identity thieves.

A $54 million lawsuit is large enough even today to gain the attention of the media and public.

“I think this case will end up being settled for a substantially less amount. The $54 million damage was clearly a way to bring the jurisdiction of a high court and press attention; the plaintiff in this case even said it,” Martha L. Arias, director and senior editor at IBLS, told CRM Buyer.

Customer Service and the Courts

Small-claims courts typically only review cases where the amount involved is less than $5,000, Arias explained. “The amount of a claim may determine the court jurisdiction in certain cause of actions. Is this inadequate? No, those are appropriate considerations to determine court jurisdiction, as envisaged by legislators.

The legal system has some rules aimed at preventing frivolous claims, but the rules are difficult to apply in cases, such as the Best Buy lawsuit, where the plaintiff is ostensibly acting on his or her own and where some genuine grievance exists, she continued.

“It is interesting to see how a plaintiff may bring more attention to his case by inflating the amount involved. We all love to hear about million-dollar cases; and of course, only high courts can hear them.”

Businesses need to be increasingly vigilant, in any event, as a normal course of doing business and providing customer service, maintained Kirk J. Nahra, a partner specializing in privacy and information security law and issues with Wiley, Rein LLP in Washington D.C.

If something does happen, then the company must take appropriate action, Nahara said.

“One of the biggest obligations and necessities for a company is to have an effective mitigation plan, which not only fixes the potential harm, but takes steps to make sure the harm does not happen again.”

Telemarketing Service and DNC Registries

Telemarketing, whether by phone or e-mail, is part and parcel of retailers’ marketing efforts, and retailers have increasingly turned to outsourcing their efforts to specialist service providers. Whether running their own or outsourcing them to third parties, businesses are accountable for the quality of such services as well as for any commercial violations and criminal activities that result.

The list of fines associated with violations of state “Do Not Call” (DNC) provisions, for example, continues to grow, James Wilson, vice president of direct sales at DOW Networks, told CRM Buyer.

FCC fines against AT&T in 2004 and again between October and November last year account for a large percentage of the DNC fines, according to Wilson, though all businesses operating call centers can and need to assure themselves that they or their third-party service providers do not violate them.

The Department of Justice, acting on behalf of the Federal Trade Commission, in November imposed penalties totaling $7.7 million against businesses for contacting people on the National DNC Registry. Six cases — involving ADT, Ameriquest Mortgage, Craftmatic, Guardian Communications and their associated partners — have been settled, while a seventh is to be filed in a federal district court.

Craftmatic and three of its subsidiaries incurred the second-largest civil penalty — $4.4 million — while ADT and two of its authorized dealers agreed to pay a total $2.045 million. Ameriquest agreed to a $1 million fine in addition to ensuring that all its lead generators would disclose to contacted parties what would be done with the information they gave.

“Consumers have made clear that they greatly value the Do Not Call Registry, and they must be able to depend on its privacy protection,” said FTC Chairman Deborah Platt Majoras in a statement. “By bringing enforcement actions like those announced today, we will ensure that the small number of bad actors pay a price for not adhering to the law and respecting consumers’ privacy requests.”

Call centers can buy the DNC list, but telecom service providers like Dow Networks offer solutions such as its Scrubber Service to call center operators and the businesses they represent that verify that internal DNC lists match up to the latest state and national lists.

“Some companies legally update their list every six months to keep as many as possible on the list. If John Q. Public were to sign up for the DNC and Satellite XYZ downloaded the list the day prior, then legally Satellite Reseller XYZ can call John Q, Public for five months and 29 days,” he explained. However, new DNC members are encouraged by the FCC to report any infraction, he added.

Protecting Private Customer Data

Protecting customers’ private and personally identifying information is a distinct and crucial aspect of customer service operations. The potential loss of personally identifiable information and possibility of subsequent ID theft and fraud, along with moving the case into a higher profile higher court, was a big factor in upping the claim in the Best Buy lawsuit.

Companies that fall victim to a data breach typically wind up having to take remedial action, investing in security and information systems upgrades, after damage has already been done.

Just recently, Hannaford Bros. notified regulators that debit and credit card information from as many as 4.2 million customers had been compromised as they checked out their purchases as a result of malware that had been running on the retail chain’s servers for at least three months. So far, nearly 2,000 cases of fraud have been traced back to the breach.

Generally speaking, customer service is governed by state law and the specific type of business, IBLS’s Arias noted.

“At a state level, data breach cases may find a cause of action under tort laws (negligence claims) and/or under state Breach Disclosure Statutes. Yet some specific jurisdictions have rejected tort liability claims following a data breach. Regarding breach disclosure statutes, not all jurisdictions provide a right to cause of action when a company fails to notify data breach events to its customers.”

The issue is even less clear at the federal level, she continued. “I dare to say that the Federal Trade Commission Act of 1914 is the federal law with most uniform customer service rules in the United States. The FTA applies to any type of business regardless of their activity or physical location.”