I recently had the happy occasion of buying a co-worker a gift for her upcoming wedding. I visited one of the sites she had registered on, looked up her registry with ease, bought what I wanted, and then proceeded to go into the checkout process. As I was checking out, I was presented with options on where I wanted the gift shipped. Did I, for instance, wish it delivered to me, wrapped as a gift for me to take to the wedding, shipped to some other address, or have it delivered directly to the happy couple? Knowing how much fun it is to get presents at home, I selected to send it to my co-workers home. On the shipping screen, it simply showed the couples name with city and state so I could verify one last time that I was buying for the correct people. The site was clear that they were only showing the city and state to provide privacy to the 3rd party to this transaction (the couple). Clicking on, I paid for the order, got an email confirmation and was finished with the transaction within five minutes of starting.
So far, it had been a great cross-channel experience. I had used a registry to pick out items that they had selected in the store, and had them direct shipped to their home so they could unwrap at their leisure. The discordant note was struck when I got the shipping notice that the items I had purchased had shipped. When I opened that email up, under the “ship-to” information, I saw my coworker’s name, her full address, and home phone number. Disregarding the major privacy issue here, it’s clear that the vendors systems don’t operate under the same rules. One system protects, when needed, the Personally Identifiable Information (PII) of a consumer, the other does not appear to have such safeguards built into it.
While the eCommerce engine is set up to mask addresses, the fulfillment system most likely has never been set up to consider masking the address. Why should it? Its job is to get a package from the DC to the ship-to location. However, in the process of doing its job it inadvertently violated my co-worker’s privacy. In cases where there is a bad actor (to continue the wedding motif, say a jealous “ex” was able to get the PII and could proceed to harass the couple).
As channels become more integrated, and crossed, businesses would do well to take stock of their complete set of business rules (such as masking PII in gift registries), and verify that those rules do not lose their integrity through end-to-end transaction processing.