There are many ways a business can be exposed to risks and some of them can seem like great ideas.
While I visiting a retail location recently, I noticed this sign.
The agency’s commitment to resource conservation is commendable and their creative approach seems to empower all customers while lowering the social bar for encouraging participation.
My first thought, however, was to question what, if any, statement of use & protection of Personally Identifiable Information (PII) this organization has and why it wasn’t displayed or linked here.
Each text can become an incident of PII collection since, ostensibly, the initiator’s phone number is delivered to the recipient.
Publishing a QR code with a link to a statement on the collection, use, and disposition of such non-business critical data coupled with a corporate policy around the same seems a reasonable first step in protecting the business and the patrons who agree to operate in thee desired manner by texting when something needs to be addressed.
Without the internal policy prescribing process and even without the statement of how the data may be used or disposed of, customers are left without a clear statement by the business and, thus, any action may seem arbitrary. The customer is left to wonder if any approach is being applied consistently.