The home improvement chain also said the malware responsible for the breach has been removed from all stores.
(Page 2 of 2)
In addition, Comerford says he's concerned that Chrome also allows users to block all third-party cookies. That includes cookies that allow a retailer to target a shopper who leaves its site with relevant ads when the shopper goes to another web site, and cookies set by service providers to recommend products to a consumer on a retail site based on the products she's viewed. Google did not return a request for comment, but a person familiar with Chrome said its blocking of third-party cookies does not distinguish between cookies that support web site services such as product recommendations and those used to target advertising.
Meanwhile, Microsoft Corp. earlier this year took cookie controls to a new level when it announced that its newest Internet Explorer web browser, IE10, now in a preview release, comes with a built-in do-not-track feature. This feature automatically requests web sites to honor do-not-track requests unless turned off by users.
Unless a user of IE10 opts out of the feature, the browser automatically sends a do-not-track request to the web sites reached with the browser. Site operators are then expected, but not legally required, to deactivate tracking cookies for that consumer. Microsoft makes available through Internet Explorer "tracking protection lists" that let consumers block or accept cookies from individual web sites, including hosted services that provide web site content such as recommendations as well as targeted ads, according to Microsoft.
Mike Zaneis, senior vice president and general counsel for the Interactive Advertising Bureau, a trade group for online marketers, says that IE10's do-not-track requests won't be widely honored by web sites without a law requiring such action. But the advertising industry contends Microsoft's move, by making do-not-track requests common unless consumers override them, could pave the way for broad cookie blocking and deletion if pending and complementary federal legislation is passed requiring web sites to honor do-not-track requests. Microsoft's chief privacy officer, Brendon Lynch, counters that IE10 is designed to provide consumers the control over privacy they want while using the Internet, and that this can only improve the overall experience consumers have on the web.
Shamo of Zappos says an increased focus on online privacy could lead more consumers to become more acquainted with browser controls that act against cookies, but he asserts that consumers would have little desire to block or delete cookies if marketers avoid pushing behavioral marketing too far with highly personal ads, particularly ones shown to consumers repeatedly.
"If marketers just think about how to improve the user experience, privacy regulation wouldn't be required," Shamo says. "It comes down to that people want to see offers for relevant products, without the ads getting too personal and creepy."
Targeting ads in the race to the White House
When it comes to targeted online marketing, few organizations know more than the reelection campaign of President Barack Obama—except, perhaps, challenger Mitt Romney.
"Obama's campaign used digital micro-targeting very effectively in the last election, and we're seeing even more of it this year," says Mike Zaneis, senior vice president and general counsel, public policy, at the Interactive Advertising Bureau, a trade organization for online marketers.
The IAB, in a white paper released last month titled "Big data delivers on campaign promise: Microtargeted political advertising in Election 2012," cites estimates from Borrell Associates that election campaigns in the United States this year will spend about $160 million for online advertising. That's a tiny portion of total political ad dollars of $10 billion, but more than a six-fold increase over the $22.2 million spent on web ads in 2008.
And what do Obama, Romney and others get for all that spending on Internet ads? They get sophisticated campaigns that combine data from multiple online sources—including how often someone has visited an Obama or Romney campaign web site, the political views he's expressed publicly on Facebook or Twitter, and his interests in consumer products and services, the IAB says. The campaigns then mash that all up with data from offline sources, such as the individual's congressional district and the polling location where he votes.
The campaigns can then target consumers with fundraising pitches or requests to volunteer in get-out-the-vote efforts. Or they can combine them with helpful information, such as the location of an individual's voting location, so that when a voter surfs the web Nov. 6, he sees a candidate's ad telling him where to go to vote.
The tracking and targeting typically begins when an individual first visits a candidate's web site, triggering the placement of a software cookie in her web browser and enabling the candidate's campaign to serve up ads to the individual on other sites in an advertising network.
Neither the Obama nor the Romney campaign returned requests for information about their targeted online marketing campaigns. Buxton Co., a Fort Worth, Texas, digital marketing firm that has done work for Romney, declined to be interviewed.
The IAB's white paper notes that political campaigns shy away from using personally identifiable information from consumers who haven't agreed to provide it. But it also asserts that political campaigns may still need to learn how to better balance consumers' concerns about online privacy with their goals in targeted online marketing. It notes that a study by the University of Pennsylvania's Annenberg School for Communication last summer found that 86% of consumers prefer not to receive political ads tailored to their personal interests.
Perhaps the big winner on Election Day will be the candidate who manages to strike the right balance between privacy and targeting. It's a strategy retailers should consider in efforts to win over loyal customers.