Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Why don't retailers care more about how they handle your personal information?
George V. Hulme, Contributing Writer
June 24, 2008
3 Min Read
Why don't retailers care more about how they handle your personal information?Last Friday, I'm running down a deadline and one of my personal mini-nightmares came true: I realized my stash of Nicorette gum is empty. While I managed to quit smoking about 10 months ago, I've yet to wean myself off the gum that's helped me to get here. An immediate replenishment was in order.
So I dash to my closest Nicorette dealer, which happens to be a Target just about a quarter mile from my town home. I happily find the cinnamon-flavored gum I prefer, and head to the register.
Now, during checkout, the cashier asks to "see" my driver's license. Alright, since I've been carded before buying controlled substances, I figure she needs to check my age.
Before I have a chance to realize exactly what's going on, the cashier swipes my driver's license through the register. The machine then kicks and spasms out my receipt. Whoa!
I inquire, "What information, if any, was captured from my license?"
I get that deer-in-the-headlights what-ya-talk'n-bout glaze. She'd never thought about, or was apparently never asked, why she was physically scanning driver's licenses.
"You asked to 'see' my license, but you swiped it. Big difference," I say.
She looks at my receipt and says that maybe they're tracking it for Health Savings Account purposes.
I'm not buying it, but it's clear the cashier wasn't trained or hadn't been properly explained to by management about what, if anything, is being captured when the license is swiped.
In case you're wondering why I'm concerned, the answer is simple. Retailers, many of them, have proven quite incompetent when it comes to protecting credit card and other personally identifiable information, or PII. Just think TJX, Hannaford, BJ's Wholesale Club, and many others. So forgive me if I have a negative bias toward retailers and their ability to adequately secure PII, such as what might have been scanned from the driver's license.
And there's no way I want my name, address, and possibly license number captured and stored anywhere near my American Express account information.
If a retailer is going to scan someone's driver's license through a computer, in which it is possible to capture and store any personal information, cashiers should be trained to accurately explain what information, if anything at all, is being captured. It's possible the register didn't capture anything at all, just simply validated age. But I'd like to know.
So that afternoon I called Target's press office and left a voice mail inquire. No response yet -- three days later. I also e-mailed the customer service department and asked why the license was scanned, what information was examined, what information was stored, and for how long.
Here's the response:
"Thanks for asking why your ID was scanned when you were purchasing Nicorette gum. Our guests are required to provide ID when purchasing any nicotine-cessation product, such as Nicorette.
Our cash registers will require our store team members to ask for a form of identification, so the system can verify age. Target Legal requires this prompt because products containing nicotine are legally regulated just like cigarettes. We appreciate your feedback and will be sure to share it with our Store Operations team.
Thanks for shopping with us. I hope we'll see you again soon at Target.
Verifying age for a regulated product is fine. But you don't need to have the register scan the license to do so. It's printed clearly and perfectly legibly on the license. And still no answer to my inquiry on what information, if any, was captured.
And I never once had my license scanned while buying a pack of smokes, anywhere.
So am I overreacting, or would you appreciate retailers being able to explain what they're doing with your information to you? I'd like to hear your opinion.
About the Author(s)
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
You May Also Like
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Unbiased Testing. Unbeatable ResultsFeb 22, 2024
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics