Target's (The Retailer) Swipe At PrivacyTarget's (The Retailer) Swipe At Privacy
Why don't retailers care more about how they handle your personal information?
June 24, 2008
Why don't retailers care more about how they handle your personal information?Last Friday, I'm running down a deadline and one of my personal mini-nightmares came true: I realized my stash of Nicorette gum is empty. While I managed to quit smoking about 10 months ago, I've yet to wean myself off the gum that's helped me to get here. An immediate replenishment was in order.
So I dash to my closest Nicorette dealer, which happens to be a Target just about a quarter mile from my town home. I happily find the cinnamon-flavored gum I prefer, and head to the register.
Now, during checkout, the cashier asks to "see" my driver's license. Alright, since I've been carded before buying controlled substances, I figure she needs to check my age.
Before I have a chance to realize exactly what's going on, the cashier swipes my driver's license through the register. The machine then kicks and spasms out my receipt. Whoa!
I inquire, "What information, if any, was captured from my license?"
I get that deer-in-the-headlights what-ya-talk'n-bout glaze. She'd never thought about, or was apparently never asked, why she was physically scanning driver's licenses.
"You asked to 'see' my license, but you swiped it. Big difference," I say.
She looks at my receipt and says that maybe they're tracking it for Health Savings Account purposes.
I'm not buying it, but it's clear the cashier wasn't trained or hadn't been properly explained to by management about what, if anything, is being captured when the license is swiped.
In case you're wondering why I'm concerned, the answer is simple. Retailers, many of them, have proven quite incompetent when it comes to protecting credit card and other personally identifiable information, or PII. Just think TJX, Hannaford, BJ's Wholesale Club, and many others. So forgive me if I have a negative bias toward retailers and their ability to adequately secure PII, such as what might have been scanned from the driver's license.
And there's no way I want my name, address, and possibly license number captured and stored anywhere near my American Express account information.
If a retailer is going to scan someone's driver's license through a computer, in which it is possible to capture and store any personal information, cashiers should be trained to accurately explain what information, if anything at all, is being captured. It's possible the register didn't capture anything at all, just simply validated age. But I'd like to know.
So that afternoon I called Target's press office and left a voice mail inquire. No response yet -- three days later. I also e-mailed the customer service department and asked why the license was scanned, what information was examined, what information was stored, and for how long.
Here's the response:
"Thanks for asking why your ID was scanned when you were purchasing Nicorette gum. Our guests are required to provide ID when purchasing any nicotine-cessation product, such as Nicorette.
Our cash registers will require our store team members to ask for a form of identification, so the system can verify age. Target Legal requires this prompt because products containing nicotine are legally regulated just like cigarettes. We appreciate your feedback and will be sure to share it with our Store Operations team.
Thanks for shopping with us. I hope we'll see you again soon at Target.
Verifying age for a regulated product is fine. But you don't need to have the register scan the license to do so. It's printed clearly and perfectly legibly on the license. And still no answer to my inquiry on what information, if any, was captured.
And I never once had my license scanned while buying a pack of smokes, anywhere.
So am I overreacting, or would you appreciate retailers being able to explain what they're doing with your information to you? I'd like to hear your opinion.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks