"privacy is dead" by striatic
My wife and I were in a Target store this weekend, picking up some random items on our shopping list. We saw some good wine at a good price and decided to buy that as well. When we went to the check-out lane, the cashier said, “May I see your ID?”
All that seemed perfectly normal to us. But then the craziness ensued…
My wife showed the cashier her license, which was behind a clear window in her wallet. He said, “No, please hand it to me.” We both assumed he just wanted a closer look. Once he had it, he immediately picked up a barcode scanner and scanned the back of her drivers license. I asked him what that was all about, as I had never seen anyone do that before. Almost bragging that Target now knows, for example, exactly where we live, he explained that the scan “gets all the information off of the license.”
“All the information off of the license”!?!?!? Wait a second! To determine whether they can legally sell me alcohol, does Target need to know, and keep, and possibly sell, all of the following information:
- my full name,
- my address,
- my county of residence,
- my height,
- my weight,
- my eye color,
- my sex,
- whether I need corrective lenses,
- whether I can drive a car,
- my drivers license number,
- the classes of vehicles I am licensed to drive,
- whether the courts have placed restrictions on my driving,
- my license expiration date,
- my organ donor status,
- a digital copy of my signature (some State IDs),
- a digital copy my fingerprints (some State IDs),
- and, my date of birth?
No. They do not. They need to know whether I am of legal age to purchase alcohol. (I’m sure they capture this information as a C.Y.A., to prove they checked the ID, but this is waaay more intrusive than is justifiable by the minimum-age requirement.)
Would the average person agree to fill out a form informing Target of his or her organ donor status before conducting a transaction? I don’t think so. Companies try all sorts of enticements to convince customers to fill out profiles with this type of personal information, but Target has it figured out – it is much easier to just take it from the customer. What a fantastic collection of personal identifying information they must be collecting!
We were not asked whether we would agree to provide Target with this information. We were not told that special “2D” barcode on the back of the license (which we always assumed was for law enforcement) would be scanned, that the data would be collected, why all of the data was needed, and with whom they plan to share these details. Most importantly, we were not informed how Target plans to protect this information.
As a rule, we don’t give out unnecessary information to anyone. We are uncomfortable with businesses’ track record when it comes to the use and protection of their customers’ personal information. We are also upset with the take-it-without-informing-us approach Target used to get this unneeded personal information. What would the Consumerist do in this situation?
update, July 3, 2008:
An email to Target about this received no response.
Apparently other folks are unhappy about this:
Big Brother, Beer And Scanning Your Driver’s License Number
Why Did Target Scan My Driver’s License?
Target’s (the retailer) Swipe At Privacy
Your Driver’s License Is A Gossip
‘Target’-ing My Driver’s License
The Game Politic
Swipe, and
more…
update, August 26, 2008:
This story is a good example of why I do not want corporations to collect excessive amounts of information, and why I want to know how they plan to use and protect what they collect.
From Slashdot’s summary:
“…Best Western hotel chain has lost the personal details of each and every guest who has stayed at any of its 1300 hotels in the past 12 months. This amounts to details on 8 million customers and includes information such as name, address, credit card details and employment details. The data even includes future booking details, causing speculation that homes could be targeted for burglary when it’s anticipated they will be unoccupied.”
@gmail.com
Howdy from Oklahoma!
Great post and some darn good questions, ThruHike. I’m absolutely fed up with these corporations thinking they can push us around over a case of beer or a bottle of wine. Who do they think they are? Yet, you found my post and it has generated a lot of interest. I think more people need to start refusing to hand it over to the cashier. It’s an outrage and a serious invasion of privacy. Neither you nor I have any sort of information exchanging agreement with this private corporation out of Minnesota. Your post and the others you’ve linked here have got me fired up. Red Dirt Report is going to do some further investigating. Keep up the good fight!
By: Andrew W. Griffin on July 4, 2008
at 9:54 am
@ Andrew W. Griffin: I agree! Somewhere the balance, the respect for individuals, was lost. I’ll keep an eye out on your site for any updates! Thanks for stopping by, and for the comment.
By: Thruhike98 on July 4, 2008
at 11:11 pm
Ola, Thruhike. Great info about Target, but it causes no surprises here, as I had a round w/ them after Christmas. The Missus gave me an electronic accessory from there that was just absolute junk. We had kept every single receipt from our holiday purchases, except that one. They refused to even talk to me about it, and with an enormous amount of attitude to boot. I told them that me nor my family would return, and we haven’t. A nearby Walmart carried the same item, and needless to say, I was allowed to upgrade without fuss. People can joke about Walmart…
By: Sutfun on July 9, 2008
at 11:27 am
Ola Sutfun. They should know better than to mess with you – I’ve picked up on several savvy-consumer stories from you over the years. Good to hear from you!
By: Thruhike98 on July 10, 2008
at 10:38 pm
In many states the barcode has multiple layers, with one layer designed to inform whether the patron is of a certain age, like for purchasing alcohol, while a second (2-D) barcode can provide even more information. it is perfectly legal and acceptable to scan the ID to verify age. see this website for more info
http://schram.net/articles/barcode.html
By: bing on July 15, 2008
at 2:55 pm
This happened to me last week while trying to buy an “M” rated video game (for which there is no law requiring an ID check). I refused to let them scan my ID and they wouldn’t sell me the game. I went to a different Target to see if it was a store policy or a company one, and the same thing happened. While I was discussing the many reasons why I wouldn’t let them scan my ID, my wife noticed the register screen said “Enter birth date” with fields for entering the info.
The cashier said that wouldn’t work, but that she’d try it, and lo, my 36 year-old self was able to buy a video game.
So … if you’re in Target and this happens, just ask them to enter your birthdate. And…hold onto your ID.
By: Shawn FitzGerald on July 15, 2008
at 3:03 pm
@ bing: Thanks for the link. That’s interesting.
As for the legality, I’m sure it’s legal. I’d just like to know that they’re going to do it before it happens, what they get, what they do with the information after they get it, etc., so I can make an informed decision.
@ Shawn FitzGerald: I’m glad you posted this comment. I just read it on the Consumerist and was coming over here to link to it. This is good to know.
By: Thruhike98 on July 15, 2008
at 3:33 pm
Published on Consumerist.com. Thanks!
By: Thruhike98 on July 15, 2008
at 5:59 pm
Today, I purchased a game at Target, and the woman asked if she could ask my date of birth, and I semi-politely replied “No, you may not.” She smiled at me for a few seconds and I stood there thinking “I wasn’t being cute, the answer is no.”
She finally said she had to have my date of birth. I told her “Don’t I look old enough to buy the game?” (I am in my mid 30s – to some, I may appear younger than that, but surely I look older than 18.) She said that “this key won’t work anymore” and that she had to enter a date. So I made up a date.
The whole thing made me very unhappy.
When I got out to the car, I checked the game and the rating was “10+”. Hindsight being 20/20, I should’ve told her I was under 13 and thus the government wouldn’t legally permit Target to collect my birthdate. LOL
By: I_H8_Target_Now on July 16, 2008
at 6:19 pm
@ I_H8_Target_Now: I like your style. Good response! Thanks for the comment.
By: Thruhike98 on August 12, 2008
at 6:28 pm
I think you are reading way too much into this. Target Corporation is not actually collecting the information that is on your identification. The ID is scanned to keep track of exactly what ID is used to sell alcohol to any individual. Instead of ambiguity as to if an ID was faked, not eyeballed properly, or a human error made by a cashier, there is a digital record, that in the event of a police inquiry (for which a warrant would be needed) Target has an unequivocal answer as to the ID that was used to purchase said alcohol. The same thing is done for checks as well as certain medications and games.
Target has no interest in recording, and nor does it record your donor status, hair color, or anything you believe could possibly violate your security. The employee was wrong to say that “it gets all of your information,” because that it not what it does, but it is easier to say that then to give the long explanation that I just gave you, especially when your process hundreds of transactions daily with customers who are in a hurry.
By: Geoff on August 14, 2008
at 2:23 pm
@ Geoff: I certainly hope you are correct. However, I can’t get past the fact that these two sentences are mutually exclusive:
1. “Target Corporation is not actually collecting the information that is on your identification.”
-and-
2. a. “The ID is scanned to keep track of exactly what ID is used to sell alcohol…”,
2. b. “there is a digital record, that in the event of a police inquiry…”
I believe “collecting” (and storing) of information is required for “keeping track” and “a digital record.”
It’s obviously collected. (My title referring to organ donor status was being sarcastic, but what about the more valuable information?)
You seem to write as if you know the policy, and there is no question. Are you in a position to know the collection/retention practices of Target? If so, please email me directly. I really would like to know the answer.
I don’t know either way. I’m just raising the question. In the absence of official information, one has to wonder what is collected, and how the information is stored and used.
Whether Target keeps or purges the data, they could do a much better job of informing their customers of the collection, use, and protection of customer data. Otherwise, all I have to go on is what the Target employee told us. That information would prevent this conversation from ever occurring.
By: Thruhike98 on August 15, 2008
at 11:04 pm
A couple of comments on this topic ended up over here.
By: Thruhike98 on August 15, 2008
at 11:17 pm
This story is a good example of why I do not want corporations to collect excessive amounts of information, and why I want to know how they plan to use and protect what they collect.
From Slashdot’s summary:
“…Best Western hotel chain has lost the personal details of each and every guest who has stayed at any of its 1300 hotels in the past 12 months. This amounts to details on 8 million customers and includes information such as name, address, credit card details and employment details. The data even includes future booking details, causing speculation that homes could be targeted for burglary when it’s anticipated they will be unoccupied.”
By: Thruhike98 on August 26, 2008
at 11:23 am
I read this article when it first came out and when I was at Target the other day, it reminded me of it and a simple solution came to mind…Print “For Law Enforcement Use Only” on a mailing label and cover the barcode with the label.
It’s simple and states clearly your preference to only allow law enforcement officials to scan your barcode. It might also prevent some of the ‘if we can’t scan, we aren’t selling ___ to you’ arguments from cashiers.
By: Renegadetroll on September 2, 2008
at 2:40 pm
@ Renegadetroll: That’s a great idea. The wording makes it better than just a piece of electrical tape – less pushback from store employees, and less likely to put you in a bad light with law enforcement if they ask for it.
By: Thruhike98 on September 2, 2008
at 2:59 pm
As a Target employee I feel compelled to pipe in. I’m not a Target crony. I was a lowly cashier and worked at the service desk for 3 years (i.e. still a cashier but I actually understand the return policies, etc.) but have a much better understanding of our policies and how our POS system works than most.
Policy now requires all cashiers to physically handle ID for any item that requires an ID check for purchase, whether it be the obvious things like alcohol or nicotine patches or things like lighters, cold medicines or M-rated games. It’s mostly to protect the cashier and to reduce the risk in trying to guess a guest’s age. It may seem like a hassle, but with dram shop laws and whatnot, I’d hate to be a cashier that got duped by the rare person that’s carrying fake ID. Of course there are also secret shoppers and plain-clothes officers that may come in a make a purchase to ensure that cashiers are properly checking for ID.
Neither cashier nor “management” can bypass the ID check. In the event the card was degaussed or the barcode doesn’t scan, they can enter your birthday as shown on your ID. If you refuse to let them touch/scan/swipe your card and they are following policy correctly, they will not allow the sale. The option to enter a birthday instead of scanning/swiping ID is basically a last resort. (If you are clearly of age to make your purchase, they may ask for just your birthdate however most just ask *everyone* for ID regardless of age because it’s easier that way. When training people, I would tell new cashiers to simply card everyone. Remember that most of these cashiers are kids. I’ve seen more than one poor girl cry because she was yelled at rather horribly by a customer who was angry and found it necessary to point out that she didn’t card another guest who appeared to be in their 80s. The cashier wasn’t even old enough to scan the alcohol herself–she simply said she’d have to call someone to do it for it and that they’d need to have ID–and I caught the tailwind of the yelling as I was on my way there to scan it and card the guest for her.) If someone sees another guest not being carded but are carded themselves, they tend to raise a stink and take it out on the cashier. Trying to determine some people’s age isn’t always easy, and some people are just plain bad at gauging those things. As a cashier, I can tell you I’ve had people get huffy for carding them and get huffy for not carding them. If you’re a cashier, you just can’t win. (Please be nice to your cashier! They’re just doing their job.)
Anyway, I suppose what you really want to read here is this… When the guest’s driver’s license or ID is scanned during an ID check for purchase of a restricted item, it simply checks the birthdate and verifies the validity of the identification number as stored in the 2D code. (Also, I’ve found that for most states, the only things encoded in the code are your name, address, birthday and ID number, all as printed on the card. (If you’re curious, you can find programs that will decode them and just scan or take a photo of yours and run it through to see what your state uses.)
The information itself isn’t recorded, just whether the ID was actually scanned/swiped or if the birthday was keyed manually. Again, since this is to help protect cashiers and the cashier or the customer can easily make up a birthday to enter (if they notice that a cashier is keying in a lot of birthdays, they’re going to get suspicious), this is another reason they’re going to want to scan your ID.
By: K on September 21, 2008
at 12:54 am
K,
I find your message peculiar. In the first part of your message, it sounds like you are someone who works inside a retail store at the point of sale. That type of employee would have absolutely no way of knowing what information is being stored when an ID is scanned.
Unless you are a programmer, database analyst, or similar, who has current inside knowledge of Target’s point of sale software, you have absolutely no way of knowing what data is being stored when a card is swiped. This is exactly the point that we are objecting to – as customers, we have no way of knowing whether or not the data is stored.
You are naive to assume you know what information is being retained.
By: I_H8_Target_Now on September 23, 2008
at 12:29 pm
It’s not just Target scanning licenses. I tried to exchange an item (for an item of the same value, with the sales receipt) at The Limited, and was told they need either a license to scan or a Passport! No mention of the policy when I purchased the item, nor was it clearly posted.
Other stores that follow this same policy are Nike, Brookstone, and Express. You need to check the return policy now, and boycott stores that require this invasion of privacy – to ‘keep track of returns’, according to the store manager.
By: PC on October 19, 2008
at 10:07 pm
Same thing happened to me at Target in FL today – will NEVER buy a bottle of beer or wine there again and will reduce my purchases there as much as possible. This is NOT for verifying age, certainly not in my case. I am 50 and do NOT look like I am 20. Cashier asked to SEE my ID, not to SWIPE my card and STEAL my information. I was surprised/not paying attention so I let the person see my driver’s license – took it out of my hand and swiped it before I could react. This will NOT happen again. Need to file a complaint now wherever I can.
By: Tom on October 29, 2008
at 4:13 pm
Thanks guys, for your input.
I appreciate your sharing of your experience, K. There is a lot of interesting info in your comment. The one thing I get hung up on is the idea that Target wants to limit its liability for selling alcohol to minors (a good goal), but does not record the information that’s scanned. This seems very difficult to believe. That liability for selling to minors is a big deal, so they need to cover their rear end. Why take the info, then discard it at the time of purchase? They would want to keep that information in case of a subpoena later.
I think I_H8_Target_Now has a point that unless one has held a position working on the back-office or server-side functions of this system, one can not speak with certainty about how the data is kept or discarded. That’s why an official response from Target would be helpful.
That’s disappointing PC, to hear the practice is becoming more wide-spread. Track everyone!
Please let us know, Tom, what you find out. My email to them from their website went unanswered. At least they may be getting the point that people find this over-reaching practice offensive.
By: Thruhike98 on October 29, 2008
at 4:46 pm
For the first time in my life, I became irate at a TARGET store.
Gilbert, AZ April 7, 2009.
I purchased a bottle of wine. Upon checkout, the clerk asked me to hand her my Drivers License (ID check). I am 49 years old, I don’t look 21. I look 49.
The clerk did not read my license. She swiped it in a new card reader on her register.
I promptly asked her what she had just done. She said, “I am verifying your age.” I said, “you can read my license – my birth date is printed on it. Why did you scan my license?”
She turned icy cold, ignored me and said “thank you for shopping at target.”
I was outraged.. I demanded to know why they scanned my license.. I then realized they just scanned my debit card and drivers license… I just gave target everything about my to give to BIG BROTHER.. but big brother already has this info..
Except now I know.. they are tracking our behavior.. if we purchase guns, ammo, tobacco, alcohol, etc.. we go onto the “watch list”. Talk about Darwinian..
Warn everyone that stores like TARGET are now agents of the government, tracking us and invading our privacy.
By: Robert on April 8, 2009
at 11:34 am
I haven’t seen any responsed on this site in a while, but this just happened at my super target recently and also at my mom and pop store in my neighborhood. I have since not shopped at either. I for one, have had my identity stolen and will not go through that again. It is very disturbing that we have a privacy act , but yet we are having to give everyone all our information just to buy beer. I would be thrilled if I looked 21, but I sadly, do not!
By: Sj on July 22, 2009
at 11:07 am
This is an example of “mission creep.” They do need to check the ID, but they use this premise to not only check one’s age, but also to read and record more valuable information. I greatly dislike being lied to with the “the company is required to do this” line. No, they are not required to record all my information.
I have not had my identity stolen (that I know of), but I have had my credit card number stolen. An individual used just the number, not the card itself, to steal about $2500 before the bank called with their suspicions. On another occasion, our card info was stolen from an online retailer and used fraudulently. So, I’m aware that things happen with “safely stored” information. I’d encourage all of us to do what you did and also tell the retailer why, so they can change what they are doing.
Thanks for your comment, Sj.
By: Thruhike98 on July 23, 2009
at 2:30 pm
Can anyone say class action lawsuit for invasion of privacy/extortion of confidential information?
I happen to use nicotine replacement products and have had similar issues with Target. Cashiers used to enter the fake birth date I gave them verbally. I believe the register software has changed recently because the cashiers now say they need my driver’s license or they can’t complete the sale. Since I’m almost 60 years old (and look it) I say, “Get the manager.” The first time, the “manager” (probably a department or shift supervisor) punched something in, and no birth date was required. The second time, the “manager” tried to give me the same line as the cashier and I told him it was illegal to demand personal and private information from me since I don’t look under 30 (the law in California) and in fact look almost 3 times as old as the required 21. I then stared at his name tag, and asked for him to put his refusal to complete the transaction in writing. (He asked if I wanted the refusal to be typed; I don’t know why, but holographic is way better in a court of law; maybe he wanted to leave or speak to his superior.) I then said, “I can give you a birth date” because he was obviously looking for a way out. I gave him a birth date (not mine) and the transaction was completed.
I wish an attorney would chime in. I believe Target has a right to ask but not demand DOB. I don’t think they have the right to scan your DL.
I don’t want my name and dob sitting in Target’s data base.
Next time, I’ll pay cash and let them see my dob on my dl but maintain possession of it, and see what happens.
By: r willy on August 14, 2009
at 9:32 pm
Just wanted to chime in. Today I went to my local Target and picked up Dead Space (a PS3 game) on clearance for $20. I’d been wanting it for a while, so I grabbed it and ran for the register. When I got there, the cashier insisted on seeing my driver’s license. I showed it to her, but she insisted I take it out of my wallet. My license has been in my wallet for 5 years, and I’ve never taken it out – not even when buying liquor. It’s kind of become one with the plastic sleeve. She grabbed my wallet and tied to force the license out, but it wouldn’t budge. When I objected, she told me this wasn’t just Target policy, it was the law.
For the record, I’m 41 years old. I’m told I look younger, but not under 19 younger. My hair is going white. I have wrinkles. I’m obviously middle aged.
Anyway, I grabbed my wallet back, told her to forget it and left. I won’t be back.
I’ve checked the Target website for corporate contact info but not found anything. Does anyone have an address that can be used to complain?
By: rose on August 22, 2009
at 7:23 pm
I like the idea of “for law enforcement use only”, but even better would be to use a photo ID that doesn’t have a bar code or mag strip. Degaussing the mag strip is nice, too.
If all someone asks for is photo ID, I’ll give them an employee photo ID that has my face & name. If they insist on seeing something with my birthdate, I have a federal ID with my face, name & bday… and a couple other things, but no SSN, no address, etc.
No purchase is worth putting up with the invasion of privacy & potential identity theft from giving away your PII. I’ve even been known to photoshop numbers on a copy of my SSN card when someone insists on having a copy. (It’s not a law, just company policy. My policy is not to give out sensitive info.)
By: sensible gal on October 21, 2009
at 3:36 pm