Merchants are continually looking for ways to market their next promotion to the public. Because of their drive to sell, merchants generally want as much information as possible about their current and future customers.
Seemingly innocuous customer information obtained from consumers at the cash register or online can be combined with data from other sources to obtain a very detailed portrait of an individual consumer.
Because we live in a society where billions of bits of information can be stored and distributed there are many reasons that consumers might be wary of providing such information.
Do you really want merchants to know every detail of your life? Think about what you purchase at the store. Would you be comfortable if the general public knew about all of your purchases? Does your significant other even know that much detail about what you are purchasing? Perhaps the most striking example of consumer tracking occurred when Target was able to figure out that a teenage girl was pregnant before her father did. This was done through a unique ID number that Target uses to identify its customers. Every time you use a credit card or coupon, visit the Target website, open a Target email, call Target customer service, or interact with Target in any way, Target associates this information with your Guest ID number. By data mining the pregnant teenager’s purchase history, Target was able to know that she was pregnant because she purchased various items that were highly predictive of pregnancy. You can imagine the conversations that may have taken place after Target sent baby food and diaper coupons specifically to the teen’s home address.
What is the Danger? Think about the possibilities. In the near future an insurance company could pay to access a database and check your grocery store for purchased items like soda or high-fat foods. Law enforcement officials could also scan store records to look for materials that could be used to potentially incriminate you.
Long term, critics say, the effect of this data collection can be very troubling. Using cards to track purchase histories, stores could segment customers into groups based on how much and how often they purchase. Such information could help stores pinpoint the most desirable (and profitable) customers and discriminate against the less profitable. Potentially, that could lead to tailoring prices to individual shoppers, much as airlines charge different prices for seats on the same plane.
How Merchants Can Collect Your Data Loyalty Cards: Merchants can use loyalty cards, also called rewards cards, discount cards, or membership cards, to encourage you to purchase more frequently at their store. Typically, consumers fill out an application to get the card, giving their name, address, and sometimes other information such as gender, phone number, birthday, email address, or income. These programs allow the store to keep tabs on what customers buy and how often they shop.
Merchants say these programs allow them to identify their most loyal customers, learn more about their buying habits, and offer such best customers the products and services they demand. However, some consumers and consumer-rights groups claim that the data collected by the stores violates privacy rights and may not even save consumers money. Loyalty cards can also lead to discriminatory pricing, where different cardholders pay different prices for the same merchandise.
Product Registration Forms: When you purchase an appliance, like a blender, or an electronic device such as a computer or camera, you will likely find a product registration form included among the documents packaged with the product. The first few questions on the cards are typically related to recall communications such as the name and address of the individual. However, often the remaining questions on the card consist of survey questions that ask the purchaser about their demographic and lifestyle characteristics.
Obviously, none of this demographics and lifestyle information is necessary to register the product with the company. However, typically there is no place on the registration forms where the individual is informed that providing answers to the survey questions is optional.
Instead, there’s often a warning about the importance of filling out and mailing in the form, with the implication that failure to do so can invalidate the product warranty. In actuality, the consumer needs only to save the receipt to activate the warranty.
Emailed Receipts: Some merchants offer their patrons the option of an emailed receipt for in-store purchases. To accomplish this, the merchant may ask a customer for his or her email address at check-out and then email the receipt to the customer. Email addresses, as many know, are hot commodities for vendors. They can be sold to the highest bidder so that other companies can market to you, or, at the very least, they will be used to market that merchant’s goods or services to you on a regular basis whether you like it or not.
Request for ID: Many retailers require you to present a driver’s license (or government-issued ID) when you return or exchange merchandise. Retailers will typically swipe your license in a reader that will query a database to look at your return history for patterns of fraud or abuse. When the merchant scans your license, the retailer can collect any information that is encoded on the license’s magnetic stripe or bar code. Double Swiping: Some merchants may take a second quick swipe of consumers’ credit cards, which is typically done after credit-card transactions have been approved. It is done so quickly sometimes that you might not even notice it. Merchants can use this technique to record the mode of payment and also to collect the cardholder’s personal data for marketing purposes. Signature Pads: Another method of “forcing” a consumer to provide personal data is through the use of signature-capture devices located at the cash register. The signature-capture device records the individual’s signature and stores it in a computer system. Many are concerned about the security of having their signatures stored electronically in a store’s computer system. Someone could break into the system and steal your signature.
Electronic Surveillance: Most consumers know that vendors automatically track online purchases made through the merchant’s website as well as the individual’s purchasing behavior. However, many new technologies involving video surveillance and signals from mobile devices are giving traditional “brick and mortar” stores the ability to track individuals like never before.
Mobile devices that are not in airplane mode emit a signal that can be used to collect your MAC address, which can be used to determine where you go in a store, how long you spend there, and how frequently you shop in the store. In addition, video surveillance can be used in combination with facial recognition software to determine who you are and what isles of the store you spend the most amount of time in.
Nevada Privacy Law Nevada has developed various privacy laws to protect its citizens.
They do not address all of the issues stated above; however, at the very least, as with 48 of the 50 states, the state has implemented a Data Privacy and Protection law. Nevada’s Data Privacy and Protection law is divided into two different provisions.
Credit Card Protection: Nevada has adopted the Payment Card Industry Data Security Standard (PCI DSS) for all companies doing business in the state that accept credit cards for the sale of goods or services.
By doing so, Nevada gives the PCI DSS the force of law in the state.
This is helpful because it means that a company that sells goods or services in the state of Nevada must meet PCI DSS standards or they will be in violation of the data privacy law and is subject to any and all penalties. When a merchant is “PCI Compliant” you can be assured that all of your credit card data is highly secured.
NV Resident Private Information: The second provision applies to companies that collect private information on Nevada residents. This provision only covers companies that collect employee data for payroll purposes or doctors’ offices that collect patient data for medical records. This provision does not protect data that is collected by a merchant. This provision requires the protection of data from unauthorized access. It also requires the use of encryption of personal data during electronic transmission or while in storage on data storage devices.
What can you do for yourself? You may, once or twice in this article, have wondered what you can do to protect yourself and your data from the merchants that are using the tactics above. Well, if you have, here is a list of steps you can
take to keep your personal data safe:
Shop Elsewhere: Vote with your wallet. Support stores that you know don’t force you to provide private data in order to shop at their store.
Register With Fictitious Information: No, you won’t get into any trouble unless you are using someone else’s identity in the process.
If you use this method make sure you don’t use your card when making pharmacy purchases since the store needs a record of your actual identifying information to fill a prescription.
Don’t Give Them the Information: For example, loyalty cards are valid even if you don’t mail in the registration form. Also, most of the information they ask you for is completely optional. You just need to resist the need to please the store employee and say “no.”
Opt Out: Don’t sign the signature pad or fill out the information card. You won’t likely miss out on any great deals. For example, if you want to take advantage of lower prices that might be available with a store loyalty card just ask the cashier to scan a “house card.”
Seek Access to Your Data: Find out how your store controls information and how you can get access to it. Ask the customer service representative to disclose your personal profile. If you want your profile removed, find out what’s required to do that.
Matthew G. Pfau has a background in business consulting, estate planning, business start-ups and bankruptcy and is licensed to practice in both Nevada and California. A partner in the firm Pickard Parry Pfau, he can be reached at 702-910-4300, the firm’s website at
www.pickardparrypfau.com, or his personal direct email at Matt@pickardparrypfau.com.