Sunday, January 12, 2014

Target hack is a wake-up call on privacy

The Target hack shows the danger of giving retailers your phone number, email or zip code.

Think twice next time a store asks for your phone number, email or zip code.

If you fork it over, you're feeding the beast of consumer data collection -- and putting your own information at risk.

Target's disclosure that cnn money.com/2013/12/19/technology/security/target-credit-card/index.html">credit card thieves hacked a database of 70 million customers is a wake-up call.

"It's like an arms race for consumers' information at this point," said Susan Grant, an advocate for the Consumer Federation of America.

It's become standard for many retailers to ask for personal details at checkout. Then there's online shopping, in which you have to turn over certain info. Among other things, stores want the information so they can shower you with catalogs and emails.

Related: Tips for all Target customers

The problem is that you are trusting the stores to safeguard it. Criminals who steal your credit or debit card information can do more damage if they have your contact information. It's easier for them to commit fraud or even trick you into revealing more via fake emails, letters and phone calls.

Your information is "toxic" if it gets in the wrong hands, said Rob Shavell, CEO of Abine, a company whose software enhances privacy while shopping. "The more of it they store, the more it becomes a danger to the consumer and the business."

The idea behind Abine shows just how far wholesale data collection has gone. The service lets you create a shopping avatar -- with its own new phone number, address and credit card -- to create more distance between you and the retailer.

Data brokers and marketing companies know that customers feel uncomfortable about sharing too much.

They advise retailers to ask for your zip code -- then take your name from your credit card's magnetic stripe. The company can later use that information to find your exact address.

Security experts say the industry is often too lax about protecting data and that regulations are lagging way behind.

Related: What your zip code reveals about you

Grant, the consumer advocate, said there's a patchwork of state laws regarding mass data breaches, such as those that require companies to inform people when their privacy has been violated. She wants national laws that would limit how companies collect data in the first place, how long they keep it, and establish liability if they lose it.

"The stakes are much higher now," said John Simpson, a privacy advocate at Consumer Watchdog. "They claim they need all this data for legitimate business purposes. But if they're going to gather the data, that requires a level of cybersecurity a number of companies haven't been able to meet."

First Published: January 11, 2014: 9:47 AM ET

No comments:

Post a Comment