Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

How Many Loyalty Cards do you Carry?

Published: 2011-01-12
Last Updated: 2011-01-12 13:33:00 UTC
by Richard Porter (Version: 1)
12 comment(s)

How Many Loyalty Cards do you carry?

“Join our loyalty program and we will give you discounts” is the way most vendors convince you to give away your contact information. Now this grant of information is supposed to be in return for loyalty discounts. What most vendors seem to be doing (assumption here with no hard facts) is raising the base median price of high volume products and then in turn “discount” said item.

This topic, one of frustration, was brought about from a trip to my local supermarket for soap and paying through the self-checkout line. All four automated check out machines were echoing over and over “Have you scanned your club card yet?”

According to my vendor’s loyalty card agreement “<vendor xyz> does not sell, lease or provide personal information (i.e., your name, address, telephone number, and bank and credit card account numbers) to non-related companies or entities.”

Non-Related companies or entities, what does that mean? Depends on your local country law regarding privacy but….

http://www.privacyrights.org/online-information-brokers-list

Looking at that list of Information Brokers leads me to think that non-related could mean? “We don’t partner with them.” Or could mean they don’t share.

In this Facebook world we live in data protection and leakage becomes far more relevant to the individual along with corporate entities. 

PCI Compliance places a standard around protecting credit card data and most countries have relevant privacy laws regarding health care data but what about personal data that is given or granted freely?

https://www.pcisecuritystandards.org/security_standards/documents.php

With regards to personal data, it can no longer be said “It’s not that important” or “there is nothing critical on my computer.” Profile data on you is important. 
 

 

Richard Porter

--- ISC Handler on Duty

12 comment(s)
Diary Archives