How much would you pay to secure your personal information from data farmers and marketers – and anyone that might be able to hack their servers? $100? $1,000? More?
What if I told you that you gave it to them for $5 off your next $100 purchase? Because every time you gave your ZIP code to a store clerk last weekend for one of your Christmas gift purchases, that's what you did. But the real question is, in the grand scheme of things, even with great incentives, is the tradeoff worth it? It's a hard question to answer unless you know what's really going on.
Consider the newest innovation in retailer data-mining from a startup called Index, which uses a three-tier system to track shoppers. First, it allows retailers to track repeat customers' shopping patterns via card swipes. Next comes The Ask: "Would you like to give us your ZIP code or phone number so we can tell you about upcoming promotions?" Take the bait, and you and your purchases are no longer anonymous. The ultimate grab is installed at the third tier, when you're asked to download a retailer's mobile app. Then they can push promotions to your phone as you walk by various items that their big data setup knows you might be tempted to buy.
The first two parts are hardly unique to retailers using Index – after all, who doesn't have a pharmacy or grocery store loyalty card (or multiples of both)? For a dollar off here, a buy-one, get-one free deal there, we've already given up our contact information and enabled companies to track our purchases to offer us coupons or other incentives to buy. In other words, we eagerly turn over all stripe of personally identifiable information, with which data farmers can match everything from your medical records (prescription purchases) to your preferred shampoo (or hair dye) to your favorite cereal to your smoking cessation aid.
But at least in those cases, we've knowingly given up our information. In other cases, companies started compiling on us without us even knowing. It wasn't that long ago people were unsettled by the New York Times exposé that Target was buying data from "other sources" to add to its own massive information collection program for purposes of mining the data. A recent report on Walmart's privacy practices by the Center for Media Justice, Color of Change, and Sum of Us revealed the many avenues people are tracked in a way that consumers cannot stop or opt out of. The report estimates that 60% of adult Americans are in Walmart's big data grab -- 145 million people.
And if you think that valuable information remains in a proprietary database or is only used to print coupons, just take a look at the catalogues in your recycling bin that you don't remember ordering. Selling mailing lists is, and has long been, standard practice in the retail industry.
The real reason many retailers want your information isn't necessarily to save you money or move inventory. Once they get good at predicting your buying behavior and graft what they know about you onto other publicly available information, they can wholesale your data to others. Bottom line is they don't just want to sell things to you, they want to sell you.
They don't have to get this information by crawling through the cracks and crevasses of our lives -- retailers have found that the easiest way to get our personal information is simply to ask. (Others, of course, don't ask. They gather data however they can.)
Maybe that $5 off your next $100 purchase is worth it to you… but you need to know what you're really paying for that coupon, and too often you don't.
Worse yet, I know all too well that, even in the tech world, database encryption is spotty at best and non-existent at worst. The privacy policies might tell you what your favorite retailers will or will not do with your data, but they rarely tell you how securely they store it. And there's the rub -- in this era of countless data breaches, corporate servers are brimming with personal information and the spoils of behavioral tracking are irresistible to cybercriminals.
So the next time a cashier asks you for your ZIP code, email address or phone number before they swipe your card, consider what that data is worth to them – and what it's really worth to you. I suspect saying "No, thanks," will get a lot easier.
Adam Levin is chairman and cofounder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.