Re: Best Buy and Privacy?

["[lesh] Ivan Nikolic" <lesh () sysphere org>]

Hey, don't you people have private information laws that deal with this sort of stuff?

In europe, someone can't store your private information if you haven't explicitly allowed its storage and usage 
scenarios, let alone send it to third party.

Also, they have responsibility to keep your data secure.

There is even an agency to which you can report about possible violations of those laws that supposedly goes on 
inspections. I'm not sure how well this is handled in reality. I should do an experiment on this by reporting 
myself, but in any case, I use it to harrass people in situations like yours with no problems.

* Thor (Hammer of God) (thor () hammerofgod com) wrote:
> I found this interesting, so I thought I would share it.
>
> Over the last few years I had amassed quite a number of various gaming system games that I never used anymore (if at 
> all) so I decided to trade them in at Best Buy (they do this for store credit).  Though $3 for a $50 game wasn't 
> exactly attractive, I figured I could get a free Blue Ray out of it, so why not.
>
> I showed up with a stack of games, and sat at the counter for about 30 minutes while the guy individually entered 
> each title, catalog number, etc for each game.  After all that, he finally said that he needed to see my driver's 
> license in order to give me my $73 credit.  I always question this type of thing, so asked him why.  "In case these 
> were stolen" he says, going on to say it is store policy.  Whatever, I think, so I give it to him.  He doesn't just 
> look at it, but starts entering my info into the system - I didn't care because it was an out-of-state license, but 
> didn't like that he was actually entering it into the system.
>
> He then notices that my license had expired a month earlier.  I actually knew this, but wasn't going to offer it up.  
> He says he can't take it, and I give the obligatory "I'm not driving in the store, I'm just giving you games" bit and 
> the "it was me a month ago, so what difference does it make now" pitch.  He goes asks the manager, and sure enough, 
> they can't take it because it is expired.
>
> So this is the point where I really start to wonder and ask more questions about what difference it makes.  He then 
> tells me that the reason he has to enter so much information, including each individual title and UPC, is because 
> they have to send all this information to the Seattle police in case any of the titles I turned in were reported 
> stolen by someone.  I asked how they expected to match up a stolen title with a redeemed one short of putting 5 "Pimp 
> My Ride" games in a line-up for identification, and of course the kid didn't know and didn't care.  I then pointed 
> out that even if I did steal it, if the cops came around looking for it, I wouldn't have it anymore anyway because it 
> would be in the Best Buy warehouse.  More not caring.
>
> While the overall process of wasting police resources on tracking games that might have been stolen seems like a 
> complete waste of time and money, what really concerned me is that Best Buy was going to send my personal information 
> over to the police without disclosing anything to me.  There was no mention of it anywhere, no fine print, nothing.  
> Had my license not been expired, that info (which they would not have had) would be put into the public system, and 
> there would be no way I could control the information or what they did with it.  This would have been particularly 
> bad if I had to explain why I had a copy of "Barbie's Horse Adventure" at some point.
>
> As far as profiling is concerned, you would think they would be more interested in the fact that I was going to use 
> the $73 credit towards the purchase of a couple of seasons of Dexter, but I have no way of knowing that they wouldn't 
> have sent this information anyway.  It begs the question as to what other information Best Buy is sending to whom, 
> and what kind of privacy rights I am implicitly giving up by shopping there.  If they can report personal information 
> to government agencies without my knowledge, approval, or any sort of notification, and in this case collected the 
> information for the explicit purpose of doing so, why else are they collecting?
>
> AFAIAC, there is something seriously wrong with this.  Anyway, I thought I would share this in case anyone found it 
> interesting.
>
> T
>
> There's no reason to think "outside the box"
> If you don't think yourself into it.

-- 
PGP 0x96085C00 http://lesh.sysphere.org

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/