Target's Collecting Personal Data Without Permission In St. Louis Stores

Target (NYSE:TGT) stores are scanning and storing the electronically readable data on some customers' driver's licenses—and, in at least some cases, collecting that data in-store without explaining or letting customers opt out, a St. Louis television station reported Wednesday (May 16).

Two separate Target customers contacted the station after they were asked to hand over their driver's licenses at checkout at different stores. According to one customer, "I showed it to [the cashier] and when I handed it to her, she flipped it over and scanned it. I said, I'm really not OK with you doing that. She said, well, I already did it." Another customer complained that "there was no permission asked if this was all right, and I really found it very intrusive," according to KMOV News.

Target said in a prepared statement that it scans licenses during purchases of alcohol, video games, regulated cold medicine and other regulated or restricted items, as well as for returns made without a receipt. The statement also said Target has physical, electronic and procedural security measures to keep the information safe, and none of it is used for marketing purposes.

The station reported that Kmart (NASDAQ:SHLD), Walmart (NYSE:WMT), JCPenney (NYSE:JCP) and Macy's (NYSE:M) all said they never scan licenses for any reason. (Some chains have been known to ask for driver's license so that associates can write down numbers—Walmart, for example, has done that for product returns—but doing it for regular purchases and scanning the licenses, that's where Target seems to be going beyond the norm.) The customers remained clearly irritated and concerned, in part because of widespread publicity in the St. Louis area about a payment-card data breach earlier this year at Schnuck's, a St. Louis-based regional grocery chain.

As baffled as those two customers might be, it's even more baffling that Target is doing in-store something it would never do online: collecting and storing personally identifiable information without warning or any way for customers to opt out. That's the kind of issue that has brought the U.S. Federal Trade Commission down on retail websites that have gotten sloppy about privacy practices.

It's also a policy that probably wouldn't pass legal muster in states like California and Massachusetts, where even collecting a Zip code during a credit-card purchase is too much information.

For more:

- See this KMOV story

Related stories:

Target's Joint Program With Facebook Goes Out Of Its Way To Exclude
Massachusetts Supreme Court Rules That In-Store Retailers Can't Seek Zip Codes
Schnuck's: 2.4 Million Cards Were Stolen In Cyberattack