« Previous Post | Blog Home | Next Post »
Swiping driver's licenses at a drugstore?
Posted on Jul 15, 2006 by Tom Fragala
I went to a Long’s drugstore today in Santa Barbara, California. I picked up a box of infant’s decongestant drops. At the check out, the person asked to see my driver’s license, I assumed because I was paying by credit card. Before I knew it, he had swiped my driver’s license. He said it was because I was buying decongestant. The decongestant has pseudoephedrine which is the major ingredient to make crystal meth.
What stunned me is that they are swiping driver’s licenses. And I was not told that it was going to happen. This opens up many questions for me. Where is the data stored? Is it encrypted? Is it shared with anyone outside of the company? Is it required by law (no way it is)? I think this is foolish for Long’s because they are storing reams of data that is susceptible to a breach. And, far more importantly, this is in my opinion, a serious breach of my privacy and a opens me up to the risk identity theft. I am not happy.
Any thoughts readers? Post in comments or email.
Update 1: Beth Givens, Director of the Privacy Rights Clearinghouse, responded to an email I sent about this:
Unfortunately there's a loophole in Calif law that allows swiping by merchants for so-called fraud prevention. Here's info on that law:
Driver's License Information, Scanning or "Swiping" - Civil Code section 1798.90.1. Prohibits bars, car dealers and others from collecting information by swiping driver's license for any purposes other than verifying age or authenticity of the license, check verification or when legally required.
Specifically, swiping is allowed ...
(D) To collect or disclose personal information that is required for reporting, investigating, or preventing fraud, abuse, or material misrepresentation.
Also, a hat tip to Pete who did some research and posted in the comments that the driver’s license thing is apparently part of the Combat Methamphetamine Epidemic Act of 2005 (?!).
Filed under: Privacy
Comments
Pete on Jul 15, 2006
Apparently, this is a federal law--part of the Patriot Act that was signed in March--called the Combat Methamphetamine Epidemic Act of 2005 (http://www.fda.gov/cder/news/methamphetamine.htm).
"The amount of pseudoephedrine that an individual can purchase each month is limited and individuals are required to present photo identification to purchase products containing pseudoephedrine. In addition, stores are required to keep personal information about purchasers for at least two years." Yikes.
Tom Fragala on Jul 16, 2006
Thanks Pete! That's great info, I was hoping someone would so some research on this issue.
And I didn't read what you linked to you, but it appears that retail stores are required by law to keep the personal information. I just wonder what they are doing to protect that information. ANd what if you don't have a driver's license?? Does that mean you can't buy nasal decongestant?
Pete on Jul 17, 2006
Tom - the restriction only applies to those cold medicines that contain pseudoephedrine, which is an ingredient used to make methamphetamine. Brand names include Drixoral, Sudafed and Triaminic, although some versions of these products are pseudoephedrine-free.
I would hope there is a provision allowing use of alternative forms of ID such as DMV ID cards or passports.
By the way, the link I originally posted doesn't work because it adds a ")" to the end of the URL. Use this instead: http://www.fda.gov/cder/news/methamphetamine.htm
Post a Comment