Do loyalty cards invade our privacy?
By Martha Buckley
BBC News
According to David Blunkett there's no need for us to be scared of his national identity cards as they will be no worse than the loyalty card schemes we sign up to voluntarily.
As he waved a Nectar card around during a speech on Wednesday, the home secretary said it was high time someone looked into the way personal information stored by such schemes.
But how much information do loyalty cards really store about us and is it fair to compare them to state ID cards?
According to Loyalty Management UK, which runs the Nectar - the country's biggest loyalty scheme - the cards are not nearly as sinister as Mr Blunkett made out.
The government wants ID cards containing biometric data such as fingerprints and iris scans to be compulsory by 2013.
These would hold information on everything from medical details, benefits entitlement and criminal records, which could be accessed by police and other authorities.
The voluntary Nectar scheme, on the other hand, collects strictly limited personal information and data on shopping habits and is governed by the 1988 Data Protection Act.
Basic data, such as name, address, gender and contact details, is provided voluntarily by Nectar collectors when they sign up.
Members can also choose whether or not to provide additional information such as how many people there are in their household, how many cars they own and where they shop.
Not only do we not collect information on what brand of toothpaste you're buying but to be honest, we don't care
Brian Sinclair
After this, each time the card is used to collect points, details of the date, location and points earned - but not what was actually bought - will be sent to Nectar.
The information is stored in one of the country's largest databases but is not sold on or shared with companies outside the scheme.
Instead, it is used to target Nectar collectors with offers designed to encourage them to collect more points and to tempt them into using the sponsors' shops and businesses.
What the data will be used for is explained on the Nectar registration form and those who object can tick a selection of opt-out boxes.
Brian Sinclair, Loyalty Management UK's client services director, says: "Not only do we not collect information on what brand of toothpaste you're buying but to be honest, we don't care."
"We do not capture information about what's actually in people's shopping baskets, though others may do."
However, member companies, such as Sainsbury's may also use the scheme to collect more detailed information on the products customers buy, which they will use for marketing purposes.
A Sainsbury's spokeswoman said: "Sainsbury's does know what you are buying but we do not use this information to target people on an individual basis.
"Instead it goes into a database, which we can use to see whether, for example, customers in a certain area like buying healthy food, or look at what kind of products are popular with women aged 20 to 30.
"We might then decide to send out customer offers to people in those categories."
Loyalty Management UK estimates Nectar is one of some 160 loyalty schemes operating in the UK - not all of which may be as scrupulous about what they do with the data they collect.
Mr Sinclair said: "We are the biggest in the marketplace and as such I think we have to be the most protective and careful about how we use our customers' information.
"To try and make a comparison between mandatory state-run ID cards and a voluntary loyalty scheme is pretty extreme."
He says the firm works closely with the Information Commissioner, who regulates data protection rules.
I wish we could trust the Home Office to be as alert to privacy concerns as some of the supermarkets, and that's saying something
Simon Davies
Since the 1998 Data Protection Act came into force in has been illegal for companies to sell on people's details without their consent or for uses other than those they were originally told about.
Often this simply means companies ask people to tick a box to say if they do not want their details passed on.
Simon Davies, director of campaign group Privacy International, says the home secretary's comparison of loyalty cards to compulsory identity cards is "ridiculous".
He said: "The loyalty card system is as close as we get to a genuinely voluntary system.
"There are few some sneaky tricks involved on the part of the supermarkets, at least, but in general, there's been a trend to limit the amassing of the information because it's a false economy.
"What companies are looking for is actually loyalty. They want people to shop at their stores consistently. It's a very simple equation and I haven't got a problem with that."
"I believe the big loyalty schemes are relatively paranoid about breaching the Data Protection Act because if they did, they would lose their customers' trust and would be such big targets for campaigners.
We should be creating a climate in which customers are more aware and more empowered and learn to see their personal information as a valuable resource
Susanne Lace
"I wish we could trust the Home Office to be as alert to privacy concerns as some of the supermarkets, and that's saying something."
Mr Davies said he was most concerned about the Information Commissioner's lack of power to enforce data protection laws and make sure people's personal information is not being traded illegally.
Susanne Lace, senior policy officer at the National Consumer Council, was more wary.
She said: "From my research I have found people do not know much about how their information is dealt with and how it's handled. They are not very aware of what is going on but when you ask them about privacy, they are concerned about it.
"David Blunkett says now is a good time to start debating what is known about us and I think he's right. It is a good time."
She said: "The Information Commission actually regulates the Data Protection Act but it needs stronger powers and more resources. Almost every organisation in the country stores some kind of information about its customers or staff, so it is a huge job.
"I don't think firms do enough at the moment to let people know about what they are doing with their information. They should be more upfront and provide ongoing chances for people to choose what information they would like to be used.
"We should be creating a climate in which customers are more aware and more empowered and learn to see their personal information as a valuable resource."
-----------------------
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/1/hi/uk/4020023.stm
Published: 2004/11/19 02:30:42 GMT
© BBC MMIV