Maybe I’m crazy or paranoid, but I'm not willing to compromise my own security so that others can go to extremes to protect theirs. A recent event in my own life is a good example of what I mean.
A friend had invited me to a holiday party at a high-rise apartment building in New York City. When I arrived, I was surprised to hear the security guard tell me that to enter the building I had to show a driver’s license. My driver’s license, with my name, address, birth date, driver’s license number, photo, and other personal information?
Against my judgment, I agreed, but only on the condition that the security guard would not write down any of my information. “We don’t do that here,” she assured me.
Then I watched her place my driver’s license face down onto a photographic scanner. Stunned and outraged, I snatched it off the machine.
I’ve since discovered that scanning or swiping driver’s licenses or other types of identification and storing the data is becoming commonplace among stores and other businesses, schools, government buildings, and more.
“It’s a terrible, terrible practice," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "To begin with, it’s easily a contributor to identity theft, and it’s unnecessary.”
The Washington State Department of Licensing’s website actually encourages the use of driver's licenses to collect data, providing details on how anyone can do so using common barcode readers that can be had for less than $30.
At the New York City apartment building, I explained that I saw no need for the building to record my personal information despite the security guard’s assurance that no one looks at it.
If no one looks at it, then why collect it? How do I know that this data isn’t being sold to marketers or scammers or in some other way disseminated to the world? Where’s the privacy statement that tells me how this information is being used and how long it will be retained? What about the potential for this information to be used to stalk people, the very concern that state and federal lawmakers had when they enacted laws restricting the release of motor vehicle records by the states?
“As a practical matter, it poses the greatest risk for individuals who might be stalking victims or who want to maintain their privacy for specific needs,” Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, said. “We’re opposed to it as being an invasion of privacy and creating the potential for identity theft.”
For tips on how to avoid becoming a victim of identity theft, read our report "Protect Your Identity."
I asked the security guard what measures were being used to insure this information isn't being pilfered by someone on the outside or perhaps even by an employee of the security firm? She couldn’t tell me.
I suggested that instead of recording details about my life, she might call the resident who had invited me to the party and have him escort me to the apartment. But only a romp through my personal information would do.
I decided that the prospect of standing in an apartment with a glass in my hand, making small talk with the other guests wasn’t worth risking my identity. So I left.
This high-rise building is owned by The Actors Fund, a nonprofit human services organization.
The group’s chief operating officer, Barbara Davis, said the information is collected to protect residents, many of whom are elderly or disabled. She said the data can be used to help police investigate crimes in the building. And just knowing that it’s being collected may deter someone intent on wrongdoing.
Davis said the information is archived after three months and that only the senior staff at the building’s nonprofit management company have access to it. “Our primary responsibility is to secure as best as we can the safety of the frailest residents of the building, of which there are many,” she said, adding that many New York City office buildings also record such data.
She said that some of the residents, many of whom share apartments with people they don’t know, appreciate the security measure while other residents don't like it. She said the building instructs residents to inform guests about the practice so they’re not surprised. She said she would explore alternatives, such as using less intrusive photo IDs or allowing residents to add names to a guest list and having visitors simply show their photo IDs.
Eva Velasquez, CEO of the Identify Theft Resource Center, said the information on driver’s licenses provides “a good start” for someone out to steal a person’s identity. While she did not criticize the New York building for collecting the data, she said anyone being asked to produce their driver’s license or other documents should at least be aware of the potential dangers and ask questions about how the information will be used and stored. But she also noted that there is no 100 percent secure system, a point borne out by the recent theft of credit card data from Target stores.
She said people who are asked for such information should find out whether there are alternative, less-intrusive ways to address the security concerns.
“You at least need to be aware that there are some security questions here,” she said, “and then you can make a decision.”
Consumer Reports has no relationship with any advertisers or sponsors on this website. Copyright © 2007-2013 Consumers Union of U.S.