THE OFFICE MAX INCIDENT
In yesterday’s post about Best Buy’s loss of a customer’s computer resulting in her having to file a $54 million lawsuit to get their attention, the point was made that incompetence with our names and personal data has risen to the highest levels in big business. Three months Raelyn Campbell had to wait just to find out the computer was lost, when all this time she knew her tax records were on the machine available to ID thieves. When Best Buy offered to settle, it was a paltry sum that didn’t even include the cost of the laptop and software. That’s when she decided to sue. But that was yesterday, and today the subject of the post is a personal incident my wife had with an Office Max store in Scottsdale. Arizona. She was returning faulty ink cartridges, and the clerk required that she give up her driver’s license number, which he input to Office Max’s database as she watched with alarm. My wife thought when he asked her for the ID that the clerk needed it only for identification, but he indicated it was “company policy” to record the driver’s license number in their system. When my wife protested, the store manager was called, and he confirmed the policy. Since we monitor our credit report on almost a daily basis, she let it go and promptly came home to relate what had happened. When I came down off the ceiling, I immediately composed a letter to the Office Max president, Sam K. Duncan, explaining our shock, and demanding an explanation, as well as the deletion of my wife’s license number from Office Max’s database. Of course Duncan didn’t answer but, Cindee, with no last name, of course, from the company’s Executive Resolution department, did reply with an apology, and assured me it “is not our policy to swipe a customer’s driver’s license into the computer for a return.” She had to tell the store manager, who apparently did not know this. In the meantime, I had reported the incident to all the appropriate privacy organizations, as well as filing a complaint with the Federal Trade Commission, which I related to Cindee in a follow up e-mail. This led to a string of e-mails where I demanded confirmation the driver’s license had been removed from their database, which I received. This episode illustrates on a first-hand basis the incompetence of people who are collecting our private information, and how the higher-ups are both oblivious to their actions and lacking control. I decided to look further into Office Max’s experience with customers’ sensitive data, and ran across a 2006 case where the firm was investigated as the source of debit-card theft in which the company was cooperating with federal authorities. Digging further, also in 2006, a former Office Max worker in Alameda, California was arrested for allegedly using a customer’s credit card number to pay $1,000 in telephone bills. The suspect, only 19, admitted the theft. So, there was opportunity, and someone, a former employee, took advantage of it. And I am not sure there was any way to prevent this short of granting consumers control over their names and personal data.