THE RECENT SEARS PRIVACY FAUX PAS SHOULD SERVE AS AN EXAMPLE OF WHY CONSUMERS NEED CONTROL OVER THEIR NAMES AND PERSONAL DATA
Friday’s blog covered the major ingredients of the Sears program dubbed Sears Holding Community (SHC), aptly named because the customer gave them private information that the retailer shared with the community. They have since shut down this feature, but the damage was done, resulting in a class-action law suit against Sears. The company says it did right by its customers by giving them specifics on how their habits would be tracked, but non-profit group, StopBadware, said this was inadequate. In my reading of this incident, I can find no excuse for the fact that not only can the customer access his or her data on the site, but everyone in the neighborhood, actually in the whole country. That is a primary factor in filing the law suit. In an article from junk mail publication, DM News, Sears insists that they went to accurately describe the procedures of the program. Since the site was pulled, it is impossible to find out the particulars of whether or not this is true, but in the class-action case there is also mention of other potential harm to the SHC user. Hackers could access the system and initiate phishing scams using the Sears name to convince the customer to give up more personal data. If you are really interested in the law suit, there is a PDF copy here. Fortunately, we have people out there like law professor Ben Edelman and organizations like StopBadware to hold companies accountable for blunders like this. But if a business the size of Sears does not have the oversight to prevent incidents of this kind, there is only one method that will put a stop to future threats. Either Congress must pass legislation giving consumers control over their names and private information, or business and government must join together in an alliance that will accomplish this goal. Otherwise, in keeping with recent trends, we can expect more of the same.