12 March 2014

Coles reveals customers' data is shared with third parties overseas

Information highway: Where your personal details are ending up.

Information highway: Where your personal details are ending up.

Customers using the Coles Flybuys card or online shopping service are having their personal details sent to up to 30 other companies owned by the same corporation and to third parties in at least 23 other countries.
Last week, Coles unveiled plans to invest $1.1 billion over the next three years building 70 new supermarkets and creating more than 16,000 jobs as well as releasing a more detailed description of its privacy policy.

Customers were told that by using Flybuys or online shopping they consented to the privacy policy, meaning data collected was shared with other companies in the Wesfarmers group, including K-Mart, Bunnings, Officeworks and Bi-Lo.

But the retail giant also revealed that the personal information it collects on its customers may be sent to nations such as China, Pakistan, the Philippines, Mexico, the United Arab Emirates, the US and Britain.
Under the Coles policy, personal information - defined as data which identifies someone or which allows a person's identity to be ascertained - can be used in conducting risk assessments for credit and insurance, products that are also sold by the supermarket giant.

Personal information can include name, contact and household details, transaction history and buying habits.
Coles' more detailed policy description was released just before the new Australian Privacy Principles come into force this week, which make businesses list likely overseas recipients of personal data and conform with stricter rules.

Businesses must also take reasonable steps to ensure foreign recipients do not breach the Australian principles or are operating under similar privacy laws in those countries.

A spokeswoman said Coles' global commercial partners had the highest standards of data security and that Coles followed all regulatory requirements and best practice disclosure.

In line with the new legislation, Coles' policy enables customers to access or correct personal information the retailer has collected about them. It does state requests may be rejected, although reasons must be provided if this happens.

Coles said it takes steps to ensure third parties protect the privacy and security of personal information and use the information only for agreed purposes, and it destroys or de-identifies personal information no longer needed. Whenever Coles' online services are used, the company logs the location at which it was used - in cases where this function has not been disabled by the user - as well as dates, times, file metadata and the links customers click on.

The Australian Privacy Foundation vice-chair David Vaile said companies such as Coles should have been revealing where the data was being sent for years and it was unlikely Australian customers would have any comeback if their data was misused overseas.

''You're suddenly at the mercy of someone who's done something wrong who doesn't have to answer to you or your country,'' Mr Vaile said.

''No one running data storage can say, 'your data is safe with us'.''

''At long last we have this new legislation and now we encourage companies to bite the bullet and not just reveal countries they give the data to but companies.''

University of Technology Sydney marketing lecturer Ingo Bentrott said data mining ''sounds very Big Brother but if it's done ethically and you're giving the customer what they want then I think it's OK".

''We already know sales of milk generally go up when customers buy more Milo but data mining is about finding unknown patterns in purchase behaviour. And any information a competitor doesn't have is an advantage,'' Dr Bentrott said.

canberratimes.com.au 9 Mar 2014

In the corporate world of contracts; 
I did not [willingly] authorise my data to be shared with any other party.

Credit card fraud can occur more easily when more 'people' have access to that information.

This 'policy' is also part of the nanny state agenda.

No comments: