My Thoughts on ID Scanners

Last week I had the misfortune of having my ID scanned. My coworkers were having a happy hour after work and we decided to meet up at True North Tavern in North Park here in San Diego. I didn't know the bouncer was going to scan it, in fact, he didn't tell me what he was going to do. I didn't realize what he had done until my ID picture popped up on the black podium-like scanner machine's screen. I asked him, "are you guys keeping my driver's license data?", to which he responded, "read all about it over there" as he points to a laminated piece of paper describing the scanner, the need to scan IDs, etc. 

What I don't understand is the lack of communication prior to scanning my ID. Where was the consent that I gave? It surely wasn't verbal, so did I "give" consent merely by wanting to enter their premises? I don't think so. Sure, I wanted to go in, but by no means do I want my ID data anywhere for these people to have. Had they asked me for permission to scan my ID, I would have turned around and gone elsewhere. 

So, why does this matter? Why do I care about having my ID scanned? Well, for starters, let's talk about all the data breaches that have happened in just the last year. I'm talking about Target, Home Depot, Anthem, and (most shocking) the OPM data breach. These types of data breaches have become more common and I wouldn't be surprised if these ID scanners don't offer high-level encryption or security. 

Aside from the potential flaw in data safekeeping, I also care about my privacy. I don't want these ID scanning entities to "data mine" my ID information and potentially connect it to the credit card I used that night. Besides that potential risk, the following are a few ways that a decent analyst can use data gathered from ID scanners: 

• Link your ID to your credit card used at the bar and figure out how much money you spent
  • Offer promotions (VIP) to people who spend a certain amount.
• Log the time you entered the bar and keep a log of the frequency of your visits.
  • This could then be used to see what days you typically frequent the bar and could maybe be used to figure out when clientele is low/high to determine staffing needs, for marketing campaigns to draw more customers in on low-visit days, etc.
•  Log your date of birth
  • Send you marketing material on your birthday 
  • Create an age breakdown of clientele. 
• Log your address
  • Send you marketing material
  • Match customers to zip codes to figure out what zip codes frequent the bar. Offer discounts to people from certain zip-codes.  
• Log your picture ID
  • Create an internal "face" book with clientele who have visited the bar

Aside from the above, bar owners claim these ID scanners are good because they keep banned people out and to ensure there are no under-age drinkers or people who double scan IDs (when you let someone in front of you borrow your ID). Fair enough.

What scares me is what the ID scanning companies might do with the data. Do they keep a copy of each bar's data? I would assume so, seeing that these machines alert bar owners to trouble-making patrons.There has to be some sort of data sharing. Also, how safe is their database? Would it be easy to hack into? 

Ultimately, who knows how the data is being used after your ID is logged or how secure it is, but I don't like it. I am aware that other companies have your data (Google, Facebook), but it's right there in the terms and conditions. Bouncers at these bars don't tell you until after they've taken your information (if ever), which doesn't seem right. For me, the cost of having my ID scanned and logged outweighs the benefit of visiting such bars. No thank you, so I'll take my business elsewhere.