Frustrated with places asking for P.I.I.

veritas_libertas

I just went out to a place and got my haircut. Having moved to a different state I had to find a new place to get my haircut at. So I walked in and the first thing they asked me for was phone number. I thought that was a little odd, and said no thanks. I mean what were they going to do with it? She then proceeded to ask me for my address which really annoyed me. I again said no, and asked her why she needed that for me to get a haircut

I have been studying for the Security+, and the issue of PII (Personally Identifiable Information) has come up multiple times. A podcast that I was listening to, CSO Online, had a presentation that was done by lawyers in the information security world. One of them said the best rule for PII is to only ask for what you absolutely need. From a lawyers perspective they said PII can be as simple as someones first and last name.

I am really tired of every place I go asking for personal information. My favorite outrage is movie rental places that ask if its alright for them to save my Debit Card information on file to make it easier them to check me out. Yeah, uh huh, it takes what, two seconds to run my card?

Anyone else out there feel the same way? :

skrpune

Yes. I hate the "Can I have your zip code/phone number?" questions at stores. My response is generally, "Um, no, I don't give that out." I usually get a blank stare back. If they NEEEEEEEEEEEEED something to put in to make the transaction go through (I don't think this has ever happened to me yet), I just make something up.

WilliamK99

The haircut place or rental store having your PII should be the least of your concerns....

Your stuff is already out there floating.....

binarysoul

Side effect of 'information technology'.

When it comes to IT, we must either give up 'convenience' or 'privacy'.

the_Grinch

Yeah my haircut place asked for my phone number. The next time I came back they knew which blade to use to cut my hair. The info is out there and there is really not too much we can do to stop it. If you really want to be scared, read this blog:

philosecurity

I do feel your pain though!

msteinhilber

WilliamK99 wrote: »

The haircut place or rental store having your PII should be the least of your concerns....

Your stuff is already out there floating.....

I don't think it's so much a concern for the information being out there, it's more about a time waster (can't we just get on with checking out) and having another retailer with your phone number and address. Surely they don't intend to collect phone numbers and never call or collect your address and not mail you junk mail - I think that is the bigger issue here.

I don't need any additional calls than I get now, so I don't give out my phone number unless I have a reason for a business to reach me back. Same with my address, I despise junk mail - it's just more junk to go through and sort out the good from the bad. It's more to fit into my already busy days.

msteinhilber

the_Grinch wrote: »

Yeah my haircut place asked for my phone number. The next time I came back they knew which blade to use to cut my hair. The info is out there and there is really not too much we can do to stop it. If you really want to be scared, read this blog:

philosecurity

I do feel your pain though!

My salon does the same, with my name

There are places that do use information in ways that are not intrusive such as your example. But there are other places that if you give it out, it's basically giving them permission to solicit you. Sure the information is out there, but flat out giving it out in some cases is asking for more annoyances than you already get.

Kaminsky

The one I love doing is responding to "this could affect your credit rating" with "oh I don't care about my credit rating. Having a poor credit rating is a great way to protect yourself from fraud".

Completely flumexes them and stops them completely in their tracks. They just don't know what to say to that. I don't do loans or a mortgage so there is no need for a credit rating.

Anyone trying to use my financial details will probably end up donating some to me

veritas_libertas

Kaminsky wrote: »

The one I love doing is responding to "this could affect your credit rating" with "oh I don't care about my credit rating. Having a poor credit rating is a great way to protect yourself from fraud".

Completely flumexes them and stops them completely in their tracks. They just don't know what to say to that. I don't do loans or a mortgage so there is no need for a credit rating.

Anyone trying to use my financial details will probably end up donating some to me

My philosophy has always been the higher the credit rating the more the person has a tendency to spend.

veritas_libertas

the_Grinch wrote: »

Yeah my haircut place asked for my phone number. The next time I came back they knew which blade to use to cut my hair. The info is out there and there is really not too much we can do to stop it. If you really want to be scared, read this blog:

philosecurity

I do feel your pain though!

I wouldn't say that I am scared. I give it out to whom I feel has a reasonable reason to have it.

ULWiz

Yeah i give it out as well to certain places. The reason the haircut place wants the information is to send you coupons and specials in the mail. Hence giving out my address saves me roughly 500 bucks a year.

dynamik

Tell me about it! I get so pissed when the pizza delivery guy asks for my address and phone number.

Pash

dynamik wrote: »

Tell me about it! I get so pissed when the pizza delivery guy asks for my address and phone number.

Tell me about it dude! It's also like when I go to buy a suit and cheeky shop attendents ask me my waist size and jacket size, I get them everytime though and lie.............I haven't had a proper fitting suit for years.

skrpune

ULWiz wrote: »

Yeah i give it out as well to certain places. The reason the haircut place wants the information is to send you coupons and specials in the mail. Hence giving out my address saves me roughly 500 bucks a year.

Good lord, I don't spend that much on my hair all year! Granted I grow out my hair and chop it off every 2-3 years to donate, but still - jebus, where do you go for haircuts?!

veritas_libertas

Groan... Okay, so maybe I over react just a little bit... Man, do you guys no how to tease...

Aldur

skrpune wrote: »

Good lord, I don't spend that much on my hair all year! Granted I grow out my hair and chop it off every 2-3 years to donate, but still - jebus, where do you go for haircuts?!

lol, I was wondering the same thing. Saving 500$ a year in haircuts means your spending it least 1000$ a year.

Maybe yearly haircuts for a whole family?

Zartanasaurus

WilliamK99 wrote: »

The haircut place or rental store having your PII should be the least of your concerns....

Your stuff is already out there floating.....

Don't ever get a Person Report from Accurint...

Plantwiz

msteinhilber wrote: »

I don't think it's so much a concern for the information being out there, it's more about a time waster (can't we just get on with checking out) and having another retailer with your phone number and address. Surely they don't intend to collect phone numbers and never call or collect your address and not mail you junk mail - I think that is the bigger issue here.

I don't need any additional calls than I get now, so I don't give out my phone number unless I have a reason for a business to reach me back. Same with my address, I despise junk mail - it's just more junk to go through and sort out the good from the bad. It's more to fit into my already busy days.

+1


I don't give it out, and yes it is out there already, each store I enter doesn't need it. And I'll never give out the right zip code...like they really care. It's mostly for marketing, and I don't wish to receive their materials.

Likewise, they don't get my phone number. Last thing I want is more calls.

Plantwiz

Kaminsky wrote: »

The one I love doing is responding to "this could affect your credit rating" with "oh I don't care about my credit rating. Having a poor credit rating is a great way to protect yourself from fraud".

Completely flumexes them and stops them completely in their tracks. They just don't know what to say to that. I don't do loans or a mortgage so there is no need for a credit rating.

Anyone trying to use my financial details will probably end up donating some to me

Well..only thing better then a bad credit rating is NO credit rating

Good for you on the 'no loan' motto! it is a trend making ground
Can't afford it, don't need it!

eMeS

ULWiz wrote: »

Yeah i give it out as well to certain places. The reason the haircut place wants the information is to send you coupons and specials in the mail. Hence giving out my address saves me roughly 500 bucks a year.

I suspect ULWiz is probably not only talking about coupons received for discounts on haircuts, but all of the other coupons that are sent based on your spending habits...

MS

jamesleecoleman

The biggest one for me was when I was at the recruiters office and I had to retake the ASVAB. I had to give out my SSN out loud infront of other test takers. Anyone of them could have written my number down. So I asked him if I had to out loud. He asked if I knew it and gave then gave me my SSN. There was a guy from MEPS to observe the guy and how he handles giving out the test. He didn't say anything which I thought was odd.

/usr

On a completely unrelated note...

I've never paid for a haircut in my life.

Suckers.

msteinhilber

/usr wrote: »

On a completely unrelated note...

I've never paid for a haircut in my life.

Suckers.

Mom still cuts your hair?

/usr

Hahaha, no way!

She quit doing that like 4 years ago.

Now my girlfriend does it.

RobertKaucher

skrpune wrote: »

Good lord, I don't spend that much on my hair all year! Granted I grow out my hair and chop it off every 2-3 years to donate, but still - jebus, where do you go for haircuts?!

I have found the best way to save $ on hair cuts is to just go bald. It helped me!

msbachman

Thought I'd weigh in on the original topic, I work at Radioshack and gathering PII is a necessary component of our job. Some of the reasons for doing it are legitimate, e.g. getting information for running a credit check for opening lines of credit, buying cell phones. Also, we can use it to keep track of information in case that you lose your receipt and try to redeem an extended warranty.

These, in my opinion, are totally valid uses of PII. However, if you're some sort of conspiracy theorist, just make up a fake name/address. Then, expect to remember that info if you come in and ask us to help you redeem a warranty, get a copy of a receipt, etc.

I also think there's a whole bunch of bullshit out there about PII; what do you care if a store has the same info contained in a phone-book? Like you're going to be slandered if connected to purchasing resistors and thermal paste...give me a break! All the while, these same customers don't hesitate to pay with plastic, giving an opportunistic minimum-wage earner credit card numbers and a signature.

I'm definitely not admitting guilt to doing anything unethical/illegal, but if you really want to front like you're security-conscious, why don't you ask the 7.25$/hr. clerk about the safeguards in place to protect credit-card information in route to the central server from the POS reader? While you're at it, jump behind the counter and examine the entire mess of cords for hubs and laptops running a sniffer.

At my current job, Radioshack, I've been asked numerous times about why we collect PII for sales that don't necessitate it. The aforementioned concern--in my opinion, much more dangerous, has not been brought to my attention by a single customer!

I'm not directing this post at any specific forum member/members, I'm just frustrated by this topic, that people can apparently be so concerned with their PII, and have so little creativity/intelligence to make up a fake persona. Of course, the one other option would be to just refuse to frequent businesses that demand PII in the first place.

FYI, in the establishments that I frequent, you're being recorded via CCTV, often watched actively by security personnel. What about that for a breach of PII?

veritas_libertas

msbachman wrote: »

Thought I'd weigh in on the original topic, I work at Radioshack and gathering PII is a necessary component of our job. Some of the reasons for doing it are legitimate, e.g. getting information for running a credit check for opening lines of credit, buying cell phones. Also, we can use it to keep track of information in case that you lose your receipt and try to redeem an extended warranty.

These, in my opinion, are totally valid uses of PII. However, if you're some sort of conspiracy theorist, just make up a fake name/address. Then, expect to remember that info if you come in and ask us to help you redeem a warranty, get a copy of a receipt, etc.

I also think there's a whole bunch of bullshit out there about PII; what do you care if a store has the same info contained in a phone-book? Like you're going to be slandered if connected to purchasing resistors and thermal paste...give me a break! All the while, these same customers don't hesitate to pay with plastic, giving an opportunistic minimum-wage earner credit card numbers and a signature.

I'm definitely not admitting guilt to doing anything unethical/illegal, but if you really want to front like you're security-conscious, why don't you ask the 7.25$/hr. clerk about the safeguards in place to protect credit-card information in route to the central server from the POS reader? While you're at it, jump behind the counter and examine the entire mess of cords for hubs and laptops running a sniffer.

At my current job, Radioshack, I've been asked numerous times about why we collect PII for sales that don't necessitate it. The aforementioned concern--in my opinion, much more dangerous, has not been brought to my attention by a single customer!

I'm not directing this post at any specific forum member/members, I'm just frustrated by this topic, that people can apparently be so concerned with their PII, and have so little creativity/intelligence to make up a fake persona. Of course, the one other option would be to just refuse to frequent businesses that demand PII in the first place.

FYI, in the establishments that I frequent, you're being recorded via CCTV, often watched actively by security personnel. What about that for a breach of PII?

Hmm, I thought I would weigh back in since I did start this whole thread

I grew up in a law enforcement family (yes that does have a tendency to make you paranoid) and we always had an unlisted number. There are certain people that do not like handing out their PII. I really sincerely dislike everyone having my info. I realize that the government has more than enough info on me and equally dislike that. I really don't think that make me or anyone else a conspiracy nut Anyway, I guess everyone will feel different about this. Does anyone at all find it strange though (I realize this is sorta off topic) how much more this coming generation is willing to hand out information about themselves on Facebook? I am kind of shocked by the stuff willing given on there. I figure someone will eventually figure out how to hack into Facebook's servers/databases and mine the info for profit somehow.

dynamik

msbachman wrote: »

I'm definitely not admitting guilt to doing anything unethical/illegal, but if you really want to front like you're security-conscious, why don't you ask the 7.25$/hr. clerk about the safeguards in place to protect credit-card information in route to the central server from the POS reader? While you're at it, jump behind the counter and examine the entire mess of cords for hubs and laptops running a sniffer.

This is exactly it. The only identify theft I've been victim of was when my wife (at the time) tried to open a CC at a jewelry store, and the guy simply used her information to get a bunch of jewelry for himself. It was an open-and-shut case with relatively little hassle, but it could have been really bad had he sold that information off or had been smart with how to use it. I'm more concerned about giving a waitress (oh excuse me, wait-person, sorry fellas) my CC than giving out my phone number somewhere.

While I never give out any information unless absolutely necessary, I also think it's a bit silly to get worked up over most of this since, as mentioned, it's usually just used for marketing. I don't want to receive any more phone calls or junk email either, but it's not the end of the world either. I'm much more concerned about how important information, such as loan applications, medical information, or anything else that is actually important is secured. Especially since I know for a fact that in most cases, it's sub-par (at best).

msbachman

veritas_libertas wrote: »

I grew up in a law enforcement family (yes that does have a tendency to make you paranoid) and we always had an unlisted number. There are certain people that do not like handing out their PII. I really sincerely dislike everyone having my info. I realize that the government has more than enough info on me and equally dislike that. I really don't think that make me or anyone else a conspiracy nut Anyway, I guess everyone will feel different about this. Does anyone at all find it strange though (I realize this is sorta off topic) how much more this coming generation is willing to hand out information about themselves on Facebook? I am kind of shocked by the stuff willing given on there. I figure someone will eventually figure out how to hack into Facebook's servers/databases and mine the info for profit somehow.

Yeah, I didn't mean to come across as if I was implying you to be paranoid or a conspiracy nut. I apologize if you took it that way.

That said, I definitely think of myself as more paranoid as most, but the post above that I did was in reference primarily to the frustration of customers who become angry when we ask for PII for returns. In my case, I would just make something up, it's frankly a stupid policy for the most part, but stupid policies are nothing new to businesses and customers. Radioshack, which is the company that probably attracts more attention for PII than most, is the company that I work for, so you have to consider that my viewpoint is probably colored by all of the frustrations of customers complaints in regards to our policies.

And I definitely agree with you regarding PII being exploitable, but there's a differing level between giving someone a name/address/phone number (relatively unexploitable) to giving someone a credit card/SSN (relatively exploitable). My frustrations are tied to the fact that we are too strict with giving people the former and too lenient in giving people the latter.

packardhell1

/usr wrote: »

Hahaha, no way!

She quit doing that like 4 years ago.

Now my girlfriend does it.

With a Flowbee and a vacuum?

I don't mind giving my zip code or name out, but I probably shouldn't. I just put my name and zip into The Official WhitePages - Find People for Free and it brought up my full name, address, my approximate age, my wife's name, and a map of my house's location. My dad NEVER gives his information out. I searched by his name, and all his information displayed. If they (meaning anyone) want the information bad enough, they will get it.

The haircut thing is a great idea though, and it means a consistent cut each time.

veritas_libertas

msbachman wrote: »

Yeah, I didn't mean to come across as if I was implying you to be paranoid or a conspiracy nut. I apologize if you took it that way.

That said, I definitely think of myself as more paranoid as most, but the post above that I did was in reference primarily to the frustration of customers who become angry when we ask for PII for returns. In my case, I would just make something up, it's frankly a stupid policy for the most part, but stupid policies are nothing new to businesses and customers. Radioshack, which is the company that probably attracts more attention for PII than most, is the company that I work for, so you have to consider that my viewpoint is probably colored by all of the frustrations of customers complaints in regards to our policies.

And I definitely agree with you regarding PII being exploitable, but there's a differing level between giving someone a name/address/phone number (relatively unexploitable) to giving someone a credit card/SSN (relatively exploitable). My frustrations are tied to the fact that we are too strict with giving people the former and too lenient in giving people the latter.

Out of curiosity, why would Radio Shack attract it more? Did something happen in the news lately that I missed?

It's not so much that information is less important (though I understand that) its the fact that its becoming more and more common for it to be asked for. I don't mind giving it for some things, I have my photo digitally placed on my Credit Union account. This protects me so I don't mind it. I guess its just my disgust with the fact that companies feel the need for personal information.