In my state, you can buy products with pseudoephedrine over the counter, but the law requires you to show ID to the pharmacist who then logs your name and address. There is absolutely nothing in the law that requires scanning or storing the customer's ID, and I don't know why anyone would agree to let them do it.
>[...] but the law requires you to show ID to the pharmacist who then logs your name and address. There is absolutely nothing in the law that requires scanning or storing the customer's ID, and I don't know why anyone would agree to let them do it.
there is very little difference except one is manual input and one is automated input. so, i am not quite sure i am understanding your objection to one and not the other. either your are ok with your information being recorded, or you arent -- the "how it is entered into the recording system" part seems immaterial to me.
At least where I live, the only information they log when looking at my ID is my name and address. Scanning my ID gives them additional information, which increases the vulnerability.
I don't trust them to store it securely nor to avoid the temptation to use that information for other purposes. The only countermeasure is to prevent them from having that information in the first place.
what other information are you concerned about, present on your id, which is not trivially obtainable by already having your name and address? your height and whether you need glasses is hardly sensitive information (and already available to them -- they record the premises and have your time of purchase).
i dont trust them to store it securely either. my objection is to being okay with your information being placed into a database when that information is manually input, but not okay with it being scanned in. if you arent okay with one method, i dont understand why you would be okay with the other.
we are in agreement that the fact that some random company has to store my information at all is sucky.
I'd say the two most important are the date of birth and document ID (e.g., driver's license number). Both are required by the AAMVA 2D barcode standard used for driver's license in the US and both are extremely valuable for identity theft.
Furthermore, the driver's license number is a primary key that could used to join records created by the scan with records in other datasets, potentially giving the company much more information about the customer than they ever realized or agreed to provide.
There's a major difference -- one involved providing a copy of your ID to a 3rd party and the other does not.
I don't want my identity stolen after I bought some cough syrupe because some dirt-bag third party ID management company that was contracted by a pharmacy didn't do their job.
>There's a major difference -- one involved providing a copy of your ID to a 3rd party and the other does not.
they arent scanning as in photocopying. they are scanning the barcode to get the name/address information
the 3rd party (pharmacy, in this case) gets and keeps the information in both scenarios.
>dirt-bag third party ID management company
this isnt online age-verification stuff. the pharmacy itself is typically the one storing the information, and querying it against a government database.
