informa
/
Commentary

Mining WiFi Data: Retail Privacy Pitfalls

WiFi data mining starts with anonymous tracking, but it can lead to personal details in social profiles. Interop New York session explores opportunities and limits for retailers.

the retailer wants to know these customers and is prepared to deliver value in return, such as price and inventory checks.

Another popular value-add shopping app feature is a way-finder utility that lets customers search for departments or specific items with their smartphones. These features display store maps and directions and can point out promotional items along the way. With loyalty-program integration, shopping apps can offer deals on frequently purchased items, recommended accessories for items in the shopping cart, or cross-sell items based on past purchases.

[Are there any standards in this domain? Read NIST Drafts Mobile App Security Guidelines.]

Exploiting location intelligence, retailers can detect whether customers leave the store without making a purchase, and they can geo-fence nearby competitors to see if shoppers are defecting to particular stores. These analyses aren't limited to WiFi range. With terms-of-service permissions granted through WiFi logins, loyalty program agreements, or social network logins, some retailers are tapping into GPS-based location information. The insight derived can help answer the question, "What can I do differently that will get customers to purchase in my store versus going to them?" says Adzima.

Of course, using location data crosses into what many would consider to be the creepy, invasive realm. But there are far worse examples of (mostly obscure) apps that can exploit almost anything in a social profile, says Adzima.

"Some of these apps can build complete profiles of who you are and what you like to the point that it becomes scary," he says. "I don't think retailers need all that information, and there's also the question of how they are securing that information if they're storing it?"

Ryan-Adzima.jpg

PCI standards and requirements to secure credit card data, but there are no requirements, standards bodies, or regulatory guidelines demanding encrypted storage or preventing sharing of social-profile data, Adzima points out.

"I would rather give out my credit card number than my social profile, because at least I can change a credit card number," he says.

In his presentation in New York, Adzima will get into the vendors that are supplying these systems, and he'll also examine "where the technology is getting ahead of the ethical discussion." For example, terms-of-service agreements for apps that track location information tend to be pages long, but Adzima is an advocate for leading with plain-English statements about data uses and benefits that are clearly displayed on login pages. He also advocates consumer education, but who is going to take responsibility for that?

"I don't have all the answers," Adzima admits. "We need to advance the discussion, get the vendors and retailers involved, and make sure that people are able to safely shop without worrying about their information being stolen or sold."

In fact, that discussion should be taken out of the context of just retailers and shopping and applied to big data analysis, where mobile, social, and online behavior data is often seen as fair game and there's too little thought given to data-ownership, ethical, and security questions that are too seldom raised. Let's not wait for scandals or, worse, tragedies, to spark the discussion. 

In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.