Snapper Card - My Privacy Concerns [Updated]

Funnily enough I have no problem putting up loads of information about myself on the World Wide Web but I am wary of using the newly released Snapper Card*

So why do I worry about this card but not the WWW?
This is my latest comment at the Wellingtonista and half-pie which probably sums it up for me.
What do you think?

So that's the thing ... IF I want to use it like cash then go to the -- hang on, I've got cash in my pocket, why don't I just use CASH? But they, the ANZ and Wgtn bus company are going to penalise me for that. So what do I gain from this "cool-ness" ... a more expensive bus ride home.

And if you are an ANZ member and use your credit card (with any fancy email address) then they can work out who you are.

And if you use the same IP address (broadband anyone) then they can work out it is "probably" one person and do data magic on it - Google is in the European pooh because of exactly this.

So ... it's not really, if at all, "like cash" - we pay for their card, their data tracking, and their dropping of costs by giving them money (the cards aren't free are they?) and more importantly our data - think FlyBuys but no-ones really telling you you're being tracked.

Hmmm, I'm not so sure about this card really ... and it's because they're not telling us the whole story.

Yep, it's the, "We're collecting data about you but we're not telling you what it is and what we'll do with it" that is different to the WWW - and it sucks!

Oh, and it's NOT LIKE CASH!

[Updated] On reflection - it's not about privacy per-se otherwise I'd not be using anything on-line. The Snapper card is removing "choice" for me and the alternative isn't as convenient, although I can see it is for those wanting me to use it. With that in mind I've toned down the following to only include those items that, for me, stand out biiiig time:

As for privacy - you have very little once you start using a Snapper card - this is extracted from their Privacy Policy (at Thursday, July 24th, 2008, 7:41am) - let me make large the bits you may wish to be concerned about:

4. Collection

You may voluntarily provide us with your personal information to enable us to provide you with information or services, respond to your enquiries, carry out a transaction that you have requested, or otherwise use that information in accordance with this Privacy Policy. We may also use automated tools, methods, and systems to collect certain information about you automatically when you use the Card, your Online Account, or the Website. We may collect personal information in the following circumstances:

  1. Card ordering
    ...
  2. Card ordering (and set up an account ie 'register' Card)
    ...
  3. Set up an Account Online and use
    ...
  4. Card registration
    ...
  5. Card use: Adding Stored Value and Time Passes, Paying for Authorised Products
    When you order Stored Value, available now, or later Time Passes for a Card, or use a Card to pay for Authorised Products, we will collect personal information about that transaction. Such information may include:
    • date, time, and location of purchase
    • nature and value of any Authorised Products, Stored Value, and Time Passes purchased
    • ...
  6. Card use: public transport journeys
    When you use a Card for a public transport journey with a Public Transport Operator, we will collect personal information about your journey. Such information
    may include:
    • date, time, and duration of your journey
    • nature and value of your journey (for example, route and fare information)
    • ...
  7. Card use: loyalty card
    When you use a Card in conjunction with a Snapper-compatible loyalty programme, we will collect information about transactions to which the loyalty programme applies. Such information
    may include:
    • date, time, and location of purchase
    • nature and value of any goods or services purchased
    • ...
  8. Card use: identification
    When you use your personalised Card as a form of identification, we will collect additional information about you, which may include:
    • your date of birth
    • any relevant licences or endorsements that you hold
    • other attributes relevant for identification purposes (for example, which school or university you attend)
  9. Card use: access control
    When you use your personalised Card in order to gain access to designated buildings and facilities with Snapper-compatible security and electronic access technology, we will collect additional information about you, which may include:
    • a list of the buildings and facilities you are entitled to access
    • the reason for your access (for example, your employer's name and your position)
    • the frequency and manner in which your Card is used to access the relevant buildings and facilities (including entry and exit times)
    • any other information that the entity giving you access requires us to collect
  10. Card use: ticketing and event access
    When you use a Card to purchase tickets for an event, and to enter the event venue at Snapper-compatible events, we will collect additional information about you, which may include:
    • date, time, location, and value of the ticket purchase
    • ticket and event details
    • the Authorised Merchant's name and other details
    • the frequency and manner in which your Card is used in relation to that event (including recording your entry and exit at the event venue)
  11. Website and Online Accounts
    When you use the Website or your Online Account, we will collect personal information about you, including:
    • your email address, Card number, and password (so we can verify your identity)
    • IP address and host name used by your computer to connect to the Website
    • ...
    • your name and contact details (where you contact us via the Website)
    • ...
  12. Security and fraud prevention

We may gather more extensive information if we are concerned, for example, about abnormal usage patterns, or possible security breaches, or fraud.

5. Credit card details

...

6. Providing information about others

...

7. Your right not to provide personal information

...

8. Retention and storage

We may retain all personal information that we collect under this Privacy Policy (on both our active systems and our archive systems) for an indefinite period. ...

9. Our contractors

...

10. Security

...

11. Use

The personal information we collect will be used to operate the Website, Online Accounts, Card system, to provide other services that you have authorised or requested, and for accounting, operational, statistical, and marketing purposes. We may also use your personal information to:

  1. ...
  2. analyse usage, trends, and statistics for the Website, your Online Account, the Cards, the Card system, and any related services;
  3. ...;
  4. carry out internal research and development;
  5. provide you with information about a service that you are using (including critical updates and announcements);
  6. ...
  7. enable us to use, process, or analyse that information for a specific purpose;
  8. v...; and
  9. carry out any other use that is notified to you at the time of collection, or which is otherwise authorised by you.

12. Disclosure

...

13. Opt-in use and disclosure

...

14. Required and permitted use and disclosure

...

15. Credit checks

...

16. Aggregate information

We may use and disclose, in aggregate, any personal information that we collect under this Privacy Policy, including information which describes and summarises:

  1. your characteristics and preferences (including demographic information); and
  2. frequency and manner in which you use the Website, Online Accounts, Cards, and any related services.
...

17. Access and correction

Where we hold your personal information in such a way that it can readily be identified and retrieved, you are entitled to request access to that information or to obtain our confirmation of whether we hold that information. It is important to us that the personal information held by us about you is accurate, complete, and current. ...

18. Unsubscribing

...

19. Cookies and sessions

...

20. Third party websites

...

21. Privacy officer

...

22. Changes

...


* Snapper card is the new RFID chipped electronic bus/train ticket run by the EFTPOS NZ which is 100% owned by ANZ Bank.

Comments

Anonymous said…
Mike I applaud you for being one of the few people I have encountered that have pointed out the lack of privacy thiS RFID technology gives us. You should read the book Sypchips www.spychips.com or www.caspian.org for some more information. This is just the start - soon there will be RFID in everything including cash and we will be "tracked" like in Minority Report everwhere. I wish there was more public debate about this technology. RFID is now in our passports also.... thanks again Helen