Sears puts customers' buying histories on the Web
Sears Holdings has come under fire from privacy advocates for making the purchase
history of its customers publicly available on its Managemyhome.com
Web site.
Manage My Home is a community portal where Sears shoppers can download product
manuals, find product tips and get home renovation ideas.
The Web site has a feature called "Find your products" that lets
users look up past purchases. Ostensibly, this is designed to help customers
keep track of items they've bought from the retailer, but the site also lets
them look up the purchase histories of other people.
"Sears offers no security whatsoever to prevent a Manage My Home user from
retrieving another person's purchase history by entering that person's name,
phone number, and address," wrote Ben Edelman, an assistant professor with
Harvard Business School, in a blog
posting.
This is a violation of Sears' own online privacy policy, which does not allow
the company to share users' purchase history with the general public, Edelman
said.
The information could be misused by scammers, said Benjamin Googins, a CA senior
engineer who has also written about the issue. "A potential burglar or
scam artist could quite easily sit at home with a phonebook, checking to see
what people in a given neighborhood had purchased," he wrote.
Googins said that he was able to track purchases as far back as 1978 on the
site.
One Sears customer said he was upset by the disclosure.
"It's pretty amazing that in 2008 a major corporation such as Sears Roebuck
can show such blatant disregard for the privacy of its customers. It definitely
will make me think twice before ordering from them again," said Doug Fuller,
an Oakland, California, realtor. "It's not like it is some rinky-dink company.
This is a major corporation. And with all the identity theft going on, this
is the best they can do?" he said via instant message.
A Sears spokeswoman did not respond to a request for comment. Sears Holdings,
the owner of the Sears Roebuck and Kmart department stores, is the third-largest
retailer in the U.S.
This is the second time Sears has come under fire for privacy concerns in recent
weeks. In December and early January, Googins and Edelman blasted Sears for
downloading invasive ComScore Web tracking software to some users of its MySHCcommunity.com
Web site without adequate disclosure.
Sears has defended its use of the tracking software, pointing out that users
are notified of the software's features before they download it.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
