2013 Report Found that Company Shares Data with More than 50 Third-Parties
Walmart customers may have had their credit card data stolen by hackers, according to recent news reports. The data was stolen from a third-party, PNI Digital Media, which reportedly operates some of Walmart’s online photo processing store. Although Walmart has not disclosed the number of customers impacted by the breach, the company did take the step of temporarily closing some of Walmart Canada’s online photo site.
In Walmart’s case, this news of a new breach is particularly unsurprising, given that a 2013 study by the Center for Media Justice, ColorOfChange.org and SumOfUs found that Walmart shares consumer data with more than 50 different third parties.
In their story on the recent breach, the New York Times interviewed a security expert who emphasized that these third-party vendors can often put consumer data at risk:
Adam Levin, founder of the security firm IDT911, said the breaches highlighted the importance of more rigorously vetting I.T. vendors at a time when companies outsource more and more of their technology operations. Vendors have often proved to be the weakest link, he said.
The 2013 report also found that Walmart’s massive data collection held the potential for systematic data-driven discrimination by the company. The groups called on Walmart to:
- Be transparent. –
- Explain, in a clear and accessible fashion, how Walmart and their many third party partners are using the consumer information they collect.
- Implement common sense limits to the company’s ability to profile users, similar to many of those recently adopted by the European Union Parliament.
- Give us choices.
- Give users the right to have their data deleted and allow consumers to comprehensively “opt-out” of future online tracking. This includes honoring Do Not Track signals.
- Be fair.
- Explain how the company’s use of predictive intelligence shapes marketing and other business practices, and what safeguards are in place to ensure that it does not result in digital redlining or other forms of discrimination.
The newest data breach suggests Walmart has a long way to go protecting consumer privacy.