In Australia, pets are micro-chipped, meaning a small chip, the size of a grain of rice, is placed just under their skin. If the pet is found, it can be scanned and looked up in a national database and the owners can be identified and contacted. This organisation has strict privacy laws and, I would hope, computer security policies that enforce, log and audit access to this information.
My partner’s daughter went to a friend’s birthday party at Build-a-Bear last weekend and came home with a lovely stuffed toy in a dress, and she excitedly told me that it has been chipped so that if lost, it can be scanned and returned to her. I thought it was odd and let it be.
Then, this morning, I read an article about a school in the US who are now tacking all of their students via RFID chips in their name badges, and I got to thinking more about the to from the weekend.
If it’s true, and Build-a-Bear do chip the toys, I wonder what information is stored against the entry for the toy in the system. My partner’s name and contact number? An address? My partner’s daughter’s name? The name she gave her toy? I would imagine, if they’re trying to be cute and mimicking the pet micro-chipping programme, that they’d have all of this information.
Now, I wonder what computer security provisions they have in place for this data. If I were to get a job at Build-a-Bear tomorrow, could I access all the information? If someone brought me a lost toy, could I scan it and retrieve it’s owner’s information? Could I look up information without the toy being present?
Furthermore, can a parent contact Build-a-Bear and request a report of all the lookups that have been made against their child’s toy.
Whether or not Build-a-Bear do chip their toys, we, as a society, don’t tend to think about where our personal information is going, or who might have access to it, until after the event. And I’d wager even more of us don’t know what the process is to update, have removed, or get a report on the usage if that data.
Do you have any stories of data collection that seemed over the top or rife for misuse? What about suggestion of how we can avoid a pandemic case of the unquestioned sharing of all our information?