Breaking News
More () »

Sacramento's Leading Local News: Weather, Traffic, Sports and more | Sacramento, California | ABC10.com

Verify: Are nightclub ID scanners a privacy risk?

Are nightclub ID scanners a privacy risk?

With the increased sophistication of fake IDs, many local bars have turned to ID scanning systems — and patrons have noticed.

A thread discussing the increase in ID card scanners was one of the most popular posts on the Sacramento subreddit recently. Many Redditors expressed skepticism over the arrangement.

“Just wait until insurance/healthcare providers get their hands on the database and start denying people or jacking up premiums based on how frequent someone visits bars and clubs,” one user wrote. “I'm very curious as to what kind of retention regulation is placed on this data.”

Peter Riccobono, manager at Coin-Op, explained that the ID scanning systems have been hugely beneficial for security.

“We catch a significant amount of fake IDs,” Riccobono said. “It also helps if there’s a fight, or if we have to call the police.”

Many of these systems scan the barcodes or swipe the magnetic strips on the back of government issued ID cards to verify the authenticity of the ID and collect key data to check against it.

But is it risky to allow these systems to collect your information?

Graham Lancaster, director of sales and marketing for PatronScan, said only minimal data is collected from the scan, including name, age, zip code, and sometimes, sex.

“It’s not enough information to steal someone’s identity,” Lancaster said.

Lancaster explained that PatronScan must comply with a number of strict privacy laws in the various jurisdictions it operates — which results in stringent regulations on what they can collect, how they can store it and how long they can retain it.

Data collected is not stored on the bar’s device, Lancaster added. Instead, it is encrypted and stored with PatronScan, who does not sell information to third parties. Only bar staff and police may access data in the event of an incident.

Unless there is “a public safety need” to keep the data longer — such as a police investigation — the data is permanently deleted after 90 days.

Minimal data may also be kept longer in the event of a patron being placed on the “banned” list. In this instance, the bar would only receive notification upon scanning an ID that the patron has been banned.

Other bars within the network would also be informed about a ban placed at another establishment.

“If someone is trouble at another bar, we can see that and have the ability to assess the situation,” Riccobono said.

Verify sources:
Graham Lancaster, director of sales and marketing for PatronScan
Peter Riccobono, Coin-Op manager

Verify resources:
Reddit discussion
PatronScan privacy policy