When Joe Golding went to his local Rite Aid pharmacy to pick up a prescription, he was met with a surprise.
The clerk asked for his driver’s license, and Golding didn’t think much of it — until the clerk scanned the license.
“I was taken aback and asked, ‘Why did you do that?’ She said it is store policy to ask for ID now,” the Mercer County man said. “I am normally only asked for a birth date to pick up prescriptions at Rite Aid. I felt uncomfortable.”
A few weeks later, he returned to the same store to pick up another prescription. This time when he was asked for his license, he handed over his work identification card instead.
“She said she couldn’t take that and can’t give me my prescription unless she scans a driver’s license or passport,” Golding said he was told.
He escalated his concerns to a manager, who said scanning was the store’s policy, but he could call the chain’s 800-number to lodge a complaint, Golding said.
“Reluctantly, I did give her my license as I felt like my prescription was being held hostage,” he said.
It’s hard to blame Golding for being worried.
It seems there’s a new data breach every week, leaving us to feel our personal information has been exposed time and time again.
Rite Aid is among the companies that have been targeted recently. It reported a data breach in March 2023 in which the data of some 24,000 customers was exposed. It included names, birth dates, addresses, prescription information — including medication names and prescription dates — and more, it said. Social Security numbers and credit card information were not exposed, it said at the time. It now faces a class action lawsuit over the incident.
And in December 2023, Rite Aid was prohibited from using facial recognition technology for five years as part of a settlement with the Federal Trade Commission (FTC), which alleged the company, from 2012 to 2020, “failed to take reasonable measures to prevent harm to consumers, who, as a result, were erroneously accused by employees of wrongdoing because facial recognition technology falsely flagged the consumers as matching someone who had previously been identified as a shoplifter or other troublemaker,” the FTC said.
Rite Aid didn’t respond to multiple requests to comment.
SCANNING RULES
Driver’s license scans happen in lots of places, and in most cases, they’re not illegal.
Stores often scan your driver’s license to make sure you’re not “a serial returner” — someone who has made a habit of buying stuff, using it and then returning it. Or, nefarious buyers take expensive equipment out of a box, reload it with something else, and reseal the box for a return.
Doctor’s offices will scan your license to protect against insurance fraud by making sure you, as the patient, are the same person on your medical insurance card.
Even schools will scan the licenses of visitors, with some using systems that check the person’s identity against databases of registered sex offenders. Individual schools can even personalize the systems to red flag, for example, parents who have limited rights to see their children.
The 2017 Personal Information Privacy and Protection Act (PIPPA) protects consumers when it comes to scans. It only allows the person’s name, address, date of birth and driver’s license number to be captured.
And there are only certain permitted reasons to scan, the law says. It can be used to verify a customer’s identity, verify someone’s age for purchases like alcohol or cigarettes, to prevent fraud from those serial returners and prevent credit card fraud, among other purposes.
If any of that information is scanned and retained, though, the law says the information must be stored securely and any data breaches must be reported to the New Jersey State Police and the state Attorney General’s office.
Specifically for prescriptions, scans are taken as pharmacies participate in the New Jersey Prescription Monitoring Program, a database that keeps track of pharmacies that dispense controlled substances, such as opioids, to individual patients.
“The monitoring program allows healthcare professionals to see a patient’s prescription drug history with the aim of improving overall prescribing practices and reducing the risk of potential abuse or fraud by patients who obtain prescriptions from multiple providers,” the Attorney General’s office said.
But that information, too, must be protected.
So where does that leave consumers? To hope retailers, medical establishments and other entities that scan licenses take proper care to protect the information.
Golding said he wouldn’t have an issue with showing his license, but it’s the scan that troubles him.
“Now people who have experienced identity theft need a Xanax to go pick up their Xanax,” Golding said.
Please subscribe now and support the local journalism YOU rely on and trust.
Karin Price Mueller may be reached at KPriceMueller@NJAdvanceMedia.com. Follow her on X at @KPMueller.
