In 2013, Target was the victim of the biggest retail hacks in U.S. history.  While I’m sure they’ve improved their security since then, I still don’t trust them with my information.

Data breaches are inevitable, and the easiest way to contain the damage is to limit the amount of information you allow to be collected.  It’s why I don’t use social media, why I run my own personal chat server, and why I never give anyone my social security number unless it’s integral to the business I’m doing with them.  Bank?  Fine.  Employer?  Yeah.  Cable company?  Hell no.

Many cable, phone, and internet companies will tell you that they need to get your social in order to open an account. They don’t.  Politely tell them that you don’t give that information out, and ask for an alternative way to identify yourself.  CenturyLink, for example, will take your driver’s license number.  Don’t take no for an answer: I’ve had undertrained customer service reps tell me that a social is mandatory, only to talk to a manager and open an account without one.  If they still demand it (and you’ve got an alternative), refuse to do business with them.

As a result of my paranoia, Target’s behavior made me very uncomfortable while traveling over the holidays.  I found after making a purchase that Target was physically tracking me using information whose source I don’t know, or by making correlations in data I don’t think they should have had.  I sent the following email to Target’s guest relations in response.

Subject: I’m creeped out by your tracking methods.

I was recently visiting family, and stopped in at a Target 1500 miles away from home. Within a few minutes of my purchase, I received an email asking me how the visit went.

What creeps me out is that I used a debit card I’ve never used with Target either in-store or online, and I’m reasonably certain I’ve never installed your app. I don’t have an account on, and I’ve never made any contact with Target on social media. I don’t know how you identified me, but I’m not comfortable with it. I don’t like that you’re keeping my personally identifiable information, and I particularly don’t like that you’re using it to physically track me.

I zealously protect my personal information, and Target doesn’t have the best track record when it comes to securing its systems. As such, I would like:

  • A copy of all information you have gathered on me.
  • To not receive telephone calls, emails, or postal mail from Target, with the exclusion of a reply to this message.
  • For my information to not be shared with other companies.
  • For any and all of my information to be deleted from your systems.

I would like a reply to this message, please.

I’m guessing that my information was retained from a purchase I made a few months ago, so I will not be purchasing anything more from Target online.

I will update this post if and when I get a response.

UPDATE: After a few back-and-forths with Target, I was able to have them remove my information from their systems.  In the first exchange, they only unsubscribed me from email marketing.  In the next, from everything else, and finally in the last they removed me from their databases.