[tomwheeler]

At least where I live, the only information they log when looking at my ID is my name and address. Scanning my ID gives them additional information, which increases the vulnerability.

I don't trust them to store it securely nor to avoid the temptation to use that information for other purposes. The only countermeasure is to prevent them from having that information in the first place.

[john_strinlai]

what other information are you concerned about, present on your id, which is not trivially obtainable by already having your name and address? your height and whether you need glasses is hardly sensitive information (and already available to them -- they record the premises and have your time of purchase).

i dont trust them to store it securely either. my objection is to being okay with your information being placed into a database when that information is manually input, but not okay with it being scanned in. if you arent okay with one method, i dont understand why you would be okay with the other.

we are in agreement that the fact that some random company has to store my information at all is sucky.

[tomwheeler]

I'd say the two most important are the date of birth and document ID (e.g., driver's license number). Both are required by the AAMVA 2D barcode standard used for driver's license in the US and both are extremely valuable for identity theft.

Furthermore, the driver's license number is a primary key that could used to join records created by the scan with records in other datasets, potentially giving the company much more information about the customer than they ever realized or agreed to provide.