Data gathered by loyalty cards

“Personal data is precious and businesses have to look after it. Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not. When a business fails to look after customers’ data, the impact is not just a possible fine - what matters most is the public whose data they had a duty to protect.”
Elizabeth Denham, Information Commissioner 2016-2021.

A close up of a man as he pulls out a Tesco Clubcard from a black wallet. You can see three other debit cards. “Clubcard accepted” is a phrase that will be etched into the brain of millions of shoppers. The Tesco Clubcard was one of the first supermarket loyalty schemes, and now has 20 million users who receive points for the money they spend in store.

This is not a one-sided relationship though: through loyalty cards, Tesco and a range of other businesses with loyalty programmes now understand more about their customers than ever before. Customers signing up to loyalty cards are agreeing to share details including where they like to shop, how much they would typically spend and what they like to buy – from food and drink to pharmacy and healthcare products.

It also means that organisations are holding large amounts of customers' information, which they then need to keep secure. In 2020, the Information Commissioner’s Office fined the Marriott hotels group £18.4m after their systems were hacked and loyalty card information was accessed.