Thoughts on Walgreens
TL;DR = If possible, avoid shopping at Walgreens.
Note: I have hesitated writing about this because I wanted to give Walgreens the benefit of the doubt, sincerely hoping they would get their act together.
However, their apparent ineptitude in even doing something as simple as handling an “unsubscribe” from their marketing email list – which I never signed up for in the first place – leads me to wonder if they ever shored up their data integrity issues.
My complaints against Walgreens are twofold. Firstly, a somewhat serious issue, is their potential to mix up customers’ medical info. Secondly, admittedly only a minor annoyance by itself, is that they do not actually unsubscribe customers from their marketing emails.
I would just mark all “@walgreens.com” emails as spam, but in the off chance we actually have to use their pharmacy again, I would not be able to receive legitimate notifications from them. Such is my quandary.
1. Customer Data Mixup
(For context: We live in Texas.)
In the summer of 2013, my wife receieved a call from an unknown number, so she let it go to voicemail. The message left was from a Walgreens pharmacy in Flagstaff, AZ. The pharamcist had called to inform us that our son’s prescription was filled, and that we could pick it up.
Perhaps needless to say, this was a bit alarming to us, because we were not sure if someone was using our family’s info to have prescriptions filled in another state. She called the number that was left in the voicemail, with me cautioning her not to “tip her cards,” by giving that person any more info than they may already have, in case it was a social engineering phishing scam.
After talking with the pharmacist for a bit, it became apparent that the only details Walgreens requires to disambiguate between one person and another is name and birthdate. There just so happened to be another boy with the same name, born on the same day, but living in Arizona.
However unlikely, you could see how with the last name “Smith,” this is not entirely outside the realm of possibility. As it turns out, this boy’s father is a doctor in Flagstaff. We got ahold of his office, and he was livid. As a medical professional himself, he realized immediately the implications of pharmacists unintentionally divulging patient info. He said that he was familiar with this particular Walgreens, and would talk to them personally.
2. Repeated Spam
Awhile ago, a chipper Walgreens cashier asked me: “Would you like a paper receipt, or should we just email it to you?” Wanting to be a good Earth citizen, I opted for the latter, dutifully filling in my email address. Shortly thereafter, I did receive a receipt via email. However – maybe this was somewhere in the fine print that nobody has a chance to read while hurriedly attempting to get medicine back home for a sick kid – I unwittingly signed up for a marketing list.
That did not bother me terribly, because I know businesses nowadays are increasingly attempting to stuff their “value adds” into any available customer orifice. As an aside, I chuckle every time I see a piece of physical mail that says:
“Unique offer for Nathan Smith, or current resident.”
When I received that first Walgreens marketing email, I just sighed and thought to myself: “Email me my receipt, indeed!” I clicked unsubscribe as with any other undesireable. Sadly, that seems to have had no effect, nor the eleven times I have unsubscribed since then…
That, coupled with their apparent loose checking around customer data, leads me to believe that Walgreens is just another Sony Pictures hack waiting to happen. Those in charge of Walgreens’ IT seem to be asleep at the wheel, in terms of getting their systematic processes in order. This makes me distrust them as a customer, being uncertain as to how safe my data is in their hands.
While I enjoy the convenience of Walgreens being the closest location to pick up various knicknacks and fill prescriptions, I do not feel safe making anything other than cash transactions. When my wife and I shop there, we avoid using our debit or credit cards.
Also, I recently noticed that a construction project has started for a retail area closer to our neighborhood. I was happy when I realized that it is going to include a CVS pharmacy. That means I will finally be able to block all “@walgreens.com” emails with impunity.
However, just to be on the safe side, I think I will tell the CVS cashier:
“I’ll take a printed receipt, please.”
I am hoping that by writing this, Walgreens will finally take notice and shore up some of their lax data practices. Regardless of any noticable outcome on their part, at least typing this out has been cathartic.
Or, perhaps someone else will come across this post, and it will save them the headache of dealing with Walgreens.
Update: As of April 30, 2015 – They’re still at it…