FORTUNE — Just about everyone knows that feeling of violation when a company digs deeper into your pocket than you want, but new technology is allowing brick-and-mortar stores to invade their shoppers’ Levis for personal information like never before.
With the ability to track customer cell phones, retailers have unprecedented access to shoppers’ habits, from how frequently a customer visits a store to how long he stands at a window display before deciding whether or not to enter the shop.
Such data also offers an opportunity for merchants to work with their shoppers on writing a rulebook so that everyone can benefit, but businesses seem content with the five-finger discount, which poses a threat not only to their reputations, but also to the security of customers’ personal information.
A recent article in the New York Times revealed how stores can use Wi-Fi networks to track customers, even when those customers aren’t on the store’s network. A common argument to justify this prying is that, in an age of oversharing, people expect to be monitored.
MORE: Has the Fed gone too far on bank stress tests?
NSA director Keith Alexander learned just how unfounded this belief is after he was heckled last month at the Black Hat cyber security conference. Upscale retailer Nordstrom
also got the message from unhappy customers after the chain posted signs in its stores letting customers know that they were being tracked. As the Times reported, Nordstrom ended its tracking program in May, in part due to customer displeasure with the practice.
There is no reliable information on how many stores are tracking customers, but based on the growth of companies that offer these technologies to retailers, like Nomi and Euclid, the practice is becoming widespread in all manner of business, from tiny coffee shops to national chains.
Retailers are going about this the wrong way, though. “This is the next generation of customer lifetime value management,” says Eric Bradlow, a marketing professor at the Wharton School of the University of Pennsylvania and the co-director of the Wharton Customer Analytics Initiative. “There’s lots of positive from the customer perspective, such as tailored deals.”
Customer monitoring has been going on for decades, from employees watching people to cameras examining customer reactions to displays, Bradlow says. But delving into people’s pockets to extract information is a new frontier.
Bradlow advocates total transparency by retailers and believes that such a strategy can strengthen the relationship between the customer and the merchant. After all, the goal of tracking is to improve the shopping experience by providing customers with more of what they want in the ways that they want it. By letting customers know that they are being tracked, and offering a simple way to opt out, these businesses eliminate the risk of a backlash following a Snowden-style leak, or worse.
Unfortunately, the ease with which companies can poach information and the value of that information make it unlikely that transparency will become common practice. Nordstrom’s experience will probably serve as a cautionary tale that retailers should keep their mouths shut and keep stealing.
Instead, it should serve as a first step in the learning process of how to tailor the practice of transparency in order to gain useful information without creeping out customers. Maybe Nordstrom should have warned customers before it started tracking them, or offered a simple opt out solution that notified customers of all the great deals they’d be missing if they weren’t tracked.
MORE: J.C. Penney: The reality show
With no openness and no rulebook, companies can do with your information what they please. Yes, it would be great to get a half-off coupon for a television delivered to your phone after making a few trips to an electronics store, but what if your insurance premiums went up after you lingered a little too often around the shelves of certain medications at your local pharmacy? This data can be used in nefarious ways, and there’s nothing to stop the data collectors from selling it to those looking to take advantage.
The current secrecy surrounding the collection of customer data also brings up concerns about security risks. Companies that gather troves of information about their shoppers have an obligation to invest heavily in protecting that data, as well as informing customers about what they collect and how they protect it.
Security isn’t cheap, and the current “invade-now-worry-later” attitude of some companies suggests that keeping this data protected may not be a top priority.
Businesses are beholden to their customers. Just because a person chooses to announce the diaper-changing schedule of his child on Facebook doesn’t give the supermarket where he buys those diapers the right to spy on him.
Still, it is up to consumers to use their power before someone steals their ill-gotten data from companies with inferior security. Shoppers should demand to know how they are being tracked. When they don’t get a satisfactory answer, they should turn off their phones while shopping, or find an app that will block tracking. Just make sure you know what information that app is stealing.