PAL picture upload for range membership

[Lucky Bernard]

The only way to get a membership at one of my local range if via their website. I have to enter all of my info, PAL# and pictures of my pal. To organize and keep track of their members they use solutions provided by a company called WildApricot, which in turn uses AWS servers. There is really no way for me to know how many admins will have access to my data, how it's encrypted, what are their security protocols etc ... The installations of this range are better than my current range at all levels but at the place I currently go to I can pay my membership cash and they store my info in a cabinet which I am much more comfortable with. I try to convince myself that it's not a big deal that 3 different organizations can have access to my data but I can't get over it. Am I worrying too much about my PAL info???

[thegazelle]

Well, just my opinion here...

If you buy a firearm privately from someone who has to ship it to you, you provide all your PAL info to them for them to get that RCMP reference number and then you need to send them a secondary piece of ID like a driver's license for ID validation, as of the parameters starting last May. In this case you have to trust the seller will not use your data for nefarious purposes, and in my view, someone having a scan of your driver's license with your address is worse. Buying from some firearms retailers would require the same secondary ID validation and some of the site sponsors here even requested a scan of your PAL before last year's changes.

The fact is, anything online in which personal information or financial information from yourself can get compromised. That's just the risk of doing business online. Unless the business has a secure server on premise that is encrypted and on which they store everything, most places rely on some sort of outside party for storage, protection, backup, etc.

One of my clients is a large multi national insurance company. They store a lot of stuff on premise at our data centres, but also have AWS as part of their online presence. This is an insurance company which carries countless amounts of personal and sensitive information. If they would perceive any risk, they would have dropped their third parties long ago.

Businesses, including ranges, recognize this and most reputable ranges would do their best to protect your information. No one can really tell you what you should do here - it all comes down to your own comfort and risk level, and how badly you want to join that club. For some people, sending their PAL scan to their club is no big deal. For others, it may be a deal breaker.

[Lucky Bernard]

Thank you very much for taking the time to write this. Your opinion helps me put things in perspective. I'll think about it for a few days before making a move.