Monday, October 1, 2007

Study Finds TJX Data Theft Was Preventable

According to a study conducted by Canadian privacy authorities, TJX failed to utilize sufficient security precautions which would have prevented the security breach experienced by the retail giant earlier this year. Jennifer Stoddart, the Privacy Commissioner of Canada, commented on the report, identifying TJX's information gathering and retention policies, as well as weak encryption technology, as the reason that the criminal groups were able to carry out the largest data security theft to date. Stoddart cited the TJX incident as a wake up call to other businesses that collect personal information.
<"http://news.zdnet.co.uk/security/0,1000000189,39289645,00.htm ">See this article. The Disposal Rule imposed by U.S. regulations is intended to prevent companies from retaining customers' personal information longer than necessary, but unfortunately it only applies to consumer credit reports. Retailers run the same risk of a security breach as TJX does if they do not heed the "wakeup call." Collecting unnecessary information in connection with a transaction and retaining it indefinitely presents an example of sloppy information management, and can provide criminal groups with a treasure trove of data ripe for resale and abuse.

No comments: