May 2008. Businesses that collect consumers' personal information have been reminded again: Protect that information or face painful consequences.
Retailer TJX Cos. and data brokers Reed Elsevier (REI) and Seisint, in settlements with the Federal Trade Commission
(FTC), agreed last week to have their security programs audited every other year for 20 years. The companies must
retain independent, third-party security auditors to do the job. They also must implement stronger security programs
and be subject to provisions that enable the FTC to monitor compliance.
TJX, which owns T.J. Maxx and other discount retail stores, in January 2007, disclosed that hackers had broken
into its computer network, exposing at least 45 million credit cards to fraud. Banks that sued TJX estimated that
more than 100 million cards were affected. Seisint, acquired by REI in 2004, allowed customers to use "easy-to-guess
passwords" to enter its Accurint databases, the FTC stated. Identity thieves broke through the barriers.
In 2005, a shoe outlet and a wholesale club reached similar agreements with the FTC after security breaches.
In addition to measures imposed by the FTC, at least 35 states have legislation in place regulating the
handling of consumers' personal information
-- commonly defined as a person's first and last names in combination
with a Social Security, driver's license, credit or debit card number. Most impose penalties on businesses
that fail to report security breaches. Businesses also must meet standards established by the payment card
Ballard Spahr has counseled businesses of all sizes in how to securely maintain personal information and
become PCI-compliant. To discuss this or related issues, including best business practices to avoid state
and/or federal enforcement action resulting from data security breaches, please contact
partner-in-charge, White Collar Litigation Group, at 215.864.8333.
Click the icon to the left to listen to this article.
Copyright © 2008 by Ballard Spahr Andrews & Ingersoll, LLP.
all rights reserved.
Gina Maisto Smith is of counsel in the Litigation Department and a member of the White Collar Litigation Group, Health Care Group, Corporate Compliance and Investigations Group, the Medicare Part D Compliance Team and the Higher Education Industry Group in Ballard Spahr Andrews & Ingersoll, LLP.
Cecilia Isaacs-Blundin is an associate in the Litigation Department and a member of the White Collar Litigation Group in Ballard Spahr Andrews & Ingersoll, LLP.