[Dataloss] TJX: Retail privacy breach foreseeable and preventable, probe finds
lyger
lyger at attrition.org
Wed Sep 26 23:17:29 UTC 2007
Retail privacy breach foreseeable and preventable, probe finds
Carly Weeks, CanWest News Service
Published: Tuesday, September 25, 2007
MONTREAL - The massive security breach that hit TJX Cos. earlier this year
was both foreseeable and preventable, concludes an investigation by the
federal and Albertan privacy commissioners.
"The company collected too much personal information, kept it too long and
relied on weak encryption technology to protect it - putting the privacy
of millions of its customers at risk," federal privacy commissioner Jennifer
Stoddart said Tuesday.
The investigation found the company breached federal and Alberta privacy
laws, which are designed to protect how companies use and collect personal
information.
The company must make numerous changes to the way it collects and uses
customer data, the investigation has concluded. For instance, while the
company will continue to ask for a driver's licence to complete customer
returns, it will now instantly convert the numbers into a unique
identifier and delete the driver's licence number.
[...]
More information about the Dataloss
mailing list