Security matters.
I’m betting that that concept will be top of mind for many of the nearly 2,500 people expected to attend FS/TEC 2007 Oct. 10-13 at the Georgia World Congress Center in Atlanta.
There are plenty of reasons why that could b e. Not the least of which are 2007 deadlines for compliance with the Payment Card Industry group’s new Data Security Standards. The PCI DSS initiative that has fostered feelings of frustration among some restaurateurs is the subject of an Oct. 11 educational presentation at FS/TEC, which is co-produced and co-managed by Nation’s Restaurant News and Robert N. Grimes of Potomac, Md.-based Accuvia.
However, apart from this direct connection between FS/TEC programming and security, there are at least 128 million other reasons why attendees may be thinking about data safety. Among them: That’s the amount of money, $128 million, that Framingham, Mass.-based TJX Cos. Inc. has placed in reserve or written off as future noncash charges to settle a class-action lawsuit and other costs tied to the hacking of its data systems.
The TJX Cos. hacking incident that stretched from mid-2005 through 2006 exposed to potential fraudulent use millions of credit and debit card numbers, as well as driver’s license numbers collected for returns without receipts. Some data stolen from the mass retailer, whose brands include Marshalls and T.J. Maxx, were linked to transactions dating back to 2002.
Word of a proposed settlement in the TJX Cos. lawsuit, which still must be approved by the courts, came late last month.
“We deeply regret any inconvenience our customers may have experienced as a result of the criminal attack on our computer system,” TJX Cos. chief executive Carol Meyrowitz said in a statement about the proposal.
Many consumers probably noted the apology, and some may have appreciated it. And no one is likely to accuse TJX Cos. of dragging its feet in lawsuit settlement talks, as class actions often lumber through the courts for years.
Still, TJX Cos. is not without its critics, and its public ordeal should serve to remind restaurateurs that hackers do exist outside popular fiction and will take advantage of openings.
“The risk of a breach of sensitive personal information held by TJX Cos. Inc. … was foreseeable, but the company failed to put in place adequate security safeguards,” concluded a recent report by the privacy commissioners of Canada and the province of Alberta.
The commissioners are mandated by Canada’s Parliament to guard the privacy and protect the personal information rights of that country’s citizens.
They looked into the TJX Cos. affair because the retailer operates Winners and HomeSense stores in Canada, and Canadian consumer data were lost.
Referring to TJX Cos., Canada’s privacy commissioner, Jennifer Stoddart, said, “The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it.”
According to the Canadian report issued Sept. 25, TJX believes the hackers may have initially gained customer information via the wireless local-area networks at two of its U.S. stores.
The Canadian privacy commissioners faulted the U.S. firm for “not meeting its duty to monitor its computer systems vigorously.”
If PCI compliance pressures and real-world reminders such as the woes of TJX Cos. are not enough to keep the need for solid data security top of mind among all operators, recent legislative action may do the trick.
As of press time, restaurateurs and other business owners in California were waiting to find out if Gov. Arnold Schwarzenegger would veto Assembly Bill 779, as some business groups had urged.
AB 779 would prohibit firms that take credit and debit cards in California from retaining some data acquired from cards; under it, businesses that fail to follow accepted security guidelines would be forced to reimburse credit unions and banks for the expenses entailed in alerting customers and reissuing credit cards after a data breach. The measure would also force card takers to disclose more details about incidents of data theft.
A law requiring merchants to beef up data security and reimburse banks and other financial institutions for costs related to data breaches went on the books in Minnesota earlier this year.
In 2007, at FS/TEC and throughout the restaurant industry and business world, it’s clear that security matters.