Fandom

The IT Law Wiki

In re TJX Companies

32,181pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Citation Edit

In re TJX Companies, Inc., FTC File No. 072-3055 (Mar. 27, 2008).

Factual Background Edit

According to the Federal Trade Commission's complaint, TJX Companies (TJX), with over 2,500 stores worldwide, failed to use reasonable and appropriate security measures to prevent unauthorized access to personal information on its computer networks. An intruder exploited these failures and obtained information on 46.2 million consumer credit and debit cards that consumers used at TJX’s stores, as well as the personal information of approximately 455,000 consumers who returned merchandise to the stores. Banks have claimed that tens of millions of dollars in fraudulent charges have been made on the cards and millions of cards have been cancelled and reissued.

Specifically, the agency charged that TJX:

Agreement Containing Consent Order Edit

The settlement with TJX requires it to establish and maintain a comprehensive security program reasonably designed to protect the security, confidentiality, and integrity of personal information it collects from or about consumers. The settlement requires the program to contain administrative, technical, and physical safeguards appropriate to the company’s size, the nature of its activities, and the sensitivity of the personal information it collects. Specifically, TJX must:

The settlement requires TJX to retain independent, third-party security auditors to assess their security programs on a biennial basis for the next 20 years. The auditors will be required to certify that the company’s security programs meet or exceed the requirements of the FTC's order and is operating with sufficient effectiveness to provide reasonable assurance that the security of consumers’ personal information is being protected.

The settlement also contains bookkeeping and record keeping provisions to allow the agency to monitor compliance with its order.

External resource Edit

Also on Fandom

Random Wiki