TJX handslapped, I get a speeding ticket
I got a speeding ticket last month. I was going 40 something in a 25 mph zone. Never mind the fact that the speed limit abruptly dropped when you turned a corner and small-town cop was waiting right there, pulling everyone over and handing them a ticket--I was wrong and I paid them a hundred something bucks and admitted I was guilty by paying the fine by mail.
How come several big companies were hand-slapped by the FTC yesterday for exposing millions of consumer data records and did not have to pay a single penny in fines? TJX, the parent company of Marshalls and TJ Maxx exposed between 45,000,000 and 100,000,000 consumer credit cards because of improper, even unethical handling of credit card information. If they got hit with something nominal in the way of fines, say, $1 per credit card, they would have had to pay...well, do the math. As a matter of fact, they didn't even have to admit that they did wrong. They were made to agree to some token security fixes, but got less punishment than I did for speeding.
How many cases of identity theft will occur out of those 100 million identity breaches? Say, 1 in a 100? That still means 1 million hard luck cases because of a greedy company not treating their customers' personal information with the respect that's deserved. With an average loss of about $5000 per identity theft, that means TJX cost our country at least $5 billion in damages (assuming that the 1% identity theft percentage holds up--actually history would indicate that it would be much higher).
So why didn't the FTC penalize them? Well, they can't. Congress has never given the FTC the right to financially penalize companies for data breaches. There's something that political candidates could debate. As if they would.
Posted on March 28, 2008
