Can self-regulation ever ensure compliance?
Macy's refusal to hand over records of lead-laced necklace purchases calls into question the mettle of standards such as PCI
1757 RecommendationsMacy's appears bent on proving that self-regulation doesn't work. And in this burgeoning era of accountability, that doesn't bode well for the tech industry, which relies often on self-regulation to ensure compliance with industry standards.
Back in December 2007, children's jewelry that contained lead paint was pulled from shelves in California. According to the L.A. Times, Mattel and others had to recall millions of "lead-laced" necklaces [PDF] from stores.
[ Cut straight to the key news for technology development and IT management, with our once-a-day summary of the top tech news. Subscribe to the InfoWorld Daily newsletter. ]
If you have ever watched a child play with toys like these, you know the first thing a child will do is put the necklace in his or her mouth -- just to see if it tastes good, I suppose.
Macy's was one of the retailers that pulled the necklaces. But when L.A. Deputy District Attorney Daniel Wright asked for the records of customers who bought the necklaces, Macy's refused to turn over any information. At issue is the ability to notify parents who purchased the necklaces for their children.
From the LA Times:
The department store's lack of cooperation comes nearly six months after the district attorney's office filed misdemeanor charges against Macy's, alleging that it falsely advertised necklaces as "lead nickel free" when they contained a significant amount of lead. Deputy Dist. Atty. Daniel Wright said he subpoenaed the customer information from Macy's in January, but the company has balked at turning it over. He said he believes Macy's customers could easily be tracked using records from credit cards and checks.
The hearing to force Macy's to turn over the records goes to court on April 7.
In this era of compliance, Macy's refusal begs contemplation. After all, it is unlikely that the company is taking a Constitutional stand against turning over customer data to the government, given the age-old doctrine that your right to free speech does not permit you to yell fire in a crowded movie theater.
White Paper
D2D Virtual Tape Library Replication Primer
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
White Paper
An Alternative to Virtualization for Datacenter Cost Savings
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
White Paper
Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
White Paper
Bringing the Edge to the Data Center
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
