Can self-regulation ever ensure compliance?
Macy's refusal to hand over records of lead-laced necklace purchases calls into question the mettle of standards such as PCI
Follow @infoworldMacy's appears bent on proving that self-regulation doesn't work. And in this burgeoning era of accountability, that doesn't bode well for the tech industry, which relies often on self-regulation to ensure compliance with industry standards.
Back in December 2007, children's jewelry that contained lead paint was pulled from shelves in California. According to the L.A. Times, Mattel and others had to recall millions of "lead-laced" necklaces [PDF] from stores.
[ Cut straight to the key news for technology development and IT management, with our once-a-day summary of the top tech news. Subscribe to the InfoWorld Daily newsletter. ]
If you have ever watched a child play with toys like these, you know the first thing a child will do is put the necklace in his or her mouth -- just to see if it tastes good, I suppose.
Macy's was one of the retailers that pulled the necklaces. But when L.A. Deputy District Attorney Daniel Wright asked for the records of customers who bought the necklaces, Macy's refused to turn over any information. At issue is the ability to notify parents who purchased the necklaces for their children.
From the LA Times:
The department store's lack of cooperation comes nearly six months after the district attorney's office filed misdemeanor charges against Macy's, alleging that it falsely advertised necklaces as "lead nickel free" when they contained a significant amount of lead. Deputy Dist. Atty. Daniel Wright said he subpoenaed the customer information from Macy's in January, but the company has balked at turning it over. He said he believes Macy's customers could easily be tracked using records from credit cards and checks.
The hearing to force Macy's to turn over the records goes to court on April 7.
In this era of compliance, Macy's refusal begs contemplation. After all, it is unlikely that the company is taking a Constitutional stand against turning over customer data to the government, given the age-old doctrine that your right to free speech does not permit you to yell fire in a crowded movie theater.
