I’ve been reading TJX Chairman Ben Cammarata’s Jan. 29 letter to his ‘valued customers” on the TJX web site wherein the aforementioned valued customers learn that Chairmen Ben “deeply” regrets “any difficulties” his customers “may experience” due to “this incident.” I’ll bet he does.Let’s scan his opening paragraph.“In light of our recently announced [you announced it recently; it took place over a month ago] unauthorized intrusion [as opposed to an “authorized” intrusion?] into our computer systems, as the Founder of our Company, I want to say how deeply I regret [you’ll regret it more when the law suits start piling up] any difficulties our customers may experience [you call some slimeball having my credit card numbers, social security number and driver’s license a “difficulty”?] due to this incident [it’s not an “incident,” Ben; it’s a disaster]. Since the inception of our business thirty years ago [who cares how old you are?], our customers have been our top priority [which makes you different than any other businesses how?] and I can assure you [and just what are your assurances worth, Ben?] that you will always come first [first, that is, after the credit card companies; you contacted them right away]. As a Company of 120,000 dedicated associates, integrity is at the center of everything we do. Our business is about relationships – with our customers, our associates, our shareholders, and the thousands of communities we serve around the world. [Blah, blah, blah]. Wouldn’t it be better to just say you’re sorry, Ben? To come out and admit that TJX screwed up royally and you’re going to try to make it right with all the customers whose personal data your company’s incompetence has compromised?The rest of the letter goes on to say that Ben has engaged “two leading computer security and incident response firms to investigate the problem” and he advises his customers to take steps “to protect your credit and debit card information.” Those steps, according to the TJX web site, consist of contacting credit bureaus and banks and keeping an eye on your bank and credit card statements. In other words, it’s all on the customer to protect himself. Ben and TJX aren’t going to do squat except to try to contain the public relations damage.All of which seems wrong to me. But since I don’t pretend to know what TJX could actually do to take some real responsibility, I asked our in-house security experts, Scott Berinato and Sarah Scalet of CIO’s sister publication, CSO.Here’s what Scott said:“If a company loses personally identifying information:1. It must disclose this fact to the individuals affected, and failure to do so will result in possible criminal charges against those responsible for protecting the data.2. It must provide and pay for all services required to prevent the theft from spreading to other agencies, including other banks and lenders, the Social Security Administration, health insurers and credit agencies, and failure to do so will result in fines of $1,000 per customer that this service is not provided to. 3. It must provide and pay for quarterly credit checks for those affected for no fewer than five years, and failure to do so will result in a fine of $1,000 per customer not provided with the service.4. It must provide and pay for all services required to clear erroneous charges, misinformation and other damage resulting from the theft, and failure to do so will result in treble charges to the offending company.5. It must apologize to each customer affected.”And Sarah said: “TJX either needs to prove that they did everything right and that these truly were ‘sophisticated’ intruders or take accountability for the fact that they left the doors open. Right now, as becomes clear from Cammarata’s statement, the responsibility for tracing and dealing with fraud is falling largely upon customers, banks and law enforcement, not on TJX. One way to take accountability would be to voluntarily set up a consumer redress fund, like the one the FTC created for ChoicePoint, that would be used to pay back victims (either customers or banks) if it turns out that TJX was negligent. Putting their money where their mouth is, that kind of thing.”What Sarah and Scott are saying (you can find their excellent work on https://www.CSOonline.com) is that TJX—or any company that collects and stores personal information—needs to be accountable and responsible for what happens when it loses it. Tell me, Is that such a radical thought? Right now, the burden of cleaning up the mess falls upon you and me.To quote Otter from “Animal House,” what business has been telling us when they mess up is, “Hey, you f–ed up; you trusted us.” And as long as that attitude prevails, I don’t think the practice of information security is going to improve.Do you? Related content BrandPost What’s next for network operations Broadcom: 2023 Tech Trends That Transform IT By Serge Lucio, Vice President and General Manager, Agile Operations Division Mar 20, 2023 8 mins IT Leadership Networking BrandPost Digital transformation obstacles: Stubborn challenges, what to do about them Value Stream Management is an increasingly essential approach to strategic transformation initiatives. To help teams more fully capitalize on the opportunities it presents, Broadcom is holding its third annual VSM Summit. By Marla Schimke, Head of Product and Growth Marketing, Broadcom's Enterprise Software Division Mar 20, 2023 3 mins Devops Software Development Feature CEO directives: Top 5 initiatives for IT leaders As organizations change course with economic gyrations, collaboration between IT and business becomes priority No. 1 for CEOs. By Stacy Collett Mar 20, 2023 7 mins IT Leadership Feature Topgolf Callaway tees up digital transformation for global expansion As Topgolf Callaway Brands transitions from focusing on manufacturing golf equipment to integrating its apparel and technology acquisitions, digital transformation is helping drive its future. By Thor Olavsrud Mar 20, 2023 6 mins Digital Transformation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe