I've been reading TJX Chairman Ben Cammarata\u2019s Jan. 29 letter to his 'valued customers" on the TJX web site wherein the aforementioned valued customers learn that Chairmen Ben "deeply" regrets "any difficulties" his customers "may experience" due to "this incident." I'll bet he does.Let's scan his opening paragraph."In light of our recently announced [you announced it recently; it took place over a month ago] unauthorized intrusion [as opposed to an "authorized" intrusion?] into our computer systems, as the Founder of our Company, I want to say how deeply I regret [you\u2019ll regret it more when the law suits start piling up] any difficulties our customers may experience [you call some slimeball having my credit card numbers, social security number and driver\u2019s license a "difficulty"?] due to this incident [it\u2019s not an "incident," Ben; it\u2019s a disaster]. Since the inception of our business thirty years ago [who cares how old you are?], our customers have been our top priority [which makes you different than any other businesses how?] and I can assure you [and just what are your assurances worth, Ben?] that you will always come first [first, that is, after the credit card companies; you contacted them right away]. As a Company of 120,000 dedicated associates, integrity is at the center of everything we do. Our business is about relationships \u2013 with our customers, our associates, our shareholders, and the thousands of communities we serve around the world.\u00a0 [Blah, blah, blah].Wouldn\u2019t it be better to just say you\u2019re sorry, Ben? To come out and admit that TJX screwed up royally and you\u2019re going to try to make it right with all the customers whose personal data your company\u2019s incompetence has compromised?The rest of the letter goes on to say that Ben has engaged \u201ctwo leading computer security and incident response firms to investigate the problem\u201d and he advises his customers to take steps \u201cto protect your credit and debit card information.\u201d Those steps, according to the\u00a0TJX web site,\u00a0consist of contacting credit bureaus and banks and keeping an eye on your bank and credit card statements.In other words, it\u2019s all on the customer to protect himself. Ben and TJX aren\u2019t going to do squat except to try to contain the public relations damage.All of which seems wrong to me. But since I don\u2019t pretend to know what TJX could actually do to take some real responsibility, I asked our in-house security experts, Scott Berinato and Sarah Scalet of CIO\u2019s sister publication, CSO.Here\u2019s what Scott said:\u201cIf a company loses personally identifying information:1.\u00a0 It must disclose this fact to the individuals affected, and failure to do so will result in possible criminal charges against those responsible for protecting the data.2.\u00a0 It must provide and pay for all services required to prevent the theft from spreading to other agencies, including other banks and lenders, the Social Security Administration, health insurers and credit agencies, and failure to do so will result in fines of $1,000 per customer that this service is not provided to.3.\u00a0 It must provide and pay for quarterly credit checks for those affected for no fewer than five years, and failure to do so will result in a fine of $1,000 per customer not provided with the service.4.\u00a0 It must provide and pay for all services required to clear erroneous charges, misinformation and other damage resulting from the theft, and failure to do so will result in treble charges to the offending company.5.\u00a0 It must apologize to each customer affected.\u201dAnd Sarah said:\u201cTJX either needs to prove that they did everything right and that these truly were 'sophisticated' intruders or take accountability for the fact that they left the doors open. Right now, as becomes clear from Cammarata\u2019s statement, the responsibility for tracing and dealing with fraud is falling largely upon customers, banks and law enforcement, not on TJX. One way to take accountability would be to voluntarily set up a consumer redress fund, like the one the FTC created for ChoicePoint, that would be used to pay back victims (either customers or banks) if it turns out that TJX was negligent. Putting their money where their mouth is, that kind of thing.\u201dWhat Sarah and Scott are saying (you can find their excellent work on https:\/\/www.CSOonline.com) is that TJX\u2014or any company that collects and stores personal information\u2014needs to be accountable and responsible for what happens when it loses it. Tell me, Is that such a radical thought? Right now, the burden of cleaning up the mess falls upon you and me.To quote\u00a0Otter from "Animal House," what\u00a0business has been telling us when they mess up is, "Hey, you f--ed up; you trusted us." And as long as that attitude prevails, I don't think the practice of information security is\u00a0going to improve.Do you?