Introduction
TJX launched TJ Maxx to sell family and fashion apparels through an off-price chain in 1976. It opened its first two stores in 1977 and it was a success. TJ Maxx expanded regionally and globally after its inception(TJX, 2015). It has been present online since 2013 and has 1,119 stores in 49 states and Puerto Rico (TJX, 2015). It faced crisis in 2007 when hackers stole information of over 45 million users from its database (Jewell, 2007).
Risk Analysis
Regulatory Risk
(i) Ineffectual Statutory Notification Laws - SBIA (44 states)(RR01)
The civil code – CIV 1798.82 requires individual or businesses with ownership or license for computerized data to disclose a breach of security to the affected person (California Law, 2015). California was the first state to adopt this law followed by 44 others states. In the context of TJ Maxx, this law required TJ Maxx to notify the individuals about breach through a written letter with an exception to use other media based on cost. It is recommended to do so as soon as possible. The failure to comply may result in litigation and resulting charges thereof. TJ Maxx may have to pay some penalties if proved negligent, however it can have a major impact on its public image.TJ Maxx could not identify the theft for a long time and would have even tried to cover it up.
(ii) PCI SSC Data Security Standards(RR02)
PCI SSC Data Security Standards are guidelines to protect the data. PCI Security standards council provides resources to help companies protect credit card data for some charges depending on type of vendor(PCI Security Standards Council, 2015). The in compliance does not imply a direct penalty but may lead to litigations, government fines, insurance claims and bad public image.
These regulations are also applicable to TJ Maxx regarding the security breach in 2007. It will not have severe effect on the company, however it might be proved negligent in doing so which may result in financial consequences and loss of brand image.
(iii) Failure to protect personal information(RR03)
TJ Maxx will be most probably sued for the negligence in the cases described above or any other related laws by mainly two groups, consumers and banks. It can have significant effect on the company’s financial position and going-concern assumption, if proved. However, it will be difficult for plaintiffs to prove negligence on TJ Maxx’s behalf.
Market Risk
Damage to Reputation(MR01)
The worst effect of data breaches is on the public image of the organization. It takes years for an organization to gain the customer confidence, but it may lose it all due to the negligence in the security of data. According to the studies conducted by National Consumer League and Security Matters: Americans on EMV Chip Cards, it suggests that 60% of the fraud victims have lost confidence on the retailers, while 14% avoid certain merchants due to the potential fraud (Wilson, 2014). It has a high risk and high probability because of its long-term effect on sales/revenue of the organization........................
This is just a sample partial case solution. Please place the order on the website to order your own originally done case solution.