ONE of the world’s largest consumer electronic retailers Radio Shack has found itself living a corporate cautionary tale after falling foul of the law over its privacy and data security policies.
The company has found itself in court for exposing its customers to potential identity theft by dumping hard copy and computer media containing data that included addresses and credit card details into a dumpster behind one of its outlets.
The Texas Attorney General’s department was not impressed, accusing RadioShack of violating a new state law – called the 2005 Identity Theft Enforcement and Protection Act – that makes it a legal requirement to both protect and properly dispose of customer information.
The latest lawsuit highlights the potential risk to retailers of legal sanction if they fail to adequately protect customer information.
Last week the US retailer conglomerate TJX reported that more than 40 million credit card numbers and customer details had been stolen by hackers over an 18 month period, exposing the company to regulatory action and lawsuits.
The AG’s complaint against RadioShack in Texas states the company had “failed to safeguard the information by shredding, erasing or other means, to make it unreadable or undecipherable before disposing of its business records.”
It says that thousands of customer records containing names, addresses, telephone numbers and other details had been found in rubbish outside one of RadioShack’s stores in the Texas city of Portland in March this year.
“Identity theft is one of the fastest growing crimes in the United States,” Texas Attorney General Greg Abbott said in a statement.
“Texans expect their personal information to be protected. The Office of the Attorney General will take all necessary steps to ensure that consumers are protected from identity thieves,” he said.
The company has left itself open to a US$50,000 (A$61,333) fine for each violation – running its total potential penalty into the many millions.
For more Retail IT news, click here.