Macy’s Ignores Govt. Subpoena For CRM Records In Lead-Tainted Necklace Criminal Case
Written by Fred J. AunMacy’s, accused by the Los Angeles District Attorney’s Office of selling lead-tainted necklaces, has taken a confrontational—and controversial—stance: It is refusing to share its CRM databases with the government, even if it means that consumers and children who are at risk of lead poisoning can’t be contacted.
Macy’s has declined to comment on the situation—other than an E-mail to reporters saying that it won’t comment—so the only version of events is coming from the D.A.’s office, which says that Macy’s has provided no explanation whatsoever. This leaves open the question of whether Macy’s is refusing to turn the files over for legal—or other—reasons or if it simply cannot access and thereby produce such records, for technological and logistical reasons.
But Los Angeles Deputy District Attorney Daniel Wright said he is leaning more toward the “won’t” as opposed to the “can’t” theory, at least for some of the requested records. “It’s aggravating,” Wright said. “It’s inexplicable to me.”
Wright said he can understand how the retailer might not know the names and addresses of those who used cash to buy the necklaces that were made in China and imported a California business. But those who used a Macy’s card or even another credit card should be easy to identify through computer records, Wright said.
Wright said he was forced in January to obtain a subpoena compelling Macy’s to reveal the customer information. The company hasn’t responded and a discovery hearing is scheduled for April 7.
The question of using CRM data for product recalls is hardly without precedent. When Costco and other retailers learned in January they’d sold food products containing tainted peanut butter, they went out of their way to use CRM information to identify people who bought the products and issue them alerts. They even placed phone calls.
The peanut butter case and the lead-tainted jewelry case are, of course, significantly different in that Macy’s is facing criminal charges alleging it falsely advertised the necklaces as being “lead nickel free.” Once a crime is asserted, even — as is the case here — if it’s just a misdemeanor, a company tends to go into “admit nothing” mode. Nevertheless, Macy’s will be hard-pressed to defend its stubbornness in either the world of public opinion or on a more “corporate citizen” ethical basis.
Macy’s isn’t explaining itself. “Given this is a matter in litigation, we have no comment to make,” was the most Macy’s spokesman Jim Sluzewski was willing to say.
-Marc
April 2nd, 2009 at 7:57 am
Given that all companies, esp ones of the stature of Macey’s, are required to be PCI compliant, I would put forth another reason that they may not be able to produce the info that the Attorney general wanted: masked CC# or that they do not even have any of the CC# stored at all.
Another more sinister reason may be that they are still not PCI compliant and are storing all CC# in plain text? This would be a good reason to NOT hand over their CRM (strictly coming from a PCI perspective).