Continuing in the PCI compliance vein...
Earlier this month, InformationWeek reported that Apple is facing a class-action lawsuit brought under the Fair Credit Reporting Act alleging that the computer maker was not properly protecting customer data. The plaintiffs allege that Apple violated the FCRA because its purchase receipts show the customer's full name, address, phone number, and e-mail address, as well as credit card expiration date. Including all of that information on the receipt, they argue, increases the risk of identity theft.
And in case there's any question, it isn't that Apple's practices have actually resulted in identity theft, the story points out. An attorney for the plantiffs says:
We're not alleging and we're not seeking any damages related to actual identity theft.
The problem is simply that Apple is not complying with the law. Whether such noncompliance is intentional or unintentional is irrelevant, according to a recent Supreme Court decision, InformationWeek reports. And the fact that compliance would be rather simple and inexpensive certainly won't help Apple's case.