You Can't Manage What You Don't Measure™

retailThe retail industry faces unique information governance challenges, and there is increasing cross-over between security, legal, IT and compliance for this vertical. The management of sensitive personal credit information (PCI) has increasingly become a concern for the retail and online shopping industries, especially in light of recent breaches like those during the holiday season of 2013. Data breach is naturally followed by litigation, and the duty to preserve information is typically triggered by a breach. The introduction of new technologies and a new generation of hackers have left these organizations vulnerable. Retail cyber security has received increasing attention from the Federal Trade Commission and multiple other agencies that have raised questions about what the appropriate privacy practices and procedures are and how they must not only be implemented, but measured. Considering the amount of sensitive information captured on a daily basis, a practical cyber security approach is now mandatory to make it easier to store, access, protect, retrieve and review personally identifiable information (PII) and PCI. Taking this approach will also make downstream discovery all the more efficient and manageable.

In order to sufficiently address these challenges, corporate parents need to take a top down approach that outlines information management and security requirements, document retention and legal hold policies, directions on how to handle a breach (response team) and compliance training for employees. Poor decisions and/or lack of the appropriate technological investment made by the organization adversely affect the overall system and reputation of the organization. Other issues for retail include

  • The challenge of online and physical locations and information management systems
  • Global reach and cross-border regulations
  • Lack of a central governmental body in the United States to regulate cybercrime, data theft and data breach
  • Need for insurance coverage for data breaches, and the correspondent liability between the corporate franchisor and franchisees if applicable
  • Global implications of privacy requirements for multinationals, data breach and data transfer
  • Posture of pending litigation and motions
  • Sound litigation hold policies
  • Present policies for information management, document retention, privacy, data transfer, data expiry and cyber security
  • Need to revise existing compliance program for Business Associate Agreements, with special attention on cloud solutions
  • Need for updates to the corporate and franchisee data maps
  • Need for a monitoring systems on data flow
  • Need for reporting functionality on a system wide basis for training, best practices and compliance reporting to protect the organization

Legal Hold Demo

Ensure that employees understand their obligations for legal hold and reduce risk for the organization


Watch the Demo

eDiscovery Best Practices

This module is an indispensable tool for organizations that want to reduce the costs and risks associated with litigation.


Watch the Demo

Want to be a Quay Partner?

If your organization would like to explore these opportunities, please contact us with your ideas.


Inquire Now

Contact Us

Fortis Quay, LLC.

Definition: Fortis Quay

Fortis Quay/ fȯr-təs kē / 

: Your safe harbor from the digital storm

: Measureable results for better information management

: Best practices for eRisk reduction and defensible eDiscovery

: Remember, You Can’t Manage What You Don’t Measure™