tag:blogger.com,1999:blog-6690994337395244641.post2219604618352201043..comments2022-03-30T14:14:56.448-05:00Comments on Paul Melson's Blog: TJX vs. CrYpTiC_MauleRPaulMhttp://www.blogger.com/profile/02530533566781746778noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-6690994337395244641.post-50921745958381833142008-05-24T11:27:00.000-05:002008-05-24T11:27:00.000-05:00Actually, PCI contractual obligations as enforced ...Actually, PCI contractual obligations as enforced by VISA and MC fall under the internal controls covered by Sarbanes-Oxley, so in this case, as TJX is publicly traded, PCI compliance is (or should be) covered by law. Generally, in the annual 10K audits submitted to the SEC, non-compliance with VISA/MC contractual requirements (including PCI) as well any state and federal law (which includes financial privacy laws) are listed as significant risks - thereby non-compliance should be a reportable issue under SOX at least. nellwal - http://whistlersear.wordpress.comAnonymousnoreply@blogger.com