Fast-fashion giant steps up POS game with new partnership
Eager to improve customer service and security at the front end, Forever 21 is converting its point-of-sale (POS) fleet to a single solution.
Through a partnership with Toshiba Global Commerce Solutions, the fast-fashion retailer is adding the vendor’s hardware, equipment and services across all its corporate stores around the globe. The agreement makes Toshiba the chain’s single point of contact for all POS systems, peripherals and original equipment manufacturer (OEM) front and back office retail store technology.
Through the multi-year deal, Forever 21 will adopt Toshiba’s TCx 300 smaller footprint, energy-efficient POS systems and peripherals. Toshiba will also provide the procurement, support and standardization of other store technology, including networking equipment. Leveraging Toshiba’s services solution, the retailer will work with a dedicated project management office and team of service experts that will act as the single point of contact for all help desk requests for POS hardware and all other OEM retail store equipment, according to Forever 21.
Beginning in June, Toshiba will manage the deployment of all retail store equipment, including new POS systems and store servers, registers, displays and printers in current and new corporate stores. The company will also provide maintenance services for both Toshiba and non-Toshiba equipment, as well as asset management services and support.
“Toshiba understood our desire to maximize the value of our retail investment and more importantly, they are delivering expert staff to standardize and manage all of the various store technology and services across our corporate stores,” said Alex Ok, president of Forever 21. “We selected Toshiba as our end-to-end global provider with the goal to reduce our complexity and costs, so our store teams can continue their focus on meeting the needs of our customers.”
Forever 21 operates more than 830 stores globally.
Winn-Dixie Case Puts Spotlight on Website Accessibility/Compliance
A much-anticipated ruling on website accessibility has been issued out of the Southern District of Florida. The ruling in Juan Carlos Gil v. Winn-Dixie Stores (case no. 16-23020-civ-Scola; S.D. FL 2017) requires the attention of businesses across the country that host websites.
To recap, this was a case of first impression. After a two-day non-jury trial, the Honorable Judge Robert Scola determined that Winn Dixie’s website operates as a “gateway” to its physical store locations, and therefore is required to be accessible to individuals with disabilities. The Court determined that “[t]he services offered on Winn-Dixie’s website, such as the online pharmacy management system, the ability to access digital coupons that link automatically to a customer’s rewards card, and the ability to find store locations, are undoubtedly services, privileges, advantages, and accommodations offered by Winn-Dixie’s physical store locations.”
Commentary to the Court’s decision has focused mainly on two portions of the decision: (1) having an inaccessible website violates Title III of the ADA; and (2) a business is required to make its website accessible even though it is a fact that, the Department of Justice has never promulgated enforceable regulations. Instead, DOJ has relied upon the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C) to shape this guidance known as, Web Content Accessibility Guidelines (WCAG).
While this opinion is the first of its kind, the ruling also addresses an important issue: specifically, ADA liability arising from third party links featured on a website. While we agree with commentary to date, we believe this third issue has not received the attention it deserves.
In the Winn-Dixie case, the Court ruled that WCAG 2.0 AA were the guidelines Winn Dixie was required to follow. Conversely, in March, a federal court in California struck down Web accessibility claims where the plaintiff attempted to use WCAG 2.0 as an appropriate standard to make a website accessible.
In Robles v. Domino’s Pizza (No. cv-106599; C.D. Cal 2017) the court held that forcing Domino’s to impose a standard to website accessibility in the absence of regulations “flies in the face of due process.” Winn-Dixie not only holds that WCAG 2.0 is the standard to follow, but also requires website audits reoccur every three months to ensure compliance.
Vendors and Compliance
It is a common practice for businesses to host links on their websites that connect them to partners, vendors, or other third parties. The Court’s ruling this week suggests that even if a business hosts a compliant website, it may be held liable for noncompliance under Title III of the ADA, if it links up to websites that are inaccessible.
The Court in Winn Dixie ruled that “[t]here are 6 different third parties . . . who interface with Winn Dixie’s website so Winn-Dixie needs to make sure that those third parties also make sure that their websites are accessible” and “[t]he Court also finds that the fact that third party vendors operate certain parts of the Winn-Dixie website is not a legal impediment to Winn-Dixie’s obligation to make its website accessible to the disabled. First, many, if not most, of the third party vendors may already be accessible to the disabled and, if not, Winn-Dixie has a legal obligation to require them to be accessible if they choose to operate within the Winn-Dixie website.” This language suggests that an operator or owner of an accessible website may face liability for the noncompliance of vendors that it features through its links.
Advocates may welcome these developments, but businesses should beware. Although this opinion is not binding on other courts, businesses with websites available to the public, may want to consider the following items:
• A Web accessibility plan should be a priority. The Court in the Winn-Dixie case took note that a plan was not in place at Winn Dixie prior to the filing of the lawsuit.
• For companies that have compliant websites, it should be noted that, if they are going to provide a link to another business there should be some effort to confirm the link is to an accessible website.
• Businesses should consider the best practices in the industry, and inquire as to whether their prospective vendor or business partner comply.
• You should also make sure your contracts with your vendors and partners provide provisions to protect your company against website accessibility lawsuits.
This type of litigation is on the rise and will likely have a record year. Until the DOJ issues permanent regulations, there is no end in sight for these types of actions, and businesses need to remain vigilant in their compliance efforts.
Carol Lumpkin and Stephanie Moot are partners, and Shawn Hogue is an associate at K&L Gates’ Miami office, where they counsel and represent clients in connection with the firm’s litigation practice.
Deloitte: Retailers have false sense of cyber-security
A majority of companies, including retailers, are confident about cyber-security, but their confidence may not be justified.
That’s according to “Cyber Risk in Consumer Business,” a report from Deloitte. The report is based on input from more than 400 CIOs, CISOs, CTOs and other senior executives.
According to the study, more than three-quarters (76%) of consumer business executives are highly confident in their ability to respond to a cyber incident. Yet, many face issues that critically impair their ability to do so.
For example, a majority of executives surveyed (82%) indicated their organization has not documented and tested cyber response plans involving business stakeholders within the past year. Less than half (46%) said their organization performs war games and threat simulations on a quarterly or semiannual basis. One quarter (25%) reported a lack of cyber-funding, while roughly one in five (21%) lack clarity on cyber mandates, roles and responsibilities.
“In the study, we found that just 30% to 40% of companies currently investing in platforms, such as consumer analytics, cloud integration, connected products and mobile payments have mature programs in place to address related risks,” said Barb Renner, vice chairman, Deloitte LLP and U.S. consumer products leader.
“Many of these technologies involve a broad set of data types that could expose consumers to much more than stolen credit cards and identity theft,” she added. “Beyond customer data, the risks can range from protecting food safety in manufacturing and supply chains to intellectual property of new products and formulas. Allowing cyber response planning to lag can undercut the upside of investments in advanced digital technologies. It can become a one step forward, two steps back proposition to pursue advanced technologies without equal attention to cyber threats.”
Companies may also underestimate the importance of consumer trust. When thinking about potential cyber incidents, consumer product companies surveyed seem to be primarily concerned with production disruptions (48%) and loss of intellectual property (42%), while 16% are concerned with tarnishing brand perceptions related to trust.
Many U.S. consumers already express heightened security concerns, with a startling number going so far as to delete mobile applications and avoid websites, which can threaten a critical engagement touchpoint for consumer businesses. In 2016, roughly 80% of U.S. consumers felt they have lost control over how their personal information was being used by companies.
“News of breaches cannot only threaten sales of a particular product or brand, but can tarnish broader perceptions consumers have toward connected products in general — jeopardizing billions in future sales growth,” added Renner.
Another potential risk and reward scenario accompanies the interactions between customers and consumer businesses: connected products. These devices may increase the points of entry, opening the door to cyber breaches that can arise anywhere across the entire connected ecosystem, including consumers and third-party vendors.
Among executives surveyed, 32% are not confident their cyber risk management program is effective in maintaining their strategy to develop and market connected products. Their concerns don’t stop there. Changing regulatory requirements are the top concern of 74% of those who deploy connected products, followed by intellectual property theft (71%) and theft of consumer information (66%).
“With less than one-third of companies believing their cyber risk management is effective when it comes to developing connected products, we believe the principle of ‘security by design’ can be an effective strategy,” said Sean Peasley, Deloitte & Touche LLP and cyber risk services consumer and industrial products leader. “By embedding security considerations further upstream in the development process, connected products can be more resilient to cyber threats enabling them to not only make it to market, but stay on the market, potentially avoiding costly and time-consuming recalls and regulatory delays.”
And the top data concern of late: intellectual property. Second only to financial theft, this rising concern is generally mirrored across consumers businesses. To date, IP theft has largely remained in the shadows of more familiar cyber-crimes, such as theft of credit cards and other personally identifiable information, the study said.