July 5th, 2007
CA bill would hold retailers responsible for data breaches
A California bill winding its way through the Senate Appropriations Committee will hold retailers responsible for the costs associated with data breaches, reports Computer World.
The bill, introduced by Democratic Assemblyman Dave Jones has already garnered overwhelming approval (58-2) in the State Assembly. If AB 779 passes in the Senate, it will require California retailers to reimburse credit unions and banks for the costs associated with reissuing cards to consumers. AB 779 would also make it illegal to store certain types of authentication data taken from the magnetic stripe on the back of credit and debit cards to be stored by retailers, as well as requiring encryption routines and access controls while storing and transmitting data.
Retailers would also be forced to disclose more details about breaches, including a description of the categories of personal data that might have been compromised.
“We are encouraged that the momentum created by the bipartisan passage of the bill in the assembly has continued to this point in the Senate,” said Bill Cheney, president and CEO of the California Credit Union League, in a statement. “This is a vital measure for California consumers and the credit unions that serve them.”
According to Ron Fong, the league’s director of state government affairs, the legislation has plenty of opposition from a variety of special interests and the National Retail Federation.
“If you store customer debit and credit card information, you must take steps to ensure that the data is secure,” he said. “This is by no means a slam-dunk,” Fong said. “The opposition is huge. We have a lot of people opposing this.”
