California Bill Would Put Data Breach Responsibility On Retailers - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance
12:35 PM

California Bill Would Put Data Breach Responsibility On Retailers

The bill would require retailers to follow payment card industry data security standards to ensure proper retention and protection of credit and debit card information.

California's legislature has moved a data protection bill that would shift the burden of consumer notification regarding data breaches away from financial institutions and onto retailers.

"We are encouraged that the momentum created by the bipartisan passage of the bill in the Assembly has continued to this point in the Senate," California Credit Union League president and CEO Bill Cheney said in a prepared statement. "This is a vital measure for California consumers and the credit unions that serve them. Data thefts are on the rise in the retail sector, and consumers increasingly find that information stolen at the retail level is used to commit identity theft and plastic card fraud. We must act quickly to close the loopholes in existing law that have allowed retailers to have a pass on this issue for far too long."

The California Senate Judiciary Committee passed AB 779 by a 3-1 vote on Tuesday. The California Assembly overwhelmingly approved a matching bill, authored by Assemblyman Dave Jones, D-Sacramento, in early June, but there's no guarantee it will become law.

"Each step is considerably tougher as the bill moves forward and the opposition gets more intense," Ron Fong, director of state government affairs for the California Credit Union League, said during an interview Thursday.

The bill, which drew bipartisan support in the Assembly, would require retailers to notify consumers when and where their credit or debit card information was lost. It would require retailers to pay for the cost of notification and the cost of replacement cards. It would also require retailers to follow payment card industry data security standards to ensure proper retention and protection of credit and debit card information.

The bill would apply to all companies doing business with Californians.

California's current data breach notification law, the first of its kind in the country, made financial institutions responsible.

"Retailers have enjoyed loopholes because the owners of credit card information are the financial institutions," Fong said. "All they have to do is notify us. We've had the onus of notifying consumers, taking the public relations hit, and paying for the cost of reissuing. We're looking to change that because we think if you broke it, you should fix it. If it's your breach Mr. Retailer, or whoever you are, you ought to pay for it, not the financial institutions."

Groups in the California retail and banking sectors oppose the legislation and could block the bill in the Senate Appropriations Committee, where it must be considered before the fiscal deadline of Aug. 31. If the bill gets through that committee, it still must survive a Senate floor vote and gain approval from the governor before it can become law.

If it does become law, it could serve as a model for federal policy. So far, federal efforts to move similar legislation have stalled, mainly because of jurisdictional disputes between commerce, banking, and judiciary committees in both houses.

"Unfortunately, there hasn't really been any coalescing around a single piece of legislation to the point where it has been able to move forward," said Ryan Donovan, director of federal government affairs for the California Credit Union League, in an interview Thursday.

Other states considering data breach notification bills include Connecticut, Illinois, and Massachusetts. Minnesota (PDF) passed such legislation earlier this year.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll