California’s Governor Vetoed a Bill on Consumer Data Protection

Arnold Schwarzenegger, Governor of California, on October 13, 2007 vetoed a new bill framed to restrain companies from storing certain payment information from customers, while specifying the information they would require to reveal on account of a breach.

Advocates of issuers of credit cards and consumers championed the Assembly Bill 779 following the large-scale data breach at TJX Company that resulted in the theft of personal account information of over 45 Million consumers. Three bank groups filed a lawsuit against TJX companies for having to bear the extra expenditure of issuing new credit cards to the customers to replace the old ones whose details were hacked.

The California Credit Union League, which issues credit cards, was the author of the new California bill. Among other issues, the bill would outline the data companies to give out when they encounter a data hack, and would also need retailers to protect data more strictly than what measures the Payment Card Industry Data Security Standard currently spells out. The bill would even bar companies from maintaining sensitive data after authorization even though the data may be encrypted.

In a message to members of the California State Assembly, Governor Schwarzenegger said that it is increasingly becoming important to protect private information because the daily commercial transactions are increasingly completed through electronic means. Securityfocus published this in news on October 15, 2007.

But Schwarzenegger added that the bill tries to make law for that area of the marketplace, which already has liabilities and responsibilities to protect the consumers.

With data breaches on an increase, credit unions and banks have to bear a lot of costs as these debit and credit card issuers have to replace the cards, although they had no role in the breach.

In another statement, Schwarzenegger said that the retail industry was empowered to make use of the standards mandatory on the companies, and has the authority to make sure that the standards improve to match the changes in the marketplace and technology. With this, however, the California law may appear to be conflicting with the security standards of the private sector data. TheRegister published Schwarzenegger's message on October 16, 2007.

Related article: Celebrity Image Used For Spamming Once Again

» SPAMfighter News - 11/2/2007