California Governor Arnold Schwarzenegger vetoed a bill on Saturday that would have prevented companies from retaining certain sensitive payment data and spelled out what information firms would need to disclose in the event of a breach.
The bill, identified as Assembly Bill 779, would have prohibited the storage of "payment verification codes, ... PIN verification values, or any payment related data that is not needed for business purposes," according to a legislative analysis of the bill. The regulation also spelled out what information companies would have to include when notifying customers of a breach.
Gov. Schwarzenegger argued that implementing the rules would be too onerous for businesses, especially small ones.
"Clearly, the need to protect personal information is increasingly critical as routine commercial transactions are more and more exclusively accomplished through electronic means," Gov. Schwarzenegger said in a message accompanying the veto. "However, this bill attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers."
This year has been a particularly bad one for credit-card data. In January, retail giant TJX Companies -- the owner of Marshalls and TJ Maxx -- announced that online data thieves had stolen the account information for at least 46.5 million credit and debit cards. Despite the fact that the data has been used for a significant amount of fraud, retailers are still resisting the push to secure their data.
The increase in data breaches has cost banks and credit unions a great deal of money, as those credit- and debit-card issuers are the ones responsible for replacing cards, even if they bore no responsibility for the breach. Three bank associations sued TJX Companies earlier this year for the cost of replacing their customers' credit cards following the TJX breach. The latest California bill was authored by the California Credit Union League, whose members issue credit cards, among other services.
""This is disappointing news for consumers throughout California who remain without protection from data and credit card thefts, and for credit unions who have committed substantial resources in time and dollars to reissue cards to members," the group's President and CEO Bill Cheney said in a statement.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos