Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"I have been the recipient of Agent.JEN.Trojan through an email suggesting a UPS parcel (including..."
on Trojan disguised as UPS delivery note
by Vincent Laing | Nov 13, 2008 4:01 PM
Corporate Data

California moves closer to making retailers responsible for data breaches

  • Email a Friend
  • Print Page
California moves closer to making retailers responsible for data breaches
Related Articles
By Jim Carr
Jul 4, 2007 11:24 AM
Tags: California | moves | closer | to | making | retailers | responsible | for | data | breaches
The state Senate Judiciary Committee passed AB 779 on a 3-to-1 vote, bringing it into step with the state Assembly, which in June approved a matching breach notification bill, authored by Assemblyman Dave Jones, D-Sacramento.

As with California SB 1386, which requires financial institutions to notify California consumers when they lose personal information, the bill would apply to all companies doing business with state residents.

"This is good for consumers. It's a bill that's long overdue," said Joe Ridout, a spokesman for Consumer Action, a non-profit consumer-advocacy group.

"Putting the responsibility on retailers is appropriate when there's been a data breach because retailers simply shrug off the burden and pass the mess they've made off to consumers."

The assembly bill, passed with overwhelming bipartisan support, would require retailers to notify consumers after losing credit or debit card information.

Retailers would be required to pay for the cost of notifying consumers and replacing their cards, and they would be forced to follow Payment Card Industry (PCI) standards, which mandate security for credit and debit card information.

California's legislation is "the reason why many people in other states have been notified" of data breaches in the last couple of years, Ridout said. He pointed to the ChoicePoint data breach of February, 2005, which became well known because of SB 1386.

The bill faces approval by the Senate Appropriations Committee this summer, then a vote by the full Senate. The bill then must be signed into law by Gov. Arnold Schwarzenegger, a Republican.

Such a law could serve as a model for federal policy, although efforts to pass similar federal legislation have stalled in committee in both houses of Congress.

Minnesota legislators passed a similar bill, the Minnesota Plastic Card Security Act, which regulates the storage of consumers’ personal information after a purchase.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Breaches & Exposures Whitepapers
 
Popular Tags
banks breaches business conference corporate cybergang data hackers identity loss moles party pki prevention responsible rsa ssl steal stolen tmobile