California's State Assembly looking to make retailers liable for security breaches
Posted on Friday, August 31, 2007
California’s State Assembly’s Committee on Appropriations voted 12 to 3 today on bill AB 779 which would make California the second state to codify PCI Security Standards AND make retailers liable for losses incurred from a data breach. The bill now moves forward to be reviewed by the full Assembly which will vote by June 8th.
The legislation would also require retailers to notify consumers if a data breach occurs and shifts the responsibility of sending out notices and card reissuance campaigns from financial institutions to merchants.
Comments
Benjamin Wright said on Friday, October 05, 2007:
In AB 779, proposed Civil Code Section 1724.4(b) is poorly drafted and confusing. It is not clear whether 1724.4(b) covers Internet and mail-order merchants (although the legislature probably did desire to cover those merchants). 1724.4(b)(2) is muddled about what does and does not constitute "sensitive authentication data" that a merchant is forbidden from storing. A literal reading of the words of 1724.4(b)(2) would forbid merchants from storing zip codes, even though Internet and mail-order merchants need to store zip codes for operational purposes. Pending Section 1724.4(b)'s poorly crafted language will be a roadblock as innovators try to invent the next PayPal. See detailed analysis at <a>hack-igations.com</a> --Benjamin Wright, Dallas, Texas
Bryan Johnson said on Friday, October 05, 2007:
@ Benjamin - I appreciate your insights, thank you for commenting.