US state bill putting data breach cost on vendors moves

A California bill that would hold retailers responsible for the costs associated with a data breach moved one step closer to becoming a law when it was approved 3-1 by the state's Senate Judiciary Committee.

Share

A California bill that would hold retailers responsible for the costs associated with a data breach moved one step closer to becoming a law when it was approved 3-1 by the state's Senate Judiciary Committee.

The bill (AB 779) now moves to the Senate Appropriations Committee. The measure, authored by Assemblyman Dave Jones, (D-Sacramento), won overwhelming approval (58-2) in the State Assembly in early June.

If passed, the bill would require retailers in California to reimburse credit unions and banks for the costs associated with alerting customers and reissuing cards after a data breach. It would also prohibit merchants from storing specific types of authentication data taken from the magnetic stripe on the back of credit and debit cards. In addition, AB 779 would require all entities accepting payment card transactions to use strong encryption routines and access controls while storing and transmitting data such as card verification values and personal identification numbers.

Retailers would also be forced to disclose more details about breaches, including a description of the categories of personal data that might have been compromised.

The bill is officially sponsored by the California Credit Union League (CCUL), which Wednesday hailed its approval in the Judiciary Committee. "We are encouraged that the momentum created by the bipartisan passage of the bill in the assembly has continued to this point in the Senate," League President and CEO Bill Cheney said in a statement. "This is a vital measure for California consumers and the credit unions that serve them."

Find your next job with computerworld UK jobs