Articles

RSS

A bill that would make retailers liable for losses incurred from a data breach is gaining momentum in the California legislature amid stiff opposition around the state.

On Thursday, the bill known as AB 779, was approved by the State Assembly's Committee on Appropriations, passing 12 to 3. It will now move forward for review by the full Assembly, which must vote on it by June 8.

If passed, the bill would make California the second U.S. state to codify the guidelines of the Payment Card Industry Data Security Standard (PCI DSS).

It would establish a three-fold compliance set for retailers, requiring them to adhere to the PCI DSS, which governs data protection in plastic card transactions. The legislation also mandates that retailers notify consumers if a data breach occurs, and shifts the cost burden of notices and card reissue campaigns from financial institutions to merchants.

The bill, which essentially turns components of PCI security standards into state law, is lawmakers' response to a retail sector considered by some to be "lagging far behind" in consumer fraud protection, according to Robert Herrell, legislative director for Assemblyman Dave Jones (D-Sacramento), who first introduced the bill back in February.

"Retailers are apparently not taking data protection seriously enough, and I think it is an appropriate role for the state to come in and say, ‘OK, you need to meet some of these standards,'" he said.

SOURCE: VeriFone