California Governor Vetoes Bill on Data Breach Costs
Jaikumar Vijayan, Computerworld
In a decision that likely was a big relief to retailers nationwide, California Gov. Arnold Schwarzenegger vetoed a bill that would have made merchants in his state liable for the costs incurred by financial institutions as a result of retail data breaches.
In a statement explaining his Oct. 13 veto, Schwarze-negger said that the measure "attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers."
Approving the bill might have put California law "in conflict with private-sector data security standards," Schwarzenegger added.
AB 779 would have required retailers affected by breaches to reimburse banks and credit unions for the costs of alerting customers and reissuing credit and debit cards. It would also have prohibited merchants from storing some information and required them to use so-called strong authentication technologies to protect cardholder data.
The California Credit Union League, the bill's chief proponent, expressed disappointment at the veto but vowed to try to get the measure passed in the state's next legislative session.
The California bill's demise means that Minnesota remains the only state to have passed a data breach cost-reimbursement law.
Retail industry groups have complained that such measures would unfairly penalize merchants that already pay for fraud-related costs via the so-called interchange fees that credit card companies assess on each transaction.
For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.
"California Governor Vetoes Bill on Data Breach Costs" Comments