It appears the data breach bill, which went to Governor Schwarzenegger’s desk for signature has been vetoed.
Cheryl Walker at the OC Register is reporting:
An ID theft protection bill that would have made businesses that take credit cards for purchases more accountable to consumers and card issuers was vetoed Saturday by Gov. Arnold Schwarzenegger.
In a message explaining his veto of AB779, the governor claimed the marketplace already provides the necessary protections for consumers and that the state bill might conflict with private security standards.
He also contended the bill lacked clarity and could increase the cost of compliance for small businesses.
There seems to be little press coverage on this and I couldn’t find any comment from Arnold about it on his site.
There has been a lot of coverage about a NRF (National Retail Federation) letter calling out that businesses, who accept credit cards are forced to maintain credit card information for 18 months to protect themselves from fraud (chargebacks).
Here is a post, I did on that subject:
Maybe this bill was too unfair towards businesses, who accept plastic, and favored the financial services industry a little too much? The bill would have pushed more of the financial responsibility towards businesses versus the card issuers, themselves.
The sad thing is that with all the bickering between these two large sectors, it’s probably the little person, who will lose out in the long run.
Although, with a lot of litigation being raised, data breaches are becoming extremely costly. Maybe both sides of the equation need to get together and come up with something that will work for everyone?
After all, they do share one thing in common, which is their customers!
OC Register story, here.