GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Contactless still in the race

News

Industry Update

Governator terminates data protection bill

It's thumbs down for proposed illegal Internet gambling regs

Want fries with that MRI? Health care's looming retail environment

SoCal burns, payments industry responds

Web-based tools to help merchants tackle PCI compliance

WSAA's winning meeting

SCA explores the contactless, mobile realm

Use rapport to score with cash advance

Mike Evans
2nd Source Funding

Features

AgenTalkSM:
Craig Lesser

NCR drops Tidel ATM brand

Tracy Kitten
ATMmarketplace.com

Industry Leader

Adam Atlas –
Across the airwaves, into law

Views

Tomorrow has come for PEDs

Paul Rasori
VeriFone

Education

Street SmartsSM:
Surge with emerging markets

Dee Karawadra
Impact PaySystem

Changes afoot for signature debit

Ken Musante
Humboldt Merchant Services

B2B: Rich in opportunity

Aaron Bills
3Delta Systems Inc.

Widgets: Isn't this fun?

Joel and Rachael Rydbeck
Nubrek Inc.

Company Profile

eProcessing Network

New Products

New prescription for the PCI pain?

VoyenceControl PCI Advisor
Company: Voyence Inc.

Click-and-go reordering for MLSs

USA ePay Reseller Online Product Order Form
Company: USA ePay

Online gadget brings Zen order to scheduling

Todoist
Todoist.com

Inspiration

Not rich, wealthy

Miscellaneous

Contactless creeps like early dept: Is a sprint ahead?

POScript

Departments

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

November 12, 2007  •  Issue 07:11:01

previous next

Governator terminates data protection bill

Citing overlap with the Payment Card Industry (PCI) Data Security Standard (DSS) and other concerns, Gov. Arnold Schwarzenegger vetoed a California consumer data protection bill on Oct. 13, 2007.

If it had become state law, AB 779 would have made merchants follow data security standards, provide easily accessed information about breaches to affected consumers and compel merchants to pay consumers reimbursement costs for credit or debit card replacement.

In his statement, Gov. Schwarzenegger said, "[T]his bill attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers.

"In addition, the payment card industry has already established minimum data security standards when storing, processing, or transmitting credit or debit cardholder information. ... This measure creates the potential for California law to be in conflict with private sector security standards."

Much like the PCI DSS, the proposed California bill attempts to limit the amount of consumer data stored by merchants. But, unlike PCI DSS, AB 779 would require "specified reimbursement and notice provisions" to consumers.

The bill states that existing California law already requires merchants to notify consumers if their personal card information had been compromised, but it specifies that merchants must also supply toll-free phone numbers and e-mail addresses, so consumers can obtain more information about data breaches that have affected them.

A financial body blow

The bill would also require retailers - as well as public sector government agencies - that are not compliant with the seven provisions specified in the bill to reimburse consumers for credit or debit card replacement if cardholder data had been stolen.

None of the 12 PCI DSS requirements sets forth that merchants must inform customers of security breaches nor mandates reimbursement costs to be footed by them. Added costs to merchants is another reason Schwarz-enegger vetoed the bill.

"[T]he data security requirements found in this bill will drive up the costs of compliance, particularly for small businesses," he said.

The author of the bill, Assemblyman Dave Jones, D-Sacramento, said in response to the veto, "I'm shocked and disappointed that the governor thinks our personal information should be left out in the open for identity thieves and hackers to pilfer.

"If your slack security leads to a data breach then you ought to pay for what you caused - 'you broke it, you bought it,' as retailers like to say. How could anybody disagree with this, let alone the governor?"

AB 779 overwhelmingly passed both houses of the California State Legislature in September. A similar bill has been proposed in Massachusetts by Rep. Michael Costello, D-Newburyport.

In Connecticut, a bill that would make merchants liable to banks for data security breaches was reportedly scuttled by state legislators because of the burden it would impose on small businesses.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems