California once led the nation in combating identity theft,
requiring businesses to notify customers when credit card or other
personal data may have ended up in the wrong hands. But then this
state’s leadership in that arena came to a halt, and we watched
from the sidelines as others, such as Minnesota, put in place
commonsense procedures to minimize the damage caused by security
breaches.
California once led the nation in combating identity theft, requiring businesses to notify customers when credit card or other personal data may have ended up in the wrong hands. But then this state’s leadership in that arena came to a halt, and we watched from the sidelines as others, such as Minnesota, put in place commonsense procedures to minimize the damage caused by security breaches.
For the second year straight, lawmakers here have attempted to put California back on track with a measure to prevent companies from storing credit or debit card data after a transaction is completed. …
Businesses argue that the payment card industry already has established security standards, and that’s the reason Gov. Arnold Schwarzenegger gave for vetoing the data-breach bill last year. The problem is that many companies that accept credit and debit cards don’t bother complying with the voluntary standards and are only too happy to avoid the costs of doing so. …
Assembly Bill 1656, by Dave Jones (D-Sacramento), takes some of the sting out of last year’s bill by deleting the mandate that merchants whose records were hacked pay for replacing the consumer’s plastic card. But it keeps intact the prohibition against a business storing sensitive authentication and verification data, such as a customer’s password or PIN. Payment-related data could not be transmitted over a public network, such as the Internet, unless it is encrypted; businesses would not be permitted to allow employees access to it if their job doesn’t require it. …
Naturally, many merchants still oppose a bill that would require them, for the first time in California, to take financial responsibility for securing consumer information. But those little cards with the numbers on one side and the magnetic strip on the other have been a big boon to business, and it is appropriate that business does its part to safeguard consumers who choose plastic over paper.
This editorial first appeared in the LA Times on Wednesday.