California may join Minnesota and, possibly, New Jersey as one of the very first states to enact a law holding merchants responsible for the cost of notifying consumers in the event a security breach results in a compromise of personal information. On June 26, the California Senate Judiciary Committee passed A.B. 779 by a 3-2 vote.
A.B. 779 was proposed in response to the wide ranging security breaches at the TJX Companies Inc., which affected more than 46 million credit and debit card holders. The proposed law would allow businesses required to notify individuals of data breaches to seek reimbursement from the third party responsible for the breach of all "reasonable and actual costs," including the cost of providing notice, and replacing their credit or debit cards. The law is receiving strong opposition from a coalition of 30 groups and businesses representing retailers, financial institutions, information technology companies, marketers, and others.
In May of this year, Minnesota became the first and currently only state to have enacted a similar merchant breach liability law. New Jersey is currently considering a similar data breach liability bill.
Post a comment
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
WEBCAST
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
