RealTime IT News

The Terminator Blows Away Data Breach Bill

For the second year in a row, California Gov. Arnold Schwarzenegger has vetoed a controversial bill backed by the banking industry that appears to protect credit and debit card data of Californians from being compromised.

Bill AB 1656, known as the Consumer Data Protection Act, would essentially require that businesses taking card payments protect the data and notify victims when there is a data breach. In that, it is very similar to the credit card industry's PCI-DSS standard.

While the bill is strongly supported by banks, credit unions, law enforcement and a few other groups, it is equally strongly opposed by retailers. Despite this, it was overwhelmingly passed by the California legislature both times.

Schwarzenegger's office declined to comment beyond telling InternetNews.com, "we usually let the veto messages stand for themselves." In a release explaining his veto, the governor said the bill "attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers," and said the bill would "likely result in significant costs to businesses and to the state."

More than 35 states, including California, have already passed laws requiring consumer notification of data breaches.

That stance is supported by Phillip Dunkelberger, president and CEO of security vendor PGP. "I think this protection is already provided by Visa through the PCI implementations and Gov. Schwarzenegger is walking the fine line between being very supportive of business and saying there are good things on the books already," he told InternetNews.com.

Supporters of AB 1656, however, claim that such statutes are necessary to protect financial institutions from fraud and rising card replacement costs stemming from retail data breaches.

"When the fraud happens, the retailer doesn't have to pay the cost, and the system is loaded in such a way that it's a disincentive for retailers to protect consumer data," Bob Arnould, senior vice president for government affairs at the California and Nevada Credit Union League, told InternetNews.com. The league sponsored the bill, which was tabled by Assemblyman Dave Jones (D-Sacramento).

You dance with the one who brung ya

Arnould accused the governor of being too close his backers. "There's a saying in politics that 'you dance with the one who brung ya,' and we're up against retailers and the Chamber of Commerce, and they have a very close relationship with the governor," he said.

However, Arnould is confident that the bill will eventually be passed. "It's too big a problem for us to turn our backs on, and, with that kind of support in the legislature, sooner or later it's going to pass," he said.

Similar data breach laws have been tabled before the U.S. Congress.