Holding retailers responsible for data breaches

Assemblymember Dave Jones' AB 779 faces approval by the Senate Appropriations Committee later this summer, then a vote by the full Senate before reaching the Governor's desk.

As consumer data breaches and identity theft grow in scope and quantity, consumers need to know exactly who is failing to adequately protect their personal information. For example, TJ Maxx stores parent company allowed 45.6 million credit card numbers to be stolen electronically. AB 779 would enhance consumer protection by properly identifying the entity responsible for the data breach, require better data protection by retailers and allow for reimbursement of relevant costs to credit unions and community banks stemming from the data breach.

California boasts the strongest data privacy laws in the country. The California Security Breach Information Act enacted in 2003 paved the way for AB 779's proposed regulations on retailers by mandating the same notification requirements for financial institutions doing business with state residents. The bill provided the foundation for similar financial security laws in more than half of states across the country. Minnesota lawmakers have passed a bill similar to AB 779--the Minnesota Plastic Card Security Act. Federal legislation is still pending.

Consumer Action spokesman Joe Ridout says

Putting the responsibility on retailers is appropriate when there's been a data reach because retailers simply shrug off the burden and pass the mess they've made off to consumers.