Governor vetoes AB 779 - Signs 1168 and 1298

The good news is three of the four privacy protection bills that made it to the Governors desk were signed. The bad news is that the most important of the four, at least from a consumer perspective, was vetoed.

As stated in the article in Security Focus, AB 779 "would have would have prevented companies from retaining certain sensitive payment data and spelled out what information firms would need to disclose in the event of a breach."

The bill had near unanimous support, overwhelmingly passing both the Assembly and the Senate. As pointed out by Frank Russo of the California Progress Report:

It received its final passage in the Assembly 73-0 in September with 47 of 48 Democrats in support and 26 of 32 Republicans voting for it. Before its final amendments it had previously passed the Assembly in June on a 58-2 vote. It passed the California State Senate on a 30 to 6 vote with the support of 22 of 25 Democrats and 8 of those often difficult 15 Republican Senators.

Unfortunately, as Russo also points out, and which helps explain why this popular and needed law was vetoed, there was a massive (and successful) lobbying effort in opposition to the bill initiated by two of the Governor's most powerful allies: the California Retailers Association and the California Chamber of Commerce.

Now to the good news. The Governor signed the following two Jones bills:

AB 1168 (Jones) would prohibit local government agencies from releasing to the public records that contain more than the last four digits of a social security number.

AB 1298 (Jones) would protect consumers' medical records by extending the state's existing medical privacy laws to the emerging electronic medical records industry.