Wednesday, September 3, 2008

Fighting identity theft in California

Just to briefly follow up on yesterday's post regarding the Jones bill that addresses the growing epidemic of identity theft, here's an editorial in the Los Angeles Times urging the Governor to sign the bill:

For the second year straight, lawmakers here have attempted to put California back on track with a measure to prevent companies from storing credit or debit card data after a transaction is completed. That way, even if a system is hacked, there will be no personal customer information for identity thieves to steal.


Assembly Bill 1656, by Dave Jones (D-Sacramento), takes some of the sting out of last year's bill by deleting the mandate that merchants whose records were hacked pay for replacing the consumer's plastic card. But it keeps intact the prohibition against a business storing sensitive authentication and verification data, such as a customer's password or PIN. Payment-related data could not be transmitted over a public network, such as the Internet, unless it is encrypted; businesses would not be permitted to allow employees access to it if their job doesn't require it; and information would have to be deleted after it is no longer needed, under protocols to be adopted by the businesses.

It's unfortunate that the real teeth in many of these bills get stripped by the time it reaches the Governor's desk. Nonetheless, this would represent some solid progress, and I just don't see how the Governor vetoes it.

Click here to read the rest of the article.

No comments: