Posts Tagged ‘legislation’

The Consumer Data Protection Act (AB 1656; PDF) has been put before California’s Governor Arnold Schwarzenegger once again. The bill was vetoed by him in October 2007, saying the costs for merchants would have been too prohibitive. He said that the bill had the “potential for California law to be in conflict with private sector data security standards.”

The bill has now been amended, approved by the Senate in a 74-1 margin, and is headed back to the Governor’s desk for approval. The Consumer Data Protection Act would require that retailers:

• Take more stringent protection measures
• Notify consumers about data breaches (provision to reimburse financial institutions for cost of breach removed from the bill)
• Specify a date range when the data breach was thought to have occurred
• Not store certain types of cardholder data, even if encrypted
• Develop data retention & disposal policies
• Encrypt data transmissions

Given that the financial reimbursement provision has been lifted, it is a much more conservative bill. Still, it is unclear if Governor Arnold Schwarzenegger will re-iterate his desire for added security measures to be the responsibility of private governing bodies, rather than by law. Analysts suspect the bill will be approved and that California will lead the way toward other states adopting similar statutes. 

Minnesota is currently the only state with law such as this – their Plastic Card Security Act is more strict than the proposed California bill.

—

In other security news, Roger Grimes has a very thorough analysis of Google’s new open source browser, Chrome, here.

Hat tip to PogoWasRight ; Via ComputerWorld

Identity Theft 911 has published a white paper about Identity Theft in California [PDF]. The white paper examines identity theft within the state and what steps are being taken by the government officials and businesses to combat the issue.

In 2007, California was ranked as the second-worst state in terms of identity theft complaints per capita, according to Federal Trade Commission (FTC) data. From 2002-2006, it held the third position on this list, so it’s clear that identity theft is a growing and persistent issue in California.

“Each year, more and more consumers fall victim to various forms of this insidious crime. This report puts a spotlight on California, highlighting several issues that are likely responsible for driving up these numbers in the state,” said Judd Rousseau, Chief Fraud Officer of Identity Theft 911.

According to the FTC, 1.5 million Californians were victims of identity theft in 2007 (out of a population of 36.5 million). The most common forms of identity theft were credit card fraud and employment-related fraud. The incidents of 2007 cost an estimated $749 million in out-of-pocket expenses for victims (and 6 million hours in resolution time). That’s an astronomical figure.

California has been responding to the issues of identity theft at the government level. New legislation has been passed, including breach notification laws, prohibitions for the public display of Social Security Numbers, and restrictions on the sharing / selling of personally identifiable information. The white paper outlines various other types of legislation that might mitigate the identity theft issue in California.

Via press release