The governor of California has vetoed a proposed law that would place more stringent requirements on how consumer data is stored. Gov. Arnold Schwarzenegge felt that the new law would place a costly burden on small businesses and needed to be revised. His suggestion was for the industry and legislature to get together and see if a revised compromise could solve the issues. According to the article it states:

According to media sources, the proposed California law (AB 779) would have required retailers to protect data in a manner more stringent than what the current Payment Card Industry Data Security Standard requires.

According to, the bill would have banned the retention of sensitive consumer data information except for businesses with a payment data retention and disposal policy. Even then, the bill would have allowed little data to be stored after a purchase because it also restricted the storage of “sensitive authentication data subsequent to authorization, even if that data is encrypted.”

Schwarzenegger said he was open to a reworked version of the bill, saying, “I encourage the author and the industry to work together on a more balanced legislative approach.” However, he said the current version of the bill “attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers. In addition, the Payment Card Industry has already established minimum data security standards when storing, processing, or transmitting credit or debit cardholder information.”

One can see that it is going to be difficult to balance not only the cost of implementing additional protections, but also of trying to protect the consumer at the same time. My first thought was that this may be better as a federal issue and not just at the state level. 

Comments welcome.

Complete article is here.

[tags]data, protection, laws, consumers, cost, implement, state, federal,  [/tags]