One Step Back for the Compliance Bandwagon

Last weekend California Governor Arnold Schwarzenegger vetoed legislation to make merchants financially liable for costs due to retail data breaches. No doubt this was a huge relief to banks and retailers operating on the West Coast. But they shouldn’t allow themselves to be fooled into a false sense of security. Because the underpinning trend is for the compliance bandwagon to continue to gain strength.

When rejecting the AB 799 bill, Arnie is quoted as saying “it attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities”. That might well be the case but the track record has been that, in the absence of tough legislation, few organisations pay enough attention to the protection of customer data. And the legislation had plenty of political support, having been approved by the State Assembly and Senate with overwhelming majorities.

It’s in line with my forecast last year of a growing backlash to tougher compliance demands. Expect the occasional glitch, but the compliance bandwagon is relentless. And for those of you who think that California is a long way from your business operations, it’s worth noting that, since pioneered the controversial data security breach disclosure law, SB 1386, nearly 40 other states have followed suit. Tougher legislation is coming everyone’s way.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

David: In California's Assembly Bill (AB) 779, proposed Civil Code Section 1724.4(b) was poorly drafted and confusing. It was not clear whether 1724.4(b) covered Internet and mail-order merchants (although the legislature probably did desire to cover those merchants). 1724.4(b)(2) was muddled about what does and does not constitute "sensitive authentication data" that a merchant would have been forbidden from storing. A literal reading of the words of 1724.4(b)(2) would forbid merchants from storing zip codes (postal codes), even though Internet and mail-order merchants need to store zip codes for operational purposes. Proposed Section 1724.4(b)'s poorly crafted language would have been a roadblock as innovators try to invent the next PayPal. See detailed analysis at --Benjmain Wright