One Step Back for the Compliance Bandwagon

Last weekend California Governor Arnold Schwarzenegger vetoed legislation to make merchants financially liable for costs due to retail data breaches. No doubt this was a huge relief to banks and retailers operating on the West Coast. But they shouldn’t allow themselves to be fooled into a false sense of security. Because the underpinning trend is for the compliance bandwagon to continue to gain strength.

When rejecting the AB 799 bill, Arnie is quoted as saying “it attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities”. That might well be the case but the track record has been that, in the absence of tough legislation, few organisations pay enough attention to the protection of customer data. And the legislation had plenty of political support, having been approved by the State Assembly and Senate with overwhelming majorities.

It’s in line with my forecast last year of a growing backlash to tougher compliance demands. Expect the occasional glitch, but the compliance bandwagon is relentless. And for those of you who think that California is a long way from your business operations, it’s worth noting that, since pioneered the controversial data security breach disclosure law, SB 1386, nearly 40 other states have followed suit. Tougher legislation is coming everyone’s way.