Data breaches, such as the ones at Target and Neiman Marcus, appear to be more common than ever before. But who should pay for the damages? On March 28th, two members of the Assembly, Roger Dickinson and Bob Wieckowski, proposed the bill AB 1710, which could potentially be game-changing for retailers in California.
The bill, titled the Consumer Data Breach Protection Act, aims to implement the following changes:
- Hold businesses liable for reimbursing customers for costs associated with a breach.
- Limit the type of information collected and retained by retailers.
- Require retailers to notify affected customers within 15 days of a breach.
- Require retailers to offer affected customers appropriate identify theft prevention and mitigation services for 24 months.
Prior to the bill, banks and credit card companies would be held liable for reimbursing customers for costs resulting from hacking of payment data. During a news conference, the two members of the Assembly explained that consumers have the right to know the details of a breach. In addition, consumers have the right to choose whether or not to do business with the source of the breach.
“Financial institutions should not be taking the heat for a data breach that occurs at a retailer,” said Assemblyman Roger Dickinson. And he’s not the only one who feels this way; the bill is supported by consumer groups, law enforcement, and local governments. If the bill is passed, retailers will have to pay more attention to security measures, in order to prevent retail-focused malware from causing a data breach.
The current law requires businesses to implement and maintain reasonable security procedures, as well as practice appropriate security measures to protect information from unauthorized access, use, or disclosure. This bill will expand these provisions to strengthen consumer data privacy and prevent the common occurrence of data breaches.
To learn more about bill AB 1710, give us a call at (415) 294-5250 or send us an email at firstname.lastname@example.org. On Time Tech can help you stay up to date on the latest revisions to current laws impacting your business. We can also implement appropriate safeguards to help you prevent unauthorized access, user, or disclosure of consumer data.