Mass. Bill Would Make Retailers Pay for Data Breaches. Lawmakers in Massachusetts are poised to consider legislation that would force retailers who suffer data breaches to cover the costs associated with any fraud-related losses by their customers, according to a story in today's Wall Street Journal (link is by subscription only).
The bill, sponsored by Rep. Michael A. Costello (D), would make any company (retailer, bank or data processor) financially liable if it is the operator of the system that is hacked. The bill doesn't cover other types of credit-card fraud, such as those perpetrated by means of a lost or stolen card."
The legislation also "would mandate that companies whose security systems are breached assume full financial responsibility for any fraud-related losses, costs associated with the canceling and reissuing of cards, and -- in cases of identity theft -- the freezing of accounts and credit information. The bill would apply to any company doing business in Massachusetts, wherever it may be based."
While this is a state measure, it's hard to ignore the nationwide impact of the California data breach notification law that took effect in 2003. It seems like everyone is getting data breach or loss notices these days (my wife and I received one last week). Now, some 35 states have laws on the books that mimic the California law.
You can bet that a ton of businesses will be keeping a close eye on the debate surrounding this Massachusetts bill. It's worth noting that the intent behind this bill is very similar to a legislative idea sketched out earlier this year by House Financial Services Committee Chairman Barney Frank, a Democrat who just happens to hail from Massachusetts. [Security Fix]
12:16:34 PM 
|
