« DuPont Insider Tries to Steal $400 Million | Main | Firefox Fixes Flaws »

Lawmakers in Massachusetts are weighing a law that would shift the financial burden generated by a data breach from banks to retailers. The law would be the first of its kind to make retailers assume all of the costs of a data breach.

As reported at Search Security, the proposed law is broadly written and would force retailers to cover all losses associated with a data breach notification, including the canceling of credit cards, the cost of freezing accounts, and credit information in cases of identity theft. Banks currently share a large portion of the financial burden.

The recent high-profile data breach at Mass. Based TJX Cos. Inc, which includes stores like T.J. Maxx, raised interest in the matter. The TJX breach compromised credit, debit, and driver license numbers of millions of customers.

The bill was introduced by Michael Costello, a Democrat in the Mass. House of Rep., but was shelved last year as lawmakers dealt with other issues. "We like to look at it as saying that everyone who holds sensitive information has responsibility," Adam Martignetti, chief of staff for Costello, said. "We're providing an incentive for companies to get them to protect the data responsibly and securely with the strictest protocols available."

As would be expected, banks heavily favor the bill, while retailers are strongly opposed. The simple fact is, though, that everyone who deals with personal consumer data bears a responsibility to secure that data.

Posted by pschooff in Better Protection |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1414