Legislation by Assemblymember Dave Jones (D – Sacramento) requiring retailers and government to protect consumer information from costly security breaches was approved by the California State Senate on a strong 30-6 bipartisan vote in the 40-member Senate.

“Protecting sensitive consumer data is not a partisan issue, its common sense,” Jones said.  “Data breaches such as the TJX breach put an alarming number of Californians at risk, so we need to act now.  These breaches are easily avoidable if companies simply follow the rules.  If your slack security leads to a data breach then you ought to pay for what you caused.  That’s a no-brainer.”

Jones’ Assembly Bill 779 would enhance consumer notices describing security breaches so that consumers know what happened.  The bill also makes those responsible for breaches pay for the costs of credit/debit card replacement and consumer notification.  Most importantly, AB 779 would require companies to follow key provisions of the Payment Card Industry data security standards regarding the protection of personal consumer information.  Currently, 60% of large retailers don’t follow these standards.

Earlier this year TJX Companies, parent of TJ Maxx, Marshalls and other retailers, reported that information on 45.6 million credit and debit cards was accessed by hackers over 18 months, making it the largest security breach ever.  According to the Wall St. Journal, the breach occurred because TJX didn’t follow basic principles to protect their data. 

Jones’ bill is sponsored by the California Credit Union League and supported by consumer organizations, labor groups and law enforcement.  It is opposed by retailers, banks and others not protecting their data.  AB 779 returns to the State Assembly for one final vote before going to Governor Schwarzenegger, who has yet to take a position on the bill.