SACRAMENTO – In an action that angered and shocked supporters, a bipartisan bill by Assemblymember Dave Jones (D – Sacramento) requiring retailers and government to protect consumer information from costly security breaches and follow common-sense data protection rules was vetoed by Governor Schwarzenegger today.

“Big business, hackers and ID thieves won today and consumers and common sense lost,” Jones said.  “I’m shocked and disappointed that the Governor thinks our personal information should be left out in the open for identity thieves and hackers to pilfer.  If your slack security leads to a data breach then you ought to pay for what you caused – ‘you broke it, you bought it,’ as retailers like to say.  How could anybody disagree with this, let alone the Governor?”

Jones’ bill, AB 779, would have enhanced consumer notices describing security breaches so that consumers know more about the breach.  The bill also would have made those responsible for breaches pay for the costs of credit/debit card replacement and consumer notification.  Most importantly, AB 779 would have required companies to follow data security standards regarding the protection of personal consumer information.  Currently, 60% of large retailers don’t follow such standards.

Earlier this year TJX Companies, parent of TJ Maxx, Marshalls and other retailers, reported that information on 45.6 million credit and debit cards was accessed by hackers over 18 months, making it the largest security breach ever.  According to the Wall Street Journal, the breach occurred because TJX ignored basic data protection rules they had agreed to follow.