Seventy-six percent of data breaches are detected by law enforcement or fraud monitors, not by the retailers themselves. A new bill would require businesses to adopt better security practices to protect consumers' personal information.
This winter more than one hundred million Americans were affected by Target's data breach, which compromised consumers' personal information. Under the new legislation, if data breaches do occur, retailers, not banks, would be responsible for reimbursing any compromised consumers.
The bill would also require businesses to notify consumers within 15 days of detecting any possible data theft.
"This legislation, actually, I think also protects businesses and those who maintain and own information as well by making sure that they don't have data beyond that which they need to conduct a transactions in which they are engaged, which makes them less vulnerable to a breach as well as protecting consumers," Assem. Roger Dickinson, D-Sacramento, said.
The legislation would also provide guidelines on what personal data should be stored in databases. It would prevent retailers from storing sensitive information such as social security numbers and banking pin numbers.
"We don't believe this legislation is going to prevent all data breaches. What we're trying to do is make sure that prudent steps are taken to prevent them to the extent possible," Dickinson said. "Secondly, that information that might be available, is not so robust that it's everything about a person, so that information is limited if it in fact is breached and then appropriate remedial steps are taken."
Nearly one in every three Americans has been affected by data breaches.