Data breaches: stopping the leaks in the flow of private information

Imagine having an elaborate alarm system for your house, then leaving your front door wide open every night. If you got robbed, people would think that, at a minimum, your lack of reasonable precautions tempted fate.

Sadly, something similar is happening right now to your financial information at the stores where you shop. Many of these stores are retaining information, like your credit card numbers, PIN numbers, secret payment authorization codes and much more, in their customer databases, but they fail to adequately protect this information, thereby leaving the front door open for identity thieves and hackers to easily steal your personal information. The problem is twofold: first they retain information that they don’t need to retain, and then they compound this error by failing to adequately protect your sensitive information that they do store. Their lax security has damaging consequences for consumers.
I authored Assembly Bill 779 to make sure that retailers do a better job of protecting our financial information. AB 779 passed the Legislature with overwhelming bipartisan support and deserves Governor Schwarzenegger’s signature.

Earlier this year TJX, the parent company of TJ Maxx, Marshalls and other retail chains, reluctantly admitted that it suffered the largest known data breach in history. Over an 18-month period hackers downloaded 45.7 million credit- and debit-card numbers. Additionally 451,000 customer files with Social Security numbers, driver’s licenses and military identification were stolen. But here’s the kicker: according to the Wall Street Journal, TJX’s wireless network had less security than many people have on their home networks. In other words, your personal computer may well have a better security system than that of a huge multi-national corporation. TJX’s security system was violating basic industry-written standards governing the storage and protection of data–basic standards that 60% of the largest retailers in this country are inexplicably not meeting, thereby putting consumers at risk.

The TJX data breach, as bad as it was, is just the tip of the iceberg. The New York Times recently reported that in the last 12 months alone the personal records of nearly 73 million people, from Social Security numbers to credit-card accounts, have been lost or stolen. That is the equivalent of nearly one in four Americans.

To respond to these breaches AB 779 does three basic things: