Article

Data breach law could put financial burden on retailers

Robert Westervelt, News Director

    Requires Free Membership to View

 We're providing an incentive for companies to get them to protect the data responsibly and securely with the strictest protocols available.
Adam Martignetti,
chief of staffRep. Michael Costello

State lawmakers in Massachusetts are considering a bill that would shift the financial burden associated with data breaches from banks to retailers.

If passed the law would be the first of its kind to make retailers and other companies pay for the costs related to customer notification and credit card reissuing.

The proposed legislation is broad, forcing retailers to cover all losses associated with a data breach notification, including the canceling of credit cards, and the cost of freezing accounts and credit information in cases of identity theft. Currently banks share a large portion of the financial burden.

In recent months a high-profile data breach at Framingham, Mass.-based TJX Cos. Inc., which operates a number of retail chains, including T.J. Maxx and Marshalls has heightened interest in the issue. The massive data breach at TJX may have compromised credit, debit card and driver license numbers of millions of customers.

Data breach:
How to survive a data breach

Complying with breach notification laws


TJX data breach worse than initially feared

Column: If customers don't act, data will remain at risk

Survey: Data breach costs surge

The bill was first introduced last year by Rep. Michael Costello, a Democrat in the Massachusetts House of Representatives. It was shelved last year while lawmakers took up healthcare and other issues, said Adam Martignetti, who serves as chief of staff for Costello.

"We like to look at it as saying that everyone who holds sensitive information has responsibility," Martignetti said. "We're providing an incentive for companies to get them to protect the data responsibly and securely with the strictest protocols available."

Martignetti said he expects both banks and retailers to lobby heavily for and against the bill.

"Security is something that should be part of every company's regular business operations," he said. "Both banks and retailers should share the responsibilities of securing sensitive data."

The bill has strong support from banks, but retailers strongly oppose the measure. Credit card vendors already set cost burden contracts with retailers in the event of a data breach, said Jon Hurst, president of the Retailers Association of Massachusetts, which represents 2,000 firms.

"The contracts already allow for a full cost recovery if retailers are out of compliance," Hurst said. "Legislation would be a duplication of cost recovery -- a pyramiding of costs going back to banks and to protect the small banks that don't have the 24-7 manpower and security systems in place."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: