Search This Blog

Friday, October 19, 2007


ARNOLD TURNS CALIFORNIA’S CONSUMER PRIVACY MOVEMENT BACK TO THE DARK AGES


The colorful Governor of California, Arnold Schwarzenegger, has apparently now shown us just where he stands on the issue of which is the most important: the consumer or big business? Arnie just vetoed a highly bipartisan bill in the California legislature that was introduced by Assembly member Dave Jones, a Democrat from Sacramento. According to SecurityFocus.com, Assembly Bill 779 would have prohibited the storing of payment verification data taken at the point of purchase in the use of a credit card. California Chronicle reports that the bill would also improve the way data breaching companies would have to report the incident, and make those responsible for the breach pay the costs of credit card replacements and consumer notification. Securityfocus.com then articulates why the legislation was so important by documenting a “significant amount of fraud” committed following the TJX breach (TJ Maxx and Marshalls in the U.S., Winners and HomeSense stores in Canada) of more than 45 million (largest ever) credit and debit card numbers. Suspects are accused of using these stolen credit card numbers to buy gift cards to purchase big-ticket items like big-screen TVs and computers at Wal-Marts and Sam’s Clubs in Florida. Hackers started lifting personal data as far back as 2003, with costs to the company as of May 2007 at $17 million, with an estimate that it could eventually cost TJX $4.5 billion. Canadian authorities placed much of the blame on weak data encryption protocol by TJX, with this breach a foreseeable event just waiting to happen. In the US, the FTC launched an investigation of TJX in March of 2007; it is now seven months later with no official announcement. Yet another example of how Canadian consumer law is light years ahead of this country. So back to the movie star turned politician—haven’t we been there before—who thinks the cost of the California Bill would be too costly for business. How about the average cost to the ID theft victim of $5,720, and the 40 hours necessary to clean up the mess? These people are not important to the GOP—Schwarzenegger, of course, is a Republican—when they can fawn over big business, giving them their way with an innocent consumer that’s taking it in the rear end under the Bush administration. Tom Smith has an excellent article on InformationWeek.com that questions the Governor’s veto. Here’s an exact quote:

“Gov. Arnold Schwarzenegger's veto of a California bill aimed at increasing the state's data protection standards, in part based on his view that the marketplace is handling consumer data protection, raises a troubling question: What planet is this guy living on?”

Smith goes on to quote more Schwarzenegger comments on the bill that are some of the dumbest and most naïve about the consumer’s plight that have ever come out of a politician, even if he is a Republican. Arnold thinks the marketplace (the ChoicePoints and TJXs) have already established responsible security for the protection of the public. And, this industry (data brokers, junk mailers, retailers, etc.) is in a “superior” position to ensure consumer security. These statements are enough to make privacy advocates throw up. So that leaves Minnesota with the only legislation holding retailers responsible for ignorance in private information handling. And in Minnesota you can file your own lawsuit against the company breaching your sensitive data, which wasn’t in the California bill. Maybe the Golden State is losing its luster and needs another Pat Brown. Think about it.

No comments: