With the December Target data breach and several Marriott hotels being targeted by cyber criminals, lawmakers are pushing for increased data security protection for credit card users. One such law was recently passed in California.
California leading credit card protection charge
The new law, SB 383, was passed by the California Senate on Jan. 30 and could start a wave of credit card protection laws for the rest of the country. Spearheaded by Sen. Hannah-Beth Jackson (D-Santa Barbara), the new law would limit the amount of personal information online merchants are allowed to collect from consumers. By collecting less information, cyber criminals would have a more difficult time hacking into consumer's bank or credit accounts.
Although the goal of the new law is to limit collection, merchants will still be allowed to ask for some information including ZIP codes and maiden names, according to The Los Angeles Times. Sen. Jackson wanted to make this law airtight in order to increase security protection.
"In the wake of recent, highly public data breaches, consumer privacy is at the forefront of all our minds," Jackson said. "Consumer privacy rights must become a priority as we make more purchases online and become more aware of how easily our privacy can be compromised."
To further safeguard consumers, the new law would require merchants to destroy the collected information once it is no longer of any use.
Concern among consumers
Data breaches have been a growing problem in the country over the last few months. From the end of November to mid-December – the prime holiday shopping period – more than 70 million Target customers had their personal and credit card information stolen. This attack was significant not only because of the high volume of victims, but also because Target is such a large retailer. The Globe and Mail reported that more than 14 Marriott, Sheraton and Westin hotels across the country were hacked between March 2013 and December 2013.
The severity of these breaches has lawmakers concerned, so they have taken a few steps to beef up security. Sens. Tom Carper (D-Del.) and Roy Blount (R-Mo.) introduced the Data Security Act of 2014 on Jan. 15. The goal of the bill is to require retailers, financial institutions and federal agencies to look into data breaches and alert customers right away if they were a part of the breach. Sen. Carper noted that technology is starting to outpace these laws and the country needs to do more to protect its citizens.
"For millions of Americans, data breaches can cause worry and confusion and, in some cases, serious financial harm," Carper said. "We cannot allow technology advances to outpace the security measures in place to safeguard the transactions we conduct in person and online."
The proposed bill also said if a breach affected more than 5,000 people, law-enforcement and federal agencies would have to become involved. This is not the first type of bill lawmakers have pushed to help consumers. In the wake of the Target breach, Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) reintroduced the Personal Data Privacy and Security Act that would also help protect consumers.
Starting a new trend
Carper went on to say the Data Security Act is only the first step to ensure that data breaches and credit card theft stops.
"Today, 49 states and U.S. territories have enacted laws governing data security and data breach notification standards," Carper said. "Inconsistent and conflicting state-by-state standards force public and private entities to comply with multiple regulations, leaving many consumers in a confusing web of regulation depending on the state."