Any business that takes card payments from residents of California will face strict new duties on the security of card data under proposals that are just a signature away from becoming law. A breach would trigger unprecedented reimbursement provisions. Final amendments to the measure, called Assembly Bill No. 779, were approved …
So now we know what the cost is to tell people they blew it
So it's $15 to tell people their confidential data has been compromised. That begs the question : how much is it per customer to properly secure the whole thing ?
After all, if it's marginally more expensive, or even twice as expensive, it only needs to be done once, whereas notifying can happen multiple times and will happen again unless nothing is done.
So, any figures ?
$15 per incident?
This compares well to the estimated real cost to a UK bank of handling an overdraft -- abt. £5 according to news articles.
But sadly, this California law is just another tame poodle with its teeth extracted, mere window dressing.
Far better If the law imposed absolute liability on businesses for breaches of customer data confidentiality, and required them to pay, say, $10K per account per incident to each breachee, it would only take a few exemplary bankruptcies as a result for all businesses to start taking data security seriously.
To put the icing on the cake, the law should hold corporate managers and directors personally responsible for such liability. Business and businessmen are much like a mules: you have to hit them over the head with a 2×4 to get their attention.
Hmm no theeth Eh??
THe TJMAXX incident costs the banks over $50k to reissue the cards. this would shift that cost to the company that screwed up. Also it will nail repeat offenders