Comments on: United States: Pending Changes To California’s Data Breach Law: New Burdens For Retailers? http://www.debitcardnews.com/2007/09/28/united-states-pending-changes-to-california%e2%80%99s-data-breach-law-new-burdens-for-retailers/ The Latest News from the Credit and Debit World Tue, 06 Jan 2009 09:54:17 +0000 http://wordpress.org/?v=2.2.3 By: Benjamin Wright http://www.debitcardnews.com/2007/09/28/united-states-pending-changes-to-california%e2%80%99s-data-breach-law-new-burdens-for-retailers/#comment-2 Benjamin Wright Fri, 05 Oct 2007 19:51:41 +0000 http://www.debitcardnews.com/2007/09/28/united-states-pending-changes-to-california%e2%80%99s-data-breach-law-new-burdens-for-retailers/#comment-2 In AB 779, proposed Civil Code Section 1724.4(b) is poorly drafted and confusing. It is not clear whether 1724.4(b) covers Internet and mail-order merchants (although the legislature probably did desire to cover those merchants). 1724.4(b)(2) is muddled about what does and does not constitute "sensitive authentication data" that a merchant is forbidden from storing. A literal reading of the words of 1724.4(b)(2) would forbid merchants from storing zip codes, even though Internet and mail-order merchants need to store zip codes for operational purposes. Pending Section 1724.4(b)'s poorly crafted language will be a roadblock as innovators try to invent the next PayPal. See detailed analysis at <a>hack-igations.com</a> --Benjamin Wright, Dallas, Texas In AB 779, proposed Civil Code Section 1724.4(b) is poorly drafted and confusing. It is not clear whether 1724.4(b) covers Internet and mail-order merchants (although the legislature probably did desire to cover those merchants). 1724.4(b)(2) is muddled about what does and does not constitute “sensitive authentication data” that a merchant is forbidden from storing. A literal reading of the words of 1724.4(b)(2) would forbid merchants from storing zip codes, even though Internet and mail-order merchants need to store zip codes for operational purposes. Pending Section 1724.4(b)’s poorly crafted language will be a roadblock as innovators try to invent the next PayPal. See detailed analysis at hack-igations.com –Benjamin Wright, Dallas, Texas

]]>