Schwarzenegger Vetoes Consumer Data Protection Act
Both the California State Senate and Assembly recently passed a bill that would have mandated that commercial organizations that conduct business within California implement controls that safeguard customer information. Additionally, the bill would have required these companies to reveal to potentially affected individuals more details concerning data security breaches in which credit and debit card information was exposed without authorization.
Unfortunately for California residents, the legislation was not signed into law. Instead, Governor Arnold Schwarzenegger vetoed this legislation on the grounds that “the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers.” He also opposed the idea of requiring particular security measures, because according to his reasoning companies would then be locked into having to comply with those measures and also having to implement new protections as new threats surface. His current position is no fluke, either—last year he vetoed a comparable bill.
I wonder if anyone has taken the California governor to task for both his faulty reasoning. Saying that the marketplace already has “assigned responsibility and liabilities that provide for the protection of consumers” is a blatantly ignorant statement. It is true that certain protections apply if an individual’s actual credit card is stolen or if a credit card is cloned and then is used to make purchases. The same is not true, however, if a computer criminal breaks into a customer database or sniffs data exchanged in an electronic business transaction.
Additionally, saying that provisions of the law that call for protection of consumer data would in effect lock in provisions that might no longer be appropriate if new threats surface is a huge cop-out. New threats always surface—failing to implement critical and necessary measures that counter current threats for fear that new threats might emerge would end the practice of information security as we know it. Clearly, the governor is coming up with lame reasons to spare California companies from having to spend more money to protect consumer data. In so doing, the governor is once again showing little regard for individual and consumer rights and interests.
Contrary to what many residents of other states often assume, Governor Schwarzenegger is extremely unpopular within California right now. A recent survey of Californians indicated that 69 percent of those surveyed disapproved of his handling of his office. A recall effort is brewing. Strangely enough, the person who was originally elected as the result of a recall election may very well himself be recalled. Given his stance on issues such as the California Consumer Data Protection Act, his being recalled would be a fitting end to a career of someone who has repeatedly squashed information security-related initiatives that would protect California residents from serious, growing threats.