SAN FRANCISCO – Republican California Gov. Arnold Schwarzenegger over the weekend vetoed the latest attempt by a state legislature to make merchants liable for costs caused by breaches in electronic security.
However, the fight over the data security bill, which passed in September with strong bipartisan majorities – 73-0 in the Assembly and 30-6 in the Senate – isn’t over. Its sponsor, Democratic State Sen. Dave Jones, is expected to seek an override vote, which requires a two-thirds majority to buck the governor.
California Retailers Association president Bill Dombrowski said finding enough votes from Republicans to achieve an override might be difficult, as several GOP members who first voted “yes” did so to protest the governor on an unrelated party issue.
Schwarzenegger said in his Saturday veto message that the credit card industry’s own data security standards and contracts enforcing them are sufficient protection for consumers. He also said the bill doesn’t clearly define which business entity owns or licenses data for purposes of assigning blame.
Retailers, who lobbied the governor for a veto, argue the bill would result in their paying millions of dollars to compensate banks to reissue credit cards, as well as to consumers who might find stronger legal ground to sue over misuse of stolen financial or personal information.
Consumer advocates argue the law would ensure vigilance against computer hackers. If an override succeeds, California would be the second state to enact such a bill. Minnesota took action in August. Texas, Connecticut, Massachusetts and Illinois are considering similar bills.
Legislation in Congress that would create a national standard has been under consideration in committee.