As the Texas state Senate was this week shooting down a bill that would require businesses that collect personal information to use PCI to secure sensitive personal data, the Minnesota legislature passed its Plastic Card Security Act.
Minnesota becomes the first state to create a law that shifts the costs associated with data breaches from financial institutions to the retailers who mishandle consumers' private financial data. The law, which passed by votes of 122-4 and 63-1 in the House and Senate, respectively, also gives retailers added incentive to protect consumers' information.
It's fitting that Minnesota is the first state to come down on retailers and merchants who are sloppy with customer data. It's been reported that the compromise of TJX Companies' customer records, which have already led to numerous cases of fraud in Florida and other places, originated when thieves hacked into a wireless network at a Marshalls store near St. Paul. TJX is the parent company of Marshalls, TJ Maxx, and other retailers.
The Texas legislature's attempts to get businesses to comply with PCI by law started auspiciously when earlier this month the state's House of Representatives unanimously approved a bill (139-0) compelling businesses to better protect and safeguard sensitive personal information contained in its customer records. The measure fell short this week when the state Senate left the bill pending in its Business and Commerce committee, effectively killing its chances of being passed.
TJX reported earlier this year that more than 45 million credit and debit card numbers have been stolen from its IT systems. This data later surfaced in Florida, where thieves used it to steal $8 million in merchandise from Wal-Mart stores using created fake credit cards to buy Wal-Mart and Sam's Club gift cards.