Mass. bill would make retailers pay for data leaks

NEW YORK (Reuters) - Massachusetts lawmakers are about to consider a bill that would require retailers to pay for losses when hackers and thieves breach their security systems to steal consumers' credit card and other financial information, the Wall Street Journal reported on Thursday.

Now, banks usually get stuck with credit-card fraud losses, which last year totaled more than $2 billion, the paper said.

If passed, the Massachusetts bill, the first of its kind, would make any company, be it retailer, bank or data processor, financially liable if it is the operator of the system that is hacked, the paper said. The bill does not cover other types of credit card fraud, such as those resulting from a lost or stolen card, it said.

The Massachusetts bill, sponsored by Rep. Michael Costello, would mandate that companies whose security systems are breached assume full responsibility for any fraud-related losses, costs associated with the canceling and reissuing of cards, and in cases of identity theft, the freezing of accounts and credit information, the paper said.

http://today.reuters.com/news/articlenews.aspx?type=domesticNews&storyid=2007-02-22T072834Z_01_N22375241_RTRUKOC_0_US-MASSACHUSETTS-BILL.xml&src=rss

regulate a national chain, particularly if the data center is somewhere else, or if contracted out.

Anyway, no matter who initially picks up the losses, they should be recoverable from whoever blew it.