[Dataloss] House of Representatives in Texas vote to include PCI Requirements in State Law - Pending State Senate Approval

[Bruce Forestal]

"The state's House of Representatives last week voted 139-0 in favor  
of a bill that would formally codify PCI requirements into a state  
law that merchants would be obliged to comply with if passed. Under  
HB 3222 a breached entity will have to reimburse banks and credit  
unions the cost associated with blocking and reissuing cards if the  
merchant was not PCI compliant at the time of the compromise. It also  
provides a safe harbor against such liability for companies who are  
PCI compliant and get breached. The proposal needs to win approval in  
the state Senate before it becomes law."

"According to the language of the bill, "A business that, in the  
regular course of business, collects, maintains, or stores sensitive  
personal information in connection with an access device must comply  
with payment card industry data security standards." The bill would  
allow a financial institution in the state to request a breached  
entity to provide certification of its compliance with PCI specified  
controls. HB 3222 would require the certification to be issued by a  
PCI-approved auditor no earlier than 90-days before the breach."

http://www.computerworld.com/action/article.do? 
command=viewArticleBasic&articleId=9019361&source=NLT_VVR&nlid=37
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20070515/f7cf3c17/attachment.html