California State Senator Joe Simitian has introduced new legislation designed to tighten data breach notification requirements
, forcing businesses to provide more information about any data that has been leaked in addition to notifying state authorities. What was not included in the legislation was imposed compensation requirements for data breach victims, and according to Simitian are not likely to be for quite some time. "Instead, the next focus of legislation, he said, would likely be on who should bear the cost of sending out notifications to consumers. For example, should a credit card processing company that experiences a breach be responsible for the cost of notifying bank customers? When retailer TJX discovered in 2006 that hackers had accessed credit and debit card numbers passing through its network, banks were left notifying the customers, then had to sue TJX to get compensation for those costs. Heartland Payment Systems, which experienced a breach of credit and debit card numbers in January, has recently been sued by banks to recover their breach notification costs."