AUSTIN, Texas—Texas State Rep. Richard Raymond (D-Laredo) has introduced a bill that seeks to address retailer data breaches by making it illegal for a business or its service provider to retain sensitive information on credit, debit, or prepaid cards after the transaction is complete or, in the case of PIN debit transactions, more than 48 hours after authorization.
According to the Cornerstone CU League, businesses that illegally retain data would be required to reimburse financial institutions for the costs associated with the breach, including cancellation and reissuance of the cards, any costs associated with closing and reopening accounts, and notification to members affected by the breach. In addition, the financial institutions are entitled to recover the costs for damages that were paid to cardholders who lost money due to the breach.
If approved, the bill would take effect Sept. 1, 2015.