SACRAMENTO, Calif. (AP) — Legislation that passed the state Senate on Thursday would restrict online retailers in the amount and type of personal information they could collect and would require them to dispose of it once it is no longer needed to guard against fraud.
Critics said the bill's proposed changes could have the opposite effect by hampering fraud-prevention efforts.
The legislation, SB383 by Sen. Hanna-Beth Jackson, D-Santa Barbara, is intended to update state law after the California Supreme Court ruled that existing credit-card laws covering personal information do not extend to online transactions.
Jackson said the legislation would protect consumer privacy when people buy songs, movies, apps, ebooks and other content that is downloaded online. She amended the legislation this week so it applies only to downloaded products.
Additional consumer protection is needed after data breaches at major retail chains have threatened customers' privacy and left them vulnerable to financial fraud and theft, Jackson said.
"Recent data breaches at Target, Nieman Marcus and other stores have unfortunately reminded all of us how vulnerable our personal information can be unless we put safeguards in place to protect it," she said in a statement.
But online retailers, credit-card companies and others say they need to retain customers' personal information to prevent fraud and spot irregular transactions.