California Gov. Arnold Schwarzenegger on Saturday vetoed a bill aimed at curbing identity theft by boosting payment-card security standards, citing unduly high compliance costs for smaller retailers.
The bill, which was approved by a wide majority of state lawmakers, sought to prohibit retailers from storing cardholder data after payment-card purchases, among other moves.
"While I support many of the provisions of this bill, it fails to provide a clear definition of which business or agency 'owns' or 'licenses' data," Schwarzenegger said in a statement. He also said the bill could be in conflict with private-sector data security standards, which, he said, were in a better position to protect consumers.
Credit-card companies typically require retailers to store cardholder data for up to 18 months after purchases in order to satisfy retrieval requests, according to the National Retail Federation. That time lag leaves the data vulnerable to identity theft by hackers, the trade group says.