VETOED	DATE: 10/13/2007

To the Members of the California State Assembly:

I am returning Assembly Bill 779 without my signature.

Protecting the personal information of every Californian is very
important to me and I am committed to strong laws that safeguard
every individual's privacy and prevent identity theft.  Clearly, the
need to protect personal information is increasingly critical as
routine commercial transactions are more and more exclusively
accomplished through electronic means.

However, this bill attempts to legislate in an area where the
marketplace has already assigned responsibilities and liabilities
that provide for the protection of consumers.  In addition, the
Payment Card Industry has already established minimum data security
standards when storing, processing, or transmitting credit or debit
cardholder information.  This industry has the contractual ability to
mandate the use of these standards, and is in a superior position to
ensure that these standards keep up with changes in technology and
the marketplace.  This measure creates the potential for California
law to be in conflict with private sector data security standards.

While I support many of the provisions of this bill, it fails to
provide clear definition of which business or agency "owns" or
"licenses" data, and when that business or agency relinquishes legal
responsibility as the owner or licensee.  This issue and the data
security requirements found in this bill will drive up the costs of
compliance, particularly for small businesses.

I encourage the author and the industry to work together on a more
balanced legislative approach that addresses the concerns outlined


Arnold Schwarzenegger