By RON McDANIEL

When a woman we’ll call Gail checked her Visa account online, she noticed hundreds of dollars in charges for video warehouses in New York and San Francisco. That might not be too surprising except for one fact Gail lives in Los Angeles. Fortunately, she had heard about the TJ Maxx/Marshalls credit card thefts and knew that many fraudulent charges from that theft occurred in New York, California and other states such as Florida. As a customer of many local large retailers, she thought she might be a victim.

Gail is not alone. More than 100 million Americans, including millions of Californians, have been victims of credit or debit card theft. Large retailers, consumer data aggregators (those companies that collect names and endless lists) and payment processors have all been victims of significant data breaches. All of these thefts could have been prevented had businesses taken several simple steps to protect customers’ personal credit and debit card data.

California credit unions replaced thousands of credit cards at a cost of hundreds of thousands of dollars in Los Angeles and throughout the state last year due to credit card theft and data breaches. A 2007 survey of California credit unions reported that last year 389,640 cards were breached or potentially breached, an increase over the previous year. In the first half of 2007, Visa and MasterCard alerted financial institutions of more potential breaches than in all of 2005.

Unfortunately, and as scary as it sounds, the typical home computer has more security than the security systems at some businesses. This creates a nightmare scenario for victimized consumers. Many times, credit and debit card thefts only leave the consumer inconvenienced; however, all too often these thefts lead to fraudulent charges, identity theft and months, if not years, of time spent trying to “fix” damaged credit ratings.

Major credit card companies, such as Visa, MasterCard and American Express, have created guidelines for retailers to protect personal data; however, most retailers have failed to do so. In fact, nearly 60 percent of all retailers storing personal data do not adequately protect the information they obtain from customers.

These guidelines are common sense security measures to the average consumer: never store a consumer’s PIN number; encrypt saved data; never store the card security code after a card transaction is authorized; and limit storage of payment information to no longer than required for business or legal reasons. These simple protective measures are not onerous impositions for retailers, but rather they should be the basic steps they take in order to ensure public trust in their brand.

California has a historic opportunity to pass landmark legislation this year that would protect consumer information. Assembly Bill 779 is common sense legislation that requires retailers and other businesses that store personal data to take responsibility for the care and security of the information.

Unfortunately, retailers are fighting this measure. They prefer to gamble that they will not have a breach, and if they do, their costs would be less than the cost to make these preventative changes to protect consumers. However, this is not fair to consumers or financial institutions who suffer the costs of credit card theft. Practical regulations shift responsibility from the victims to the businesses that allowed the theft to happen.

In the TJ Maxx theft, banks spent hundreds of millions of dollars on refunds and replacement credit card costs. Overall, the cost of identity and credit card theft is billions of dollars annually.

California has a long history of leading the effort to protect the personal information of its residents. California passed the original data security breach notification law and since its passage in 2004, 35 other states have passed similar legislation. Because of that leadership, Californians are now notified when a breach occurs. Assembly Bill 779 represents the latest opportunity for California to lead the nation in protecting the private information of its 35 million residents.

Ron McDaniel is chief executive of the California Credit Union in Los Angeles.