Some see it as the somewhat inevitable fallout from a seemingly neverending spate of data breach disclosures. Others are blasting the proposed plan as unfairly penalizing retailers while letting banks and credit card companies off the hook.

The legislation was proposed by Democratic state Rep. Michael Costello. It would require retailers who suffer a data breach to reimburse card-issuing banks for the costs involved in blocking and re-issuing cards, closing and opening new accounts and any other measures they're forced to take because of the breach. Banks and credit unions have typically until now been forced to assume those costs, which sometimes total more than US$30 per card.

The Massachusetts bill is the first of its kind to be proposed in the country, though similar legislation is being considered at the federal level, too. The bill's fate is uncertain and if it does win approval, it would actually apply to all businesses -- including banks and card processing companies operating in Massachusetts, regardless of where they are based.

But it is retailers who are seen as the main targets of the measure, especially since it comes in the aftermath of a at TJX Companies Inc. and a somewhat less serious one at Stop & Shop Supermarket Companies Inc.

"This is what happens if industry doesn't respond fast enough to [information security] challenges," said Brian Kilcourse, president of the Retail Systems Alert Group, a Newton, Mass-based consultancy. A recent survey by the company showed that about 43 percent of retailers still don't have any sort of incident response plan to deal with breaches such as the one that hit TJX.