None of the above stated law stated anything about being PCI Compliant. More states are in need of customers’ notifications when a data breach finds its way, as the time goes on the definition of the data which is personal information will also have credit card numbers included in it.
What are the Possibilities? With all that said, is it possible that we will get to see devotion to PCI Compliance and more specifically call it out as a law? Well there is no guarantee about it; but it might be possible, as you don’t know anything about future.