For nearly a decade, Congress has considered enacting a federal law to require notification to affected individuals of breaches of a business's data security that could create a risk of identity theft. Calls for federal legislation are prompted by the 46 state laws that now address the subject. Last year, the House of Representatives passed a bill that would have replaced the state laws with a uniform federal standard, but it died when the Senate adjourned without taking action.
Several legislative proposals have been introduced in the current Congress. (See article in the June issue of Privacy In Focus at www.wileyrein.com/fed_data_law). The first to pass a legislative hurdle is a House bill (H.R. 2577) sponsored by Rep. Mary Bono Mack (R-CA), which, on July 20, was approved by voice vote by a subcommittee of the House Energy and Commerce Committee, which she chairs. The bill would establish national standards governing disclosures of breaches of data security and preempt the state laws. Subcommittee approval was a first step; the bill must receive favorable action by the full Committee and the House before moving to the Senate, where several powerful Senators have their own breach notification bills.