With a multitude of states trying to protect their citizens when it comes to breaches of personal data security, it is becoming increasingly difficult to manage compliance with this patchwork of laws. The Data Accountability and Trust Act (H.R. 2221) proposed in Congress proposed to preempt state laws and make regulation of data security a matter of federal regulation.
If passed in its current form, the procedure and time frame for notifications in the event of data breach would be standardized instead of the differing requirements from state to state. It would also required the Federal Trade Commission to regulate the security practices around personal data.
The most controversial part seems to be the provisions around information brokers (companies that gather personal information about people that are not their customers to sell to third parties.) It would require these brokers to establish reasonable procedures to verify the accuracy of the personal information it collects. They would also have to provide consumers with access to that information.
Although it is still working its way through the system, it has already been forwarded by the subcommittee to the full House Energy and Commerce Committee.
References:
