A federal law is being debated in Congress that would require the holders of personal data to disclose major security breaches to the Secret Service or FBI within 14 days or face a fine of up to $1 million and up to five years in prison. Some say it does not go far enough.
The Cyber-Security Enhancement and Consumer Data Protection Act of 2006 is a short bill. It applies to security breaches in which the personal information of 10,000 or more people is acquired; or any breach involving databases owned by the Federal Government; or one involving primarily data in electronic form containing personal information of employees or contractors of the Federal Government involved in National security matters or law enforcement.
California already has a law that requires businesses to disclose data breaches that could expose individuals to identity theft.
A consumer information service, Consumers Union, says the federal bill should require the same level of disclosure as the California state legislation.