A bill that would require retailers and other entities to secure consumer data and notify consumers when information is breached has been introduced in the U.S. Senate.
The Data Security Act of 2006-sponsored by Sen. Bob Bennett (R-UT) and Sen. Tom Carper (D-DE)-is modeled after the data security and security breach response provisions of the Gramm-Leach-Bliley Act of 1999. It requires all entities to safeguard sensitive information and notify consumers when information is breached in a manner that could lead to identity theft or account fraud.
The Bennett-Carper bill creates a national standard for data protection and breach notification and would pre-empt similar laws passed by more than 30 states and pending in others.
In introducing the bill, Bennett cited the increasing number of database breaches. "Criminals have shown they know how to exploit any weakness in information databases and networks, so we must do more to protect this information, regardless of where it is located," he said. "Most of the recent data security breaches have occurred outside of financial institutions."