On April 30, 2009, Rep. Bobby Rush, D-Ill., chairman of the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, introduced H.R. 2221, the Data Accountability and Trust Act of 2009. The purpose of the bill is to require "reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach."
The bill was co-sponsored by legislators on both sides of the aisle: Rep. Joe Barton, R-Texas, ranking member of the House Committee on Energy and Commerce; Rep. Cliff Stearns, R-Fla., the Republican leader on the Communications, Technology and the Internet Subcommittee; Rep. George Radanovich, R-Calif.; and Rep. Janice Schakowski, D-Ill.
In a statement before his subcommittee, Rep. Rush noted that similar bills have been introduced in the last two sessions of Congress. Two years ago, it even passed the full Energy and Commerce Committee by a unanimous vote, but then stalled.
The bill has faltered, Rush said, as a result of "jurisdictional disputes."
Still, with the bipartisan support it enjoys from co-sponsors, Rush expressed confidence that this time around, it will become law.
According to Rush, the bill "establishes notification procedures that a company must take when a data breach occurs in order to allow affected consumers to protect themselves. Companies do not have to initiate such notices if they determine that 'there is no reasonable risk of identity theft, fraud or other unlawful conduct.'"
On Dec. 8, 2009, the bill passed in the House with a voice vote. The next day, it was referred to the Senate Committee on Commerce, Science, and Transportation.
We move this promise to In the Works.