The House Financial Services Committee, the Senate Banking Committee and the Judiciary and Energy & Commerce Committees of both the House and Senate are among several Congressional committees examining the issue of data security breaches.

While all of the bills offered (so far) have additional notification requirements and most have some form of federal preemption, they differ with respect to the extent of the preemption and the breadth of the application of any new law. Some of the bills focus on financial information; others are more concerned with medical information and even commercial transactions.

On October 6, Rep. Steven LaTourette (R-OH) introduced a new bill incorporating provisions from a bill offered this summer by Rep. Michael Castle (R-DE) and Rep. Deborah Pryce (R-OH). The new bill would require companies that handle Social Security, credit card numbers and other sensitive personal data to do so securely. If the data is inappropriately released, the company suffering the breach would be required to conduct an investigation and immediately notify business partners, law enforcement and regulators.

If the investigation finds a loss of data that could be used by thieves to open new accounts, the company that lost the information would have notify consumers and offer to pay for credit monitoring services.

AFSA will continue to monitor legislative activity related to data security, which is expected to remain a "hot issue" into 2006.