The House Financial Services Committee approved HR. 3997, The Financial Data Protection Act of 2005 on March 16th, by a vote of 48-17. Included in the bill is a credit freeze provision that is modeled after Vermont's state law and sets a strong federal preemption applied to the rest of the state laws already enacted.

Under the bill, a consumer may place a freeze on his or her credit file — at no cost — if he or she is a victim of identity theft. Consumers with a police report or written affidavit proving the ID theft may unfreeze their files at no cost, but would need to request their files be unfrozen when applying for future credit from a third party with which they do not have an existing relationship. During the March mark up, Ranking Member Barney Frank (D-MA) offered an amendment to set the Vermont standard as a floor rather than a ceiling for credit freeze laws and allow states to enact stronger laws. The amendment was defeated by a roll call 35-26.

The House Energy & Commerce Committee held its full committee mark-up on HR. 4127, The Data Accountability and Trust Act on March 29th and approved the bill 41-0. As a result of a managers' amendment offered by Commerce, Trade and Consumer Protection Subcommittee Chairman Cliff Stearns (R-FL) to help gain bipartisan support for the bill, a number of key differences emerged between this bill and the Financial Services bill. Among the differences are H.R. 4127's allowance of state AG enforcement of the national law, and a provision that allows individual consumers access and dispute rights over their personal information held by data brokers. This bill also would lower the notification trigger by requiring notification when there is a "reasonable," rather than a "significant" risk of identity theft, fraud or other unlawful conduct.

On the Senate side, the Banking Committee is expected to draft a bill soon that will compliment, but not amend Gramm Leach Bliley and the Fair Credit Reporting Act. The Senate Commerce Committee has a bill that includes a file freeze provision that resembles California's law. This bill's trigger for notification of a breach is also set at a "reasonable risk of identity theft."

The Senate Judiciary Committee passed two different identity theft bills in 2005. One is a broad measure (S. 1789) introduced by Senate Judiciary Committee Chairman Arlen Specter (R-PA) and ranking minority member Patrick J. Leahy (D-VT), which would, among other things, allow consumers access and dispute rights to any personal information held by data brokers. The other bill is a narrower identity theft bill (S. 1326) introduced by Sen. Jeff Sessions (R-AL) that is focused on data security and notification of breaches.