On May 24, the House committees on Financial Services and Energy and Commerce took turns marking up the other group's bill on data security. Both committees, as expected, struck the entirety of the other committee's bill, replacing it with their own. The mark-ups were a procedural move in what has become a skirmish over which committee has jurisdiction over the issue of data security.

AFSA favors the Financial Services Committee's bill, HR. 3997, The Financial Data Protection Act of 2005, as opposed to the Energy and Commerce bill, HR. 4127, The Data Accountability and Trust Act. On May 17, AFSA sent a letter to House Leadership outlining the organization's reasons for this support. The two committees are currently meeting to discuss possible compromises on their two very different bills.

In addition to these two bills, the House Committee on the Judiciary has also introduced and passed through committee H.R. 5318, Cyber-Security Enhancement and Consumer Data Protection Act of 2006. In short, this bill assigns criminal penalties to those who commit identity theft, as well as those companies that knowingly—with the intent to prevent, obstruct or impede a lawful investigation of such a breach—fail to provide notice of such a breach to the authorities. At time of this publication, a date has not been set by the Majority Leader for a vote on the House floor on the issue.

AFSA Federal Government Affairs is actively involved in communicating the principles a final bill must have to gain industry support. These include: 1) uniform national standard with a strong federal preemption; 2) no state attorney general enforcement; 3) the breach notification trigger currently in H.R. 3997; 4) enforcement and oversight by the current functional regulator; and 5) a reasonable credit freeze provision, that is, allowing only victims of identity theft "freeze" their active credit file.