Cyber Security Industry Alliance Newsletter •  Volume 2, Number 11  • Summer 2006

Data Security Legislation Snapshot

Seven Bills Under Consideration, But Still No Federal Standard



Deadline Approaching for National
Computer Security Survey!

The goal of National Computer Security Survey (NCSS)
is to produce reliable national and industry-level estimates
of the prevalence of computer security
incidents (such as denial of service attacks, fraud,
or theft of information) against businesses and
the resulting losses incurred by businesses.
This first-of-its-kind survey is co-sponsored
by the Department of Justice
and Department of Homeland Security
and is being conducted by RAND Corporation.

CSIA believes this survey is critically important
and that its results will help us all make more
informed decisions about how to best target our resources
in the fight against cybercrime.

The August deadline for responses is fast approaching
and CSIA encourages your support of this
important project. For information see:

As Congress prepares for the upcoming August recess and upcoming elections, we are faced with a shortened Congressional calendar.

There are still many unresolved issues, particularly regarding the protection of sensitive personal information.

As it stands, Congress is working on seven different bills regarding data security, with no signs of producing one comprehensive piece of legislation that would protect consumers.

We have seen almost 89 million records breached since February 2005, with eleven separate incidences in the past month alone. 34 states have their own varying legislation, while 16 states have no similar protections.

Continued state action will result in a confusing and costly patchwork of laws. We cannot wait until the 110th Congress to revisit this issue.

Below, CSIA provides a brief outline of each of the bills pending in both the House and the Senate.

House Bills Senate Bills

H.R. 3997

Financial Data Protection Act of 2005

Sponsored by:
Rep. Steve LaTourette (R-OH)

Co-Sponsored by:
There are 12 co-sponsors

H.R. 3997 was introduced on 10/6/2005 and
referred to the House Committee on Financial Services.

On 11/9/2005 the Committee held a hearing and it was clear that there was not bi-partisan consensus on the bill.

On 3/16/2006 H.R. 3997 was marked up and reported out with amendments.

On 5/24/2006, HR 3997 was marked up by the Energy and Commerce Committee. Rep. Stearns offered an amendment in the form of a substitute bill that, following the enacting language, inserts the language from HR 4127.

The Committee approved the substitute bill 42-0.

On 6/2/2006, HR 3997 was reported out of committee and placed on the Legislative Calendar.


Notification of Risk to Personal Data Act

Sponsored by:
Sen. Jeff Sessions (R-AL)

S.1326 was introduced on 6/28/2005 and referred to the Committee on the Judiciary.

On 10/20/2005, S.1326 was reported out of Committee and placed on the Senate Legislative Calendar.


H.R. 4127

Data Accountability and Trust Act

Sponsored by:
Rep. Cliff Stearns (R-FL)

Co-Sponsored by:  Rep. Deborah Pryce (R-OH), Rep. Fred Upton (R-MI), Rep. George Radanovich (R-CA), Rep. Charles Bass (R-NH), Rep. Mary Bono (R-CA), Rep. Michael Ferguson (R-NJ), Rep. Marsha Blackburn (R-TN), Rep. Paul E. Gillmor (R-OH)

H.R. 4127 was introduced on 10/25/2005 and was marked-up in the House Energy and Commerce Committee's subcommittee on Commerce, Trade and Consumer Protection on 11/3/2005.

Subcommittee Chairman Stearns offered a number of manager amendments which were accepted.

The bill was passed out of subcommittee with no minority support.

On 3/29/2006 it was passed out of full committee by a vote of 41-0.

On 3/29/2006, it was passed out of full committee by a vote of 41-0.

On 5/24/2006, the House Financial Services considered HR 4127, offered an amendment in the form of a substitute bill, and inserted the language from 3997.

This amended bill was passed out of committee.


Identity Theft Protection Act

Sponsored by: Sen. Gordon Smith

Co-Sponsors:  Sen. Ben Nelson (D-FL), Sen. Daniel Inouye (D-HI), Sen. John McCain (R-AZ), Sen. Mark Pryor (D-AR), Sen. Ted Stevens (R- AK), Sen. Hillary Rodham Clinton (D-NY), Sen. Lisa Murkowski (R-AK)

S. 1408 was introduced on 7/14/2005 and referred to the Committee on Commerce, Science and Transportation.

On 12/8/2005, the Commerce Committee ordered S. 1408 to be reported with an amendment in the nature of a substitute.

On 12/8/2005, the bill was reported out with an amendment in the nature of a substitute.

It was then placed on the Senate Legislative Calendar under General Orders.


H.R. 5318

Cyber-Security Enhancement and Consumer Data Protection Act of 2006

Sponsored by:  Rep. Jim Sensenbrenner, Jr. (R-WI)

Co-Sponsored by: Rep. Steve Chabot (R-OH), Rep. Howard Coble (R-NC), Rep. Tom Feeney (R-FL), Rep. Deborah Pryce (R-OH), Rep. Adam Schiff (D-CA), Rep. Lamar Smith (R-TX)

H.R. 5318 was introduced on 5/9/2006 and referred to the House Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland Security.

The Subcommittee held a hearing on 5/11/2006 and marked up the bill on 5/18/2006.

It was passed out of committee and sent to the full Judiciary Committee, where it was marked-up and passed out of committee on 5/25/2006.

S. 1789

Personal Data Privacy and Security Act of 2005

Sponsored by: Sen. Specter (R-PA)

Co-Sponsored by: Sen. Russell D. Feingold (D-WI), Sen. Dianne Feinstein (D-CA), Sen. Patrick Leahy (D-VT)

S. 1789 was introduced on 9/29/05 and referred to the Committee on the Judiciary.

On 10/20/2005 and 10/27/2005, S. 1789 was considered and held over for the next meeting.

On 11/17/2005, by a 13-5 vote, the Senate Judiciary Committee approved S. 1789.


S. 3568

Data Security Act of 2006

Sponsored by: Sen. Robert Bennett (R-UT)

Co-Sponsored by: Sen. Tom Carper (D-DE)

S. 3568 was introduced on 6/26/2006 and referred to the Committee on Banking, Housing, and Urban Affairs.