The proposed Data Accountability and Trust Act (DATA), or H.R. 4127, was approved by a 13-8 vote along partisan lines by a subcommittee of the Energy and Commerce Committee on Nov. 3.

The bill was written by Rep. Cliff Stearns (R-Fla.) chairman of the subcommittee and now goes to the full Energy and Commerce Committee for further consideration.

In broad terms, the proposed law is similar to California's Database Breach Notification Act and similar laws in other states because it requires companies to notify consumers of security lapses involving their private data. It would also require information brokers to inform the U.S. Federal Trade Commission about plans for safeguarding private data and to submit to periodic security audits by the FTC in the event of a breach. The FTC would be responsible for enforcing the new law.

If approved, the measure would override state laws such as the one in California and would serve as a national breach-notification mandate.

While there have been calls for such a national law, the biggest problem with H.R. 4127 is that it requires companies to inform consumers of breaches only if they believe a significant risk of fraud exists, said Alan Paller, director of the SANS Institute, a security research and training firm in Bethesda, Md.