The latest proposal comes amid heightened calls for some sort of federal data security legislation in the wake of recently disclosed breaches at the U.S. Department of Veterans Affairs and several other government agencies.

There are already at least 10 other pieces of legislation pending before Congress, all of them introduced before the VA breach. Among them is the Financial Data Protection Act of 2005, which the House Financial Services Committee passed in March. That bill is designed to give financial services companies a national standard for securing personal data and notifying customers in the event of a breach.

That proposed legislation has drawn intense criticism from privacy advocacy groups who say it would undermine stronger state laws already in place by giving companies too much leeway in deciding when to disclose breaches.

Another example of pending legislation is the Data Accountability and Trust Act (DATA), which was introduced in October by Rep. Cliff Stearns (R-Fla.). That bill would require companies to notify consumers of security breaches involving their data and would give the Federal Trade Commission the authority to enforce compliance.

The measure would also require data aggregators, such as ChoicePoint Inc., to keep the FTC informed about plans for safeguarding private data and to submit to periodic audits in the event of a breach. Stearns' legislation has also drawn fire for allowing companies too much discretion in deciding when to notify regulators and others about breaches.