WASHINGTON (Reuters) - Draft legislation is being circulated in Congress that would require firms to make reasonable efforts to secure customers' personal data and to provide quick disclosures in the case of a data breach.
Representative Mary Bono Mack, who has held hearings to scold Sony Corp for delays in telling customers about lost data, released a discussion draft of the bill on Monday.
The proposed legislation also requires companies to begin erasing personal data once it is no longer needed, eliminating the possibility that it could be stolen in a hacking attack.
In the case of a data breach, companies must notify law enforcement within 48 hours, according to the bill. If data is lost that could be used to steal a customer's identity, the company must notify the Federal Trade Commission within 48 hours and begin contacting the customers involved.
"E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it - and that starts with robust cyber security," said Bono Mack, who chairs the House subcommittee on Commerce, Manufacturing and Trade.
"Consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them," she said in a statement.
In the Senate, Senate Majority leader Harry Reid has asked four Senate committees to pull together a comprehensive cybersecurity bill. He hopes it will be brought to the floor by late summer.
Major elements of the Senate bill, which is in the process of being drafted, include: the creation of an office within the executive branch to oversee cyber policy; creation of an office in the Department of Homeland Security to share information on threats; ensuring federal computer systems are safe by continually monitoring them and creating incentives for the private sector to improve their cybersecurity.
There have been a steady stream of hacks, data breaches and computer break-ins in the past few months, including a major cyber attack on the International Monetary Fund. One hacker group claimed the Senate as its latest victim.