Two U.S. Senate bills now under consideration would regulate how both public and private sector organizations protect personal information and respond to data breaches, according to a story on Nextgov.com.
The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein (D-CA), would authorize the U.S. Attorney General to bring civil actions against firms that fail to notify people whose personal information had been compromised in a breach, and would extend notification requirements to government agencies.
The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy (D-VT), also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.
Both bills cleared the Senate Judiciary Committee and have been placed on the calendar for consideration by the full Senate, according to Nextgov.com.