Security breaches involving electronic personal data have come to light largely as a result of the California Security Breach Notification Act, a California notification law that went into effect in 2003. In response, the states and some Members have introduced bills that would require companies to notify persons affected by such security breaches. By December 2005, 35 states had introduced data security legislation and 22 states had enacted data security laws. Numerous data security bills have been introduced in the 109th Congress (S. 115, S. 500, S. 751, S. 768, S. 1216, S. 1326, S. 1332, S. 1408, S. 1594, S. 1789, S. 2169, H.R. 1069, H.R. 1080, H.R. 3140, H.R. 3374, H.R. 3375, H.R. 3397, H.R. 4127). S. 1326, S. 1408, and S. 1789 were reported by Senate committees. This report provides a brief discussion of federal and state data security laws.
CRS Report for Congress, RS22374