"During the First Session of the 110th Congress, three data security bills were reported favorably out of Senate committees - S. 239 (Feinstein), a bill to require federal agencies, and persons engaged in interstate commerce, in possession of data containing sensitive personally identifiable information, to disclose any breach of such information; S. 495 (Leahy), a bill to prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information; and S. 1178 (Inouye), a bill to strengthen data protection and safeguards, require data breach notification, and further prevent identity theft. On June 3, 2008, H.R. 4791 (Clay), a bill to strengthen requirements for ensuring the effectiveness of information security controls over information resources that support federal operations and assets and to protect personally identifiable information of individuals that is maintained in or transmitted by federal agency information systems, was passed by the House by voice vote under suspension of the rules. [...] This report discusses the core areas addressed in federal legislation. For related reports, see CRS Report RL34120, Information Security and Data Breach Notification Safeguards, by Gina Marie Stevens. Also see the Current Legislative Issues web page for 'Privacy and Data Security' available at [http://apps.crs.gov/cli/ cli.aspx?PRDS_CLI_ITEM_ID=2105]. This report will be updated as warranted."
CRS Report for Congress, RL33273