Congressional Budget Office Cost Estimate: S. 1151: Personal Data Privacy and Security Act of 2011 [open pdf - 29KB]
"S. 1151 would establish new federal crimes relating to unauthorized access to sensitive personal information. The bill also would require most federal agencies and businesses that collect, transmit, store, or use such personal information to establish a data privacy and security program and to notify any individuals whose information has been unlawfully accessed. Assuming appropriation of the necessary amounts, CBO [Congressional Budget Office] estimates that implementing S. 1151 would cost $14 million over the 2012-2016 period. Enacting S. 1151 could increase civil and criminal penalties and could affect direct spending by agencies not funded through annual appropriations; therefore, pay-as-you-go procedures apply. CBO estimates, however, that any changes to revenues and net direct spending would be negligible. S. 1151 contains intergovernmental mandates as defined in the Unfunded Mandates Reform Act (UMRA), but CBO estimates that the cost of complying with the requirements would be small and would not exceed the threshold established in UMRA ($71 million in 2011, adjusted annually for inflation). S. 1151 also would impose several private-sector mandates. Much of the private sector already complies with many of the bill's requirements. However, a large number of entities in the private sector would need to implement new or enhanced security standards if the bill is enacted. Consequently, CBO estimates that the aggregate direct cost of the mandates in the bill would probably exceed the annual threshold established in UMRA for private-sector mandates ($142 million in 2011, adjusted annually for inflation) in at least one of the first five years the mandates are in effect."
Congressional Budget Office: http://cbo.gov/