Submitting a bill is no guarantee that it will pass muster (or pass anything else for that matter). In fact, the only thing it does guarantee is that some politician will stick his hand out for a free trip to Russia (note to self…strike last comment before I hear the knock at the door).
Meanwhile, after realizing that most of the recent raft of data theft has taken place at the hands of intermediaries, which can hardly be considered well regulated, Diane Feinstein has finally taken a charge at the issue.
The big issue at hand is the process of notification a data purveyor has to make to potential ID theft victims, after someone nabs data from them. Spamroll has bitched about this issue, but I doubt Diane got the idea from here.
The new bill makes some big inroads on this front. It covers all industries the same way (something the data houses have been lobbying against). And not only to banks and other service providers get no break, but the bill doesn’t discriminate on the basis of the type of data stolen either. Electronic as well as paper records are covered.
This article from eWeek does not mention the length of notice requirements, but it does make clear that notice requirements, in writing, would be mandatory for all involved. California is presently the only state with such a requirement, but I think their two weeks grace period could use some shortening as well.
Nonetheless, a step in the right direction. Now lets see how many trips the politicians take to far away places in order to get this one through.