The Data Accountability and Trust Act was nearly one year in the making, following a series of high-profile data security breaches last year.
According to the act, data brokers would be required to institute a security policy for collecting, using, selling and securing the information they hold, and they would be required to monitor their security systems regularly.
If a breach occurs, the Federal Trade Commission or an independent auditor would review the brokers security plan following a breach, and subsequently the FTC would be permitted to require audits for five years.
If there is a reasonable risk of ID theft, fraud or unlawful conduct as a result of a breach, the company would have to notify U.S. consumers whose data was acquired by an unauthorized person as a result of the breach. The company would also have to notify the FTC and post a notice on its Web site.
"Nobody needs to be left in the dark when their data has been compromised," said Rep. Joe Barton, R-Texas, chairman of the committee.
Consumers would be allowed annual access to their data, and they would have the right to have inaccurate information corrected or marked disputed. The bill also would make it illegal for brokers to obtain data on someone by impersonating that person, a practice known as "pretexting."
The legislation "sends a clear message to the collectors of this information: If you cant protect it, dont collect it," said Rep. John Dingel, D-Mich., adding that additional work needs to be done before Congress votes on the bill.
Several members of the committee sought greater protections for consumers. Rep. Ed Markey, D-Mass., introduced several amendments that were not approved, including a provision to protect data that is sent overseas for handling.
"What happens when this data is sent offshore for storage in a database or for processing?" Markey asked, adding that the bulk of data shipped overseas goes to countries with weak privacy protections, including Bangladesh, Brazil, China, Pakistan and Thailand.
Markey also sought to include a prohibition on buying and selling social security numbers. Barton said it would not be germane to the ID theft bill, but said he is willing to work on separate legislation to protect social security numbers.
The bills author, Rep. Cliff Stearns, R-Fla., said it is endorsed by Microsoft, Entrust and the Business Software Alliance.