Leadership in the House Committee on Energy and Commerce said they intend to bring an amended version of the DATA (Data Accountability and Trust Act) to a vote March 29. The original bill was approved by the Subcommittee on Commerce, Trade and Consumer Protection in November.
The legislation would require data brokers to set up procedures to verify the accuracy of the information they collect, and maintain and regularly monitor security systems for breaches. It would define data brokers as companies that sell non-customer data to unaffiliated third parties.
One of the most controversial aspects of the ID theft debate centers on the trigger for requiring that consumers be notified of a security breach.
In the legislation under consideration, companies would have to notify consumers if there is "reasonable risk of identity theft to the individual to whom the personal information relates, fraud or other lawful conduct."
Consumers would be permitted annual access to their information held by data brokers, and they would be allowed to have inaccurate information corrected.
The Federal Trade Commission would be required to set national security standards for data brokers. Also, the FTC or an independent auditor would review a brokers security practices following a breach.
The amended bill has the support of Rep. John Dingell, D-Mich., the committees ranking Democrat.