On December 8, 2009, the United States House of Representatives passed H.R. 2221, the Data Accountability and Trust Act. The bill has now been referred to the Senate Committee on Commerce, Science, and Transportation.
H.R. 2221 would require an entity, which owns or possess personal consumer information, to enact data protection security policies and to notify individuals if a security breach occurs. The Federal Trade Commission would be required to promulgate rules regarding data breach notification and protection standards. The bill would also preempt similar state laws.