In the wake of recent national-level data security breaches, a number of privacy breach laws have been presented in Congress that are aimed at creating national standards to replace the current state patchwork of data security laws. Senator Patrick Leahy has introduced the Personal Data Privacy and Security Act of 2014 (SB 1897). This bill is intended to “prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.” In terms of data protection, the bill contains detailed requirements for privacy and security programs and breach notification, including preemption of state law on breach notification. Senators Tom Carper and Roy Blount have introduced the bi-partisan Data Security Act of 2014 (SB 1927), which would provide “rules of the road” for companies and agencies to avoid and respond to data breaches, providing standards for safeguarding information, investigation breaches, and notifying consumers. While a comprehensive national data breach law may sound like a good idea, a national standard could prove to be more cumbersome and onerous depending on what, if anything, is finally enacted. To read more about these bills click here.