Long ago CA started the trend with SB 1386 and in 2005 a similar data privacy bill was proposed. This is the one to set national law with the Cybersecurity Enhancement and Consumer Data Protection Act.

A new proposal in Congress would force anyone who possesses electronic personal data to report "major" security breaches to federal authorities before alerting consumers–or face hefty fines and even imprisonment.

The 11-page House of Representatives bill aims to deter identity thieves and dismantle cybercrime operations, such as phishing scams, that swipe personal information. It was introduced this week by House Judiciary Committee Chairman James Sensenbrenner and backed by three Republicans and one Democrat.

The bill defines "major breach" as any incident that involves the personal information of 10,000 or more individuals, databases owned by the federal government or personal data about federal employees or contractors involved in "national security matters or law enforcement."

Refusing to comply with the rules could result in up to five years in prison or fines of $50,000 for each day that the intrusion is not reported–an idea endorsed by the Justice Department.