A U.S. House of Representatives committee has unanimously approved a bill that would create new regulations for so-called data brokers, including a requirement that U.S. companies that traffic in personal data notify victims of breaches.The House Energy and Commerce Committee’s 41-0 approval of the Data Accountability and Trust Act comes a year after the beginning of a rash of data breaches at dozens of U.S. companies, starting with data brokers ChoicePoint and LexisNexis. The bill, which now goes to the full House for a vote, would require any company that “experiences reasonable risk of identity theft” to notify potential victims as well as the U.S. Federal Trade Commission (FTC). “This is legislation that consumers deserve if we are to help them and our economy defeat the growing menace of identity theft,” Rep. Cliff Stearns, a Florida Republican and primary sponsor of the bill, said in a statement. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Companies that encrypt data would be exempt from data breach notification rules under the bill, as some tech trade groups have requested. Backers of an encryption exemption say it would encourage more companies to use encryption. Since the outbreak of breaches in early 2005, more than 20 states have passed notification laws. Data brokers such as ChoicePoint have called for a national law to standardize notification.The House bill would require data brokers to develop security policies that explain the “collection, use, sale, other dissemination, and security” of the data they hold. It would also direct the FTC to create standards for the handling of personal data, and allow the FTC to audit a data broker’s security practices following a breach of security. The bill would also allow consumers to annually access the records data brokers hold about them, and give them the right to demand inaccurate information be corrected or labeled as disputed.The bill “sends a clear message: ‘If you can’t protect it, don’t collect it,’ ” said Rep. John Dingell from Michigan, the committee’s ranking Democrat. -Grant Gross, IDG News ServiceFor related content from CIO sister publication, CSO, read The Five Most Shocking Things About the ChoicePoint Debacle and When the Dike Breaks: Responding to the Inevitable Data Breach.Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost Unlocking value: Oracle enterprise license models for optimal ROI Helping you maximize your return on investment of Oracle software program licenses is not as complex as it sounds—learn more today. By Rimini Street Oct 02, 2023 4 mins Managed IT Services IT Management brandpost Lessons from the field: Why you need a platform engineering practice (…and how to build it) Adopting platform engineering will better serve customers and provide invaluable support to their development teams. By VMware Tanzu Vanguards Oct 02, 2023 6 mins Software Deployment Devops feature The dark arts of digital transformation — and how to master them Sometimes IT leaders need a little magic to push digital initiatives forward. Here are five ways to make transformation obstacles disappear. By Dan Tynan Oct 02, 2023 11 mins Business IT Alignment Digital Transformation IT Strategy feature What is a project management office (PMO)? The key to standardizing project success The ever-increasing pace of change has upped the pressure on companies to deliver new products, services, and capabilities. And they’re relying on PMOs to ensure that work gets done consistently, efficiently, and in line with business objective By Mary K. Pratt Oct 02, 2023 8 mins Digital Transformation Project Management Tools IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe