Congress continues to wade through its lengthy list of proposals aimed at securing personal information held by businesses.
A U.S. House of Representatives panel on Thursday backed a measure introduced just last week that would, among other things, require a new pile of paperwork from "each person engaged in interstate commerce that owns or possesses data in electronic form containing personal information."
Those in that seemingly broad category would have to draw up a detailed statement of their security policies and procedures. An additional set of requirements, such as ensuring individuals can access and correct their personal information, would apply to "information brokers"--that is, companies like ChoicePoint that are in the business of collecting and maintaining personal records.
The measure, like others pending in Congress, also sets notification procedures upon discovery of a security breach and gives the Federal Trade Commission authority to enforce those rules.
As for keeping data safe in the first place, the bill refrains from setting specific standards, though it suggests encryption and changes to "the architecture, installation, or implementation of network or operating software" as options.
Next, the bill heads to the full House Energy and Commerce Committee for a vote, but staffers have not yet set a date.