Bill would require companies to report large data breaches to the US government

[mandy]

A proposed bill would require companies to report large data breaches to the US government within 2 weeks of their discovery

A new bill sponsored by the infamous House Judiciary Committee Chairman James Sensenbrenner requires private companies to report significant data breaches to the federal government within two weeks. Under the terms of the new Cyber-Security Enhancement and Consumer Data Protection Act of 2006 (PDF) (H.R. 5318), failure to disclose information about the infiltration of electronic databases containing information on at least 10,000 people or information on federal employees can lead to harsh punishments, including jail time:

    Whoever owns or possesses data in electronic form containing a means of identification (as defined in section 1028), having knowledge of a major security breach of the system containing such data maintained by such person, and knowingly fails to provide notice of such breach to the United States Secret Service or Federal Bureau of Investigation, with the intent to prevent, obstruct, or impede a lawful investigation of such breach, and if such breach causes a significant risk of identity theft, shall be fined under this title, imprisoned not more than 5 years, or both...

full article: http://arstechnica.com/news.ars/post/20060512-6818.html