Cyber-Security Enhancement and Consumer Data Protection Act of 2006 would punish companies for failing to notify the Secret Service or FBI of an electronic database breach. The bill also calls for prison sentences that could reach up to five years. PrivacyRights.org reported more than 100 businesses losing control of customer data in 2005. 28 states have enacted some form of data-breach notification law, according to Brian Krebs’ Security Fix blog on WashingtonPost.com. For more on data breaches, read Breach Brigade and The Five Most Shocking Things About the ChoicePoint Debacle.”]
Source: https://www.csoonline.com/article/2119898/new-law-would-require-reporting-of-breaches.html