The House of Representatives has passed H.R.2221, which focuses on protecting consumers by requiring reasonable security policies and protection for personal data.   The bill now transfers to the Senate for consideration prior to it becoming a law.

Originally proposed in April of 2009, the bill focuses on maintaining, distributing and removing data for anyone involved in interstate commerce or maintaining data for individuals and companies involved in interstate commerce.

The bill provides the Federal Trade Commission, the ability to establish the rules and processes for notification of a security breach as well, including the fines that can be levied that are up to $5,000,000 in civil court.

For companies who are maintaining their customer list internally, it’s important to document the process as well as the security breach notification plan so they are in accordance with a potentially regulated mandate.  If the company outsources the information or the storage of the data, it is important to understand the process that the 3rd party provider has established in the event of a security breach. 

For a look at the complete bill, click here.