(Direct Newsline)— House subcommittee approved a bill on Friday that is intended to tackle the problem of identity theft by requiring reporting of thefts of personal data.

By a 13-8 vote, the Energy and Commerce Committee’s Subcommittee on Commerce, Trade and Consumer Protection approved H.R. 4127, the Data Accountability and Trust Act (DATA). As passed, the bill would require data brokers to disclose to consumers any unencrypted breaches of their personal data. The bill would also pre-empt any state laws on data theft disclosure.

“This bill sets strong national standards, provides for increased oversight of information brokers, and creates a workable data security and breach notification regime that provides incentives for technological solutions to security that will benefit consumers and the nation’s commercial infrastructure alike,” said U.S. Rep. Cliff Stearns, R-Fla., subcommittee chairman and the author of the bill.

As approved, the bill directs the Federal Trade Commission to create rules for securing personal information. It would also require collecting entities to formulate a security policy and appoint a designated security overseer within their companies. It would define “breach of security” as the unauthorized acquisition of personal information where it is reasonable to assume a risk of identity theft and require companies to notify U.S. citizens individually and with a notice on their Web sites, along with notifying the FTC. The FTC would have the right to audit or require independent audits of the security practices of any company suffering a data breach for up to five years after the theft.

One contentious issue was the proposed bill’s pre-emption of state data security laws. The bill defines identity theft as “assuming another person’s identity for the purpose of engaging in commercial transactions.” Subcommittee Democrats offered amendments that would have changed the trigger for notification to something closer to the current broader law in California, which requires disclosure after “unauthorized acquisition of [data] that compromises the security, confidentiality or integrity of personal information.” The amendments were defeated by straight party-line votes.

Illinois Democrat Rep. Janice Schakowsky pointed out that the standards in the bill being considered would not have triggered consumer notices after the data incursions earlier this year at ChoicePoint and LexisNexus. About 51 million notices warning of identity theft went out to consumers following those security breaches, primarily because of the requirements in the California law.

Rep. John Dingell (D-Mich.) called the national notice standards in the bill “no-notice provisions.”

Rep. Joe Barton (R-Tex) said he expects the schedule a markup in the near future in the full Energy and Commerce Committee.

A House subcommittee approved a bill on Friday that is intended to tackle the problem of identity theft by requiring reporting of thefts of personal data.

By a 13-8 vote, the Energy and Commerce Committee