Federal data breach law?
GCN reports that Congress may (or may not) pass federal data breach legislation this year. The Senate Judiciary Committee is currently considering a bill that would set standards for protecting sensitive personal information. Staffers are optimistic that something will get done this year.
A patchwork of state laws has grown up in recent years requiring organizations holding personal information to notify individuals when that information is exposed. This has been a big step forward in data protection, giving millions of potential identity theft victims a heads up when they might be at risk and highlighting identity theft as a major crime issue. But just about everybody agrees that a national standard would be an improvement, although there is concern that federal preemption of state laws could gut some of the stronger standards states have put into place and might limit citizens’ legal recourse.
It is not clear whether Federal legislation would specifically require encryption of sensitive data, similar to Massachusetts and Nevada state laws. It's certainly an effective way to avoid a costly data breach.