U.S. to force firms to 'fess up on data loss

The U.S. is processing a legal bill which if passed would mean all companies have to inform customers of security breaches that affect their personal data.

The Data Accountability and Trust Act (DATA) was approved by the US House Energy and Commerce Committee last week and could soon be cleared by the House of Representatives.

The bill requires consumers to be told if their privacy has been violated because of a breach.

According to the Federal Trade Commission (FTC), ID theft cost American consumers $5 billion (US$6 billion) and businesses $48 billion (US$58 billion) last year.

The bill would allow the FTC to enforce standards on keeping data, and make companies appoint a head of security who would produce best practice and audits up to five years after an event.

Under the proposals, if a breach does occur, a company must notify any customers concerned and the FTC, which can then demand an audit.

A similar law has been in place in California for three years. The Security Breach Information Act states that companies that do business in California or that have customers there must notify them if personal information could have been compromised.

Dan Ilett of Silicon.com reported from London.com.