The New York Times has an editorial about data privacy:
Computers hold an enormous amount of personal information about people. In the wrong hands, the data can be used to steal identities or drain bank accounts. There is a patchwork of laws that offers varying levels of protection to residents of most, but not all, states, but there is no overarching federal law.
Senator Patrick Leahy, a Democrat of Vermont, is sponsoring a bill, the Personal Data Privacy and Security Act of 2009, that would beef up cybersecurity and make people’s personal information safer. It would require entities that keep personal data to establish effective programs for ensuring that that data is kept confidential. That could include encryption of data, although the law does not specify any security method. When there is a breach, it would require that notice be given to individuals whose personal information is exposed.
The Leahy bill applies both to the private companies and to government, which is important, since both the private and public sectors have been responsible for major data breaches in the past few years. […]
One potentially troubling aspect of the bill is that it would pre-empt, or nullify, state laws in this area. That is not a problem if the bill remains in its current form. But it should not be allowed to get weaker during the legislative process. A weak federal law that pre-empts state protections would be worse than no federal law at all.
In September, Privacy Lives joined consumer groups in a letter to members of the U.S. House Energy and Commerce Committee, urging state preemption language be stricken from H.R. 2221, the Data Accountability and Trust Act. When federal and state laws conflict, “preemption” allows federal laws to trump state laws. Consumer advocates continue to urge (pdf) that any federal laws set a floor for regulation (which allows states to create stronger laws) not a ceiling (which bars states from creating more protective laws).