New Congress legislation demands US companies report hacks within 48 hrs

US companies will be forced to disclose details of basic level of protection for consumers' personal information and notify the government when data is stolen, according to new draft legislation from the Congress.

The law has been drafted by Mary Bono Mack, who is a Republican from California who wants to see companies forced to provide a basic level of protection for consumers' personal information and notify the government when data is stolen, media reports said.

This new legislation comes in the backdrop of enormous data breaches at companies like Sony and Epsilon in recent months.

Mack's discussion draft promises to protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach. According to a background staff memo, the Secure and Fortify Electronic Data [SAFE Data] Act, is based on a bill that passed the House in the last Congress, according to National Journal.

Under the new bill companies will have to dispose old or unnecessary data, as well as notify the government within 48 hours of discovering a breach, unless the breach is an accident, the report said.

The legislation also grants the Federal Trade Commissioner limited authority over data protection at nonprofits such as universities and charities, it further said.