When a business loses personal data — whether it’s through a stolen laptop or a network security breach — there are some state laws that require the company to notify people who could be affected by the disclosure.Right now Congress is considering bills for a federal consumer data breach notification law. But what should that law include? What should companies do? Who should be held responsible?Later this week, we will post a draft that suggests what such a law should look like. We encourage you to add your comments and suggestions to the proposal. We will compile your suggestions and then publish a new draft of a proposed federal law in an upcoming issue of CSO magazine. Related content opinion Personal data exposed! How can we fix this mess? By Mintz Levin Apr 19, 2007 3 mins Business Continuity Data and Information Security Physical Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe