This Computerworld article thinks that there won’t be any action on a US data breach law this year.

Lawmakers have introduced more than 10 bills dealing with data breach notification since early 2005. The bills differ in several ways, including varying requirements about when a breached company should notify customers and whether consumers should be able to freeze their credit reports following a breach.

Beyond the confusion about the differences in the bills, five congressional committees have claimed jurisdiction over some of the data breach bills. "It's certainly a popular and pro-consumer issue to tackle," said David Sohn, a staff counsel at the Center for Democracy and Technology, a privacy and civil rights advocacy group. "It's difficult to see how Congress will reconcile all the bills."

This could be a very good thing. The bills that were bouncing around Congress were hugely flawed, and would wipe out stronger state laws.