After the data breach about a year ago that exposed the personal information of some congressmen, I was sure that there would soon be a federal bill enhancing privacy protections (See Privacy: A personal touch).

But that was not to be.

I guess the big companies that make a profit by violating your and my personal space have enough clout on Capital Hill to even get a congressman whose data was exposed to back off. When the election changed the power picture in Washington, D.C., I had a little burst of hope that something meaningful would happen in this space, but I'm mostly disappointed in what the change has actually brought.

In early February, Senators Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, and Bernie Sanders (I-Vt.) introduced the "Personal Data Privacy and Security Act Of 2007."

From the press release and a quick read of the proposed legislation, it looks quite good. Even in a more detailed reading the bill has some good stuff in it, but in the end the bill does more to protect the people who are sloppy with your data than have any real teeth to prevent the sloppiness in the first place.

The bill concerns itself with the protection of "sensitive personally identifiable information." This includes your name along with Social Security number, passport number or driver's license number, your home address and mother's maiden name or your date of birth, a biometric ID (e.g., fingerprint), bank account number and PIN, or credit card and security code (Note that the new RFID passports may meet this definition because they include your name and picture). As you might expect, the bill would override any state or local laws that address the same issues.

Under the bill, anyone who has this information about you must endeavor to protect it "equal to industry standards" and must notify you if it is improperly accessed. Failure to notify, even where there is just one person's information exposed, can generate a fine of $1,000 per day, as much as $250,000 and as many as five years in jail. These can be doubled if the failure is intentional and willful.

Under the bill, you can ask to see your record (not including any list of purchases they might have for you) that is held by a data broker and ask for it to be corrected if you see anything wrong. The broker can tell you to go away if it wants to claim you are being "frivolous."