A US House committee has approved a new data security law that requires companies that store confidential personal information to notify customers of any security breach.
The Data Accountability and Trust Act was cleared by the Energy and Commerce Committee and may now be considered on the floor of the House of Representatives.
In a statement, the committee says the bipartisan legislation will help prevent identity theft.
The bill requires companies that collect and store sensitive customer data - such as social security numbers, drivers licence details and financial information - to implement effective security safeguards, such as encryption technology.
The new legislation will also force companies to notify customers if data security is breached and the information could be used for identity theft.
Jan Schakowsky, ranking member of the commerce, trade and consumer protection subcommittee, says: "The Data Act would set a federal standard that ensures that consumers' personal information is accurate and kept secure. It requires that consumers will be notified if their privacy may have been violated because of a security breach.
"This bill puts up a firewall that will make it more difficult for data thieves to break through, protecting consumers from identity theft and fraud."
Earlier this year financial services firms in the US were forced to reissue debit cards to customers following the security breach at an undisclosed US retailer. Up to 600,000 cardholders were thought to be at risk.
Bank of America, Wells Fargo and Washington Mutual were among the banks that moved to block and reissue debit cards in recent weeks following the breach, while Citibank was forced to impose transaction blocks on a number of US card accounts after a series of fraudulent cash withdrawals at ATMs in the UK, Russia and Canada.