Senator Dianne Feinstein (D-California) has put forth a proposal mimicking a California state law that requires corporations to notify customers in the event that their personal or confidential data is compromised.

SecurityFocus Article

This is the exact opposite of what the Bush Administration and the Department of Homeland Security have been trying to accomplish. They have been seeking an exemption to the US Freedom of Information Act for hacking or intrusion incidents reported by corporations so that they will volunteer such information without fear of public backlash.

The problem in my opinion with Senator Feinstein's proposal is that the financial penalties are not compelling enough. It would still be in the best interests financially for many companies to risk getting caught and paying the penalties rather than disclosing news of a security breach and losing consumer and shareholder confidence.

Here is my article on About.com regarding this topic: To Disclose Or Not To Disclose

I am curious if others think it makes more sense to exempt corporations from the Freedom of Information Act to entice them to cooperate, or to enact laws requiring them to disclose information of security incidents in hopes that they will not choose to hide the information anyway.

Thoughts?