ime is running out for the current U.S. Congress, and data security legislation doesn't seem to be a priority. With less than a month of actual working time left for the House and Senate before the 2006 elections, there remain in the legislative hopper five proposals for new, stringent requirements on banks, retailers and other entities that collect consumers' personal financial information.

The most recent legislation was introduced in late June by Sens. Bob Bennett, R-Utah, and Tom Carper, D-Del. Their bill is in reaction to the well-publicized theft of a Department of Veterans Affairs laptop containing vets' sensitive data, including Social Security numbers.

National standard for protecting data

Both Bennett and Carper are members of the Senate Banking Committee, and Bennett chairs the panel's Subcommittee on Financial Institutions. Their legislation, the Data Security Act of 2006 (S. 3568), would create a uniform, national standard for protecting sensitive consumer information and for notifying consumers whose security and privacy have been breached.

The Bennett-Carper legislation, if enacted, would apply to any entity that touches consumer information. This includes retailers and government agencies, not only financial institutions. Many of the recent breaches in data security have occurred outside financial institutions' networks.

"Though current law requires financial institutions to protect the security and confidentiality of customer information, we have to expand this reach," Bennett said. "We are not doing enough to protect consumers and businesses from identity theft and account fraud as criminals have shown they can exploit any network weakness."

Small window, packed agenda

The current, two-year session of the 109th Congress is set to adjourn later this year. And under the rules of order, laws that don't make it out of one session of Congress must be re-introduced and considered as fresh legislation in subsequent sessions.

The conventional wisdom in Washington seems to be that other matters, such as the ongoing war efforts, immigration and pending budget issues will demand what little time remains on the legislative calendar for deliberative action. As of mid-July, no new Congressional action had been scheduled on data security legislation.

All the seats in the House and about one-quarter of seats in the Senate are up for election in November.Congress usually takes off the entire month of August, and most members (especially those running for re-election) will be on the campaign trail for most of October. That leaves only the month of September for one or more of the pending bills to wind their way through the legislative approval process and onto the President's desk.

Not a priority for mom and pop

Meanwhile, a new study suggests data security may not be a big deal for many of America's small businesses. According to data released by Visa U.S.A. last month, small retailers spend more on preventing thefts of money and merchandise (34%) than on securing customer data (20%). Fifty-three percent of retailers don't think consumers worry much about their personal data. And get this: Visa said only 17% of small merchants surveyed knew what magnetic stripe data was.