"The bill focuses on information-sharing," said Mark Jaycox, a legislative analyst with the Electronic Frontier Foundation. But "the lack of information isn't a problem. What is a problem, is what we're seeing in the latest data breaches."
That includes persistent bad security habits by companies, such as failing to encrypt data or continuing to use outdated, "legacy" computer systems, Jaycox said.
While the bill requires companies and authorities to scrub the data of personal information, critics worry that that's unlikely.
"You aren't going to be looking at every single letter or email that goes out," Jaycox said. "There is a very real fear...that unrelated personal information is shared with the government."