When I was a kid, living in NY, my parents used to say that what California did, the rest of the country would do in a few years.  Well if the momentum in DC keeps up, as reported in InformationWeek, we may soon have a national data privacy law, much like the one in place in California today.  This national law would mandate disclosure of breaches.  It is about time.  As I have been writing about over the last month -- we have a real problem with security practices in place (or not in place) today.  Perhaps with a requirement to disclose and the follow on loss of reputation and revenue, companies will feel some incentive to invest in improving their security practices -- most of the breaches resulted from generally lax processes.