Yes:
For example, a bill – the Financial Data Protection Act of 2005 (H.R. 3997) – being considered by the House of Representatives would let the breached company decide whether it should notify customers of a breach; the company would need to notify customers only if it felt the data was going to be misused to cause them financial harm, not under any other conditions. Under this proposal, we will hear less about companies that are sloppy with data. With friends like these in Congress, it might be better to let them continue to fail to deal with the issue and keep the state laws in effect.After millions of identities, ranging from those of credit card users to those of most active duty U.S. military personnnel, have been lost or stolen over the last few years, and the only reason we know about most of those breaches is that a California law requires affected companies to report them to the people whose identities they compromised, the best Congress can propose is to let the affected companies decide whether to notify.Congress fails to grasp security risk ‘Net Insider By Scott Bradner, Network World, 08/14/06
What do you think the affected companies will do with such a choice? Perhaps notify nobody, like they did before the California law?
Note that this is the same approach Congress proposes for net neutrality: let the telcos decide, and if they happen to do something inappropriate, we can always sue them later. Doubtless that will solve net neutrality the same way doing nothing has solved identity theft.
-jsq