In view of the recent spate of cyber attacks on retailers and the patchwork of existing laws that greatly complicate a company’s data breach response, Congress appears ready to create a national data protection and breach notification law that, in theory, would increase the security of consumers’ personal information and simplify the data breach notification process. Statements made publicly during Congressional hearings this past week evidence a tacit agreement between Democrats and Republicans that a national data protection and breach notification law should not mandate a particular security standard, given that technology is rapidly advancing and that every data breach is factually distinct.