The ACM technology policy weblog has a nice summary of and response to H.R. 4127 regarding stronger data security requirements for businesses. The highlights include requiring data security plans and notification if security is breached.
But be sure to scan down for their discussion of the exemption from notification if the compromised data is encrypted, and why this is a dangerous loophole.
It reminds me of a recent experience talking about security principles to a general audience – one of the hardest concepts to get them to accept was the idea that redundant or layered security is necessary, and single potential points of failure must be avoided. There is definitely a perception that there should be some tool or technique for ensuring security. Here, data encryption seems to be the magic bullet.