The report also recommended strengthening criminal laws to prosecute people who attack computer systems and networks.
Dan Reed, Microsoft’s vice president of technology policy and strategy, said current laws punishing data breaches are “antiquated."
He said: "If you think about the penalties for penetrating one account versus a hundred thousand accounts, it’s very hard right now to make clear criminal distinctions between those when in fact their effects on individuals are substantially different."
Republicans on the House Commerce, Manufacturing and Trade subcommittee approved the SAFE Data Act to establish a uniform national standard for notifications of data breaches last week. The bill now awaits a vote in the full Energy and Commerce Committee.