This Note argues that a strict federal data breach notification law would not only appease businesses tired of having to comply with forty-six different state laws but would also increase incentives for businesses to disclose by reducing the cost of compliance and increasing the reputational risk associated with security breaches. Part I of this Note examines the current state of the law by exploring the elements of a data breach notification law. This Part will compare various state laws to the bills considered by the 111th Congress. Part II analyzes lobbyists’ differing perspectives on the possibility of a federal data breach notification law that preempts the state laws currently in place. Taking into account all of these perspectives, Part III draws conclusions regarding the form a federal data breach notification law should take and focuses on giving consumers increased control over the security of their own personal data.