From a New York Times editorial:
In 2005, ChoicePoint, a data broker, gave access to personal information about more than 140,000 people to criminals posing as businesspeople. Since that widely publicized security breach, many states have passed laws protecting consumer information, but Congress still has not come through. Now, the House is considering a bill to require greater security for personal data. Consumers deserve this sort of protection.
[…]
For all of its promise, the bill poses a risk. The vast majority of states now have good data security laws that have forced companies to act more responsibly than they once did. The House bill contains a “pre-emption” provision that would wipe out those state laws in the specific areas covered by the new federal law.
Pre-emption of consumer laws is generally not a good idea. States should be allowed to offer their residents greater protections, and to experiment with new approaches. For the federal law to be worth passing, it must offer more than state laws do.
[…]