This thesis reviews the growing problem of identity theft and fraud that result from the misuse of stolen personal data, and seeks to determine whether or not comprehensive federal legislation is necessary to protect U.S. businesses, consumers and government from identity theft and other crimes. This thesis outlines the different ways identity theft can occur, the different risk levels associated with breaches, and who identity theft affects and how. This thesis explores existing laws and safeguards and their effectiveness in protecting financial institutions, business entities, education establishments, the federal government, and consumers from identity theft crimes and the theft of sensitive personal information. This thesis addresses two schools of thought: 1) the data security status quo is sufficient, and 2) data security should be more highly regulated at a federal level. In doing so, it analyzes pending federal data security legislation and the potential for movement in the 110th Congress. Lastly, this thesis reviews emerging technologies and how they relate to the growing threat of identity theft. This thesis finds that a national standard for data security breach notification, credit freeze policy, and social security number safeguards would be beneficial because of confusing state laws. However, this thesis guardedly recommends a national standard since the private sector has relatively strict data security regulations and compliance standards in place, and during the political process, pre-emptive federal legislation could end up creating unnecessary mandates for the private sector, and with ever-increasing criminal technologies, it will be virtually impossible to thwart identity theft criminals’ attacks one hundred percent of the time. This thesis finds cybersecurity to be a more imminent threat than identity theft and recommends that federal lawmakers address cybercrime before basic data security standards. Cyber criminals are becoming more organized, and with emerging technologies, the anonymity of the Internet, and use of the Internet as a sharing tool, cyber criminals pose a real threat to U.S. national security. Coupled with deficient information security standards at the majority of U.S. federal agencies, the threat of a large scale cyber attack on U.S. infrastructure is imminent and must be addressed first and foremost.