Our esteemed leaders in the U.S. Congress are vowing to enact new laws targeting data thieves, backup-tape burglars and other information-age miscreants.

We should be worried.

Any reasonable person, of course, should agree that such thefts must be punished and data warehouses should let us know if our information falls into the hands of criminals.

But a bill announced last week by Sens. Arlen Specter, R-Penn., and Patrick Leahy, D-Vt., goes far beyond reasonable data security precautions. It amounts to a crackdown on individuals, bloggers and legitimate e-mail list moderators.

Anyone who runs a Web site with registered users and receives income from it (Blogads and Google Ads count) should be concerned. The Specter-Leahy bill says that if that site's list of user IDs or e-mail addresses is compromised, each registered user must be notified via U.S. mail or telephone. Refusal to do so can be punished with $55,000-a-day fines and prison time of up to five years.

That's remarkable but not as extreme as the second requirement: The Web master or mailing list operator might have to "cover the cost" of 12 monthly credit reports of each person whose e-mail addresses was lost or purloined.

For a popular site with 10,000 registered users, that would be a princely sum. If monthly credit reports cost $15 a person, that's $1.8 million over a year.