If you use any web email service you should be supporting this bill. Things have changed since 1996, when the original bill (now in force) was passed.
This approach intelligently deals with violations of regulatory guidelines that does not have to apply a ‘one size fits all’ solution when different types of violations deserve different outcomes.
Regulations are meant to guard consumers and companies from harm, but if the intent to harm is not present,or if there is no real harm to consumers the response should not be identical to the response when the harm is real, or intentional.
This shouldn’t surprise anyone who thinks about it. It just reinforces the need to hold companies, or whomever is holding your data accountable for what they do with that data. You might not even know that they have information about you, if they are not accountable, to you or to some other entity they will do what is best for them – not you.