(FORTUNE Magazine) – Three key laws are meant to protect consumers from identity theft--but they aren't getting the job done. That's why two new ones (which may wind up being combined before they come up for vote) were introduced last month. Here's a look. -- Julia Boorstin

FEDERAL LAWS

Gramm-Leach-Bliley Act (Financial Services Modernization Act): Aimed at financial companies. Requires those corporations to tell their customers how they use their personal information and to have policies that prevent fraudulent access to it. Partial compliance has been required since 2001.

Health Insurance Portability and Accountability Act: Aimed at the health-care industry. Limits disclosure of individuals' medical information and imposes penalties on organizations that violate privacy rules. Compliance required for large companies since 2003.

STATE LAWS

California's Notice of Security Breach Law: If any company or agency that has collected the personal information of a California resident discovers that non-encrypted information has been taken by an unauthorized person, the company or agency must tell the resident. Compliance required since 2003. (Some 30 other states are considering similar laws.)

PROPOSED FEDERAL LAWS

Schumer-Nelson ID Theft Bill: Would regulate companies that sell personal data, setting rules to prevent fraudulent access to information and requiring companies to disclose breaches in their security and the sale of personal information.

Notification of Risk to Personal Data Bill: A broader, nationwide version of California's security-breach law that carries tougher penalties for offending companies. Proposed by Senator Diane Feinstein of California.