Responding to frustration at how credit-reporting agency Equifax disclosed its 2017 breach affecting more than 145 million U.S. consumers, U.S. Reps. Blaine Luetkemeyer, R-Missouri, and Carolyn Maloney, D-New York, have circulated a draft bill to create a federal breach notification law.

To be sure, the Data Acquisition and Technology Accountability and Security Act is still only a draft and hasn’t been officially filed by its two co-sponsors. But the bill has already caught the attention of dozens of state attorneys general that have publicly come out in opposition, arguing the proposed law would pre-empt and hamper their prosecutions.