S.139 - Data Breach Notification Act

A bill to require Federal agencies, and persons engaged in interstate commerce, in possession of data containing sensitive personally identifiable information, to disclose any breach of such information. view all titles (4)

All Bill Titles

  • Official: A bill to require Federal agencies, and persons engaged in interstate commerce, in possession of data containing sensitive personally identifiable information, to disclose any breach of such information. as introduced.
  • Popular: Data Breach Notification Act as introduced.
  • Short: Data Breach Notification Act as introduced.
  • Short: Data Breach Notification Act as reported to senate.

This Bill currently has no wiki content. If you would like to create a wiki entry for this bill, please Login, and then select the wiki tab to create it.

Bill’s Views

  • Today: 4
  • Past Seven Days: 20
  • All-Time: 19,084
 
Introduced
 
Senate
Passes
 
House
Passes
 
President
Signs
 

 
01/06/09
 
 
 
 
 
 
 

Official Summary

Data Breach Notification Act - (Sec. 2) Requires any agency or business entity with sensitive personally identifiable information to notify without unreasonable delay any U.S. resident of a security breach in which such resident's information has been, or is reasonably believed to have

Official Summary

Data Breach Notification Act -

(Sec. 2)

Requires any agency or business entity with sensitive personally identifiable information to notify without unreasonable delay any U.S. resident of a security breach in which such resident's information has been, or is reasonably believed to have been, accessed or acquired.

(Sec. 3)

Exempts agencies or business entities from security breach notification requirements if they provide written certification to the Secret Service that providing such notification would impede a criminal investigation or damage national security. Requires the Secret Service to evaluate the merits of such certifications.

(Sec. 4)

Requires an agency or business entity to give notice of a security breach to any affected individuals:
(1) by written notice to their last known home mailing address, by telephone, or by email (if email notification was consented to); and
(2) to major media outlets if the number of residents in a state affected by a security breach exceeds 5,000.

(Sec. 5)

Requires the notification to individuals whose sensitive personally identifiable information has been acquired to include:
(1) a description of the categories of information an unauthorized individual has acquired; and
(2) toll-free numbers for contacting the agency or business entity whose databases have been breached and major credit reporting agencies.

(Sec. 6)

Requires any business entity or agency that is required to provide notification to more than 5,000 individuals of a security breach to notify all consumer reporting agencies.

(Sec. 7)

Requires any business entity or agency to notify the Secret Service of security breaches of sensitive personally identifying information within 14 days of any data security breach that involves:
(1) more than 10,000 individuals;
(2) a database that contains information about more than one million individuals nationwide;
(3) a federal government database; or
(4) individuals known to be government employees or contractors involved in national security or law enforcement. Requires the Secret Service to notify the Federal Bureau of Investigation (FBI), the U.S. Postal Service, and the attorney general of each affected state of a security breach within 14 days of receiving notice of any breach.

(Sec. 8)

Authorizes the Attorney General to bring a civil action, including an injunction, in a U.S. district court for violations of security breach notification requirements.

(Sec. 9)

Allows state attorneys general to bring a civil action in a U.S. district court to enforce security breach notification requirements. Authorizes the Attorney General to stay, or intervene in, any state action.

(Sec. 10)

Declares that the provisions of this subtitle shall supersede any other provision of federal or state law relating to notification by an interstate business entity or agency of a security breach.

(Sec. 11)

Authorizes appropriations to the Secret Service to carry out investigations and risk assessments of security breaches.

(Sec. 12)

Requires the Secret Service to report to Congress on security breaches resulting from risk assessment exemptions.

...Read the Rest

Organizations Supporting S.139

  • None via MapLight at this time.

Organizations Opposing S.139

  • None via MapLight at this time.




Vote on This Bill

75% Users Support Bill

12 in favor / 4 opposed
 

Send Your Senator a Letter

about this bill Support Oppose Tracking
Track with MyOC