A bill to require Federal agencies, and persons engaged in interstate commerce, in possession of electronic data containing personal information, to disclose any unauthorized acquisition of such information.
Notification of Risk to Personal Data Act - Requires any agency or person that owns or licenses electronic data containing personal information, following the discovery of a breach of security of the system containing such data, to notify any U.S. resident whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Requires any agency or person who possesses but does not own or license such data, to notify the information owner or licensee about such an unauthorized acquisition. Allows delay of notification in connection with authorized law enforcement purposes. Provides authorized methods of notification and alternative notification procedures.
Provides: (1) civil penalties and rights and remedies in connections with violations; and (2) for enforcement by State attorneys general.
Introduced in Senate
Sponsor introductory remarks on measure. (CR S8738-8739)
Read twice and referred to the Committee on the Judiciary. (text of measure as introduced: CR S8739-8740)
Committee on the Judiciary Subcommittee on Terrorism, Technology and Homeland Security. Hearings held. With printed Hearing: S.Hrg. 108-520.
checking server…
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line