Notification of Risk to Personal Data Act

Notification of Risk to Personal Data Act - Prescribes notification procedures governing any agency, or person engaged in interstate commerce, that owns or licenses electronic data containing personal information, following the discovery of a breach of security of the system containing such data.

Amends the Gramm-Leach-Bliley Act to require a financial institution, at which a breach of personal information is reasonably believed to have occurred, to promptly notify: (1) each affected customer; (2) each pertinent consumer reporting agency; (3) the information clearinghouse established by the Federal Trade Commission (FTC) under this Act; and (4) appropriate law enforcement agencies in any case in which the financial institution has reason to believe that the breach or suspected breach affects a large number of customers.

Requires any person that maintains personal information for or on behalf of a financial institution to notify promptly the financial institution of any case in which such customer information has been, or is reasonably believed to have been, breached.

Amends the Fair Credit Reporting Act to require a consumer reporting agency to maintain a fraud alert file with respect to any consumer upon receiving notice of a breach of personal information from: (1) an agency or person engaged in interstate commerce pursuant to this Act; or (2) a financial institution subject to the Gramm-Leach-Bliley Act.

Authorizes State Attorneys General to bring civil actions in Federal district court to enforce this Act on behalf of the residents of the State.

Directs the FTC to establish and maintain a clearinghouse to collect and analyze information required under this Act.