Skip to main content
HR 6236 111th Congress House Crime and Law Enforcement Bank accounts, deposits, capital Business records Civil actions and liability Computer security and identity theft Consumer affairs Consumer credit Fraud offenses and financial crimes Government information and archives Intelligence activities, surveillance, classified information Right of privacy Social security and elderly assistance Visas and passports

Data Breach Notification Act

Introduced: September 28, 2010 Introduced by: Schiff, Adam B. Democratic · California See on congress.gov
Sign in to write a letter Sign in to watch
 Everywhere this bill has been 7 steps
Introduced
In committee
Reported out
Passed House
Passed Senate
To President
Became law
Dec 20, 2010
Referred to the Subcommittee on Commercial and Administrative Law.
Sep 28, 2010
Referred to House Judiciary
Sep 28, 2010
Referred to House Financial Services
Sep 28, 2010
Referred to House Oversight and Government Reform
Sep 28, 2010
Referred to the Committee on Energy and Commerce, and in addition to the Committees on Oversight and Government Reform, Financial Services, and the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Sep 28, 2010
Referred to House Energy and Commerce
Sep 28, 2010
Introduced in House
 Plain-English summary Congressional Research Service

Data Breach Notification Act - Requires any federal agency or business entity engaged in interstate commerce that uses, accesses, or collects sensitive personally identifiable information, following the discovery of a security breach, to notify: (1) any U.S. resident whose information may have been accessed or acquired; and (2) the owner or licensee of any such information that the agency or business does not own or license.

Exempts: (1) agencies and business entities from notification requirements for national security and law enforcement purposes and for security breaches that a risk assessment concludes do not have a significant risk of resulting in harm if specified certification or notice is provided, subject to review by the Secret Service; and (2) business entities which utilize a security program that blocks the use of sensitive personally identifiable information and provide notice of a breach to affected individuals.

Requires notifications regarding security breaches under specified circumstances to the Secret Service, the Federal Bureau of Investigation (FBI), the Postal Inspection Service, and state attorneys general.

Authorizes the Attorney General to bring a civil action in U.S. district court against any business entity that violates this Act. Sets civil penalties for violations.

Amends the Fair Credit Reporting Act to require agencies to include a fraud alert in the file of a consumer that submits evidence of compromised financial information to a consumer reporting agency.

Authorizes: (1) civil actions by state attorneys general to enforce this Act; and (2) appropriations for costs incurred by the Secret Service to investigate and conduct risk assessments of security breaches.

What's happening now December 20, 2010

Referred to the Subcommittee on Commercial and Administrative Law.

 Committees of jurisdiction 5