Skip to main content
HR 104 114th Congress House Science, Technology, Communications Administrative law and regulatory procedures Business records Civil actions and liability Computer security and identity theft Computers and information technology Congressional oversight Consumer affairs Consumer credit Criminal justice information and records Government information and archives Health information and medical records Judicial review and appeals Right of privacy

Cyber Privacy Fortification Act of 2015

Introduced: January 6, 2015 See on congress.gov
Sign in to write a letter Sign in to watch
 Everywhere this bill has been 4 steps
Introduced
In committee
Reported out
Passed House
Passed Senate
To President
Became law
Jan 22, 2015
Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations.
Jan 6, 2015
Referred to the House Committee on the Judiciary.
Jan 6, 2015
Sponsor introductory remarks on measure. (CR E9)
Jan 6, 2015
Introduced in House
 Plain-English summary Congressional Research Service

Cyber Privacy Fortification Act of 2015

Amends the federal criminal code to provide criminal penalties for intentional failures to provide required notices of a security breach involving sensitive personally identifiable information.  Defines "sensitive personally identifiable information" as specified electronic or digital information.

Defines "security breach" as a compromise of the security, confidentiality, or integrity of computerized data that there is reason to believe has resulted in improper access to sensitive personally identifiable information.

Requires a person who owns or possesses data in electronic form containing a means of identification and who has knowledge of a major security breach of the system containing such data maintained by such person to provide prompt notice to the U.S. Secret Service or the Federal Bureau of Investigation.

Defines "major security breach" as any security breach that involves: (1) a means of identification pertaining to at least 10,000 individuals that is reasonably believed to have been acquired, (2) databases owned by the federal government, or (3) a means of identification of federal employees or contractors involved in national security matters or law enforcement.

Authorizes the Attorney General and any state attorney general to bring civil actions and obtain injunctive relief for violations of federal laws relating to data security.

Requires federal agencies as part of their rulemaking process to prepare and make available to the public privacy impact assessments that describe the impact of certain proposed and final agency rules on the privacy of individuals.

Sets forth authority for agencies to waive or delay certain privacy impact assessment requirements for emergencies and national security reasons.

Directs federal agencies to periodically review promulgated rules that have a significant privacy impact on individuals or a privacy impact on a substantial number of individuals. Requires agencies to consider whether each such rule can be amended or rescinded in a manner that minimizes any such impact while remaining in accordance with applicable statutes.

Provides access to judicial review to individuals adversely affected or aggrieved by final agency action on any such rule.

What's happening now January 22, 2015

Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations.

 Committees of jurisdiction 2
 Cosponsors 1
All 1 Democratic 1