[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 84 Introduced in Senate (IS)]
<DOC>
116th CONGRESS
1st Session
S. 84
To amend the Small Business Act to require that consumer reporting
agencies and other credit reporting companies provide certain
protections to small businesses, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
January 10, 2019
Mr. Rubio (for himself, Mr. Kennedy, Mr. Coons, and Mr. Jones)
introduced the following bill; which was read twice and referred to the
Committee on Small Business and Entrepreneurship
_______________________________________________________________________
A BILL
To amend the Small Business Act to require that consumer reporting
agencies and other credit reporting companies provide certain
protections to small businesses, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Small Business Credit Protection
Act''.
SEC. 2. DATA BREACHES.
(a) In General.--The Small Business Act (15 U.S.C. 631 et seq.) is
amended--
(1) by redesignating section 49 (15 U.S.C. 631 note) as
section 50; and
(2) by inserting after section 48 (15 U.S.C. 657u) the
following:
``SEC. 49. DATA BREACHES.
``(a) Definition.--In this section, the term `credit reporting
company'--
``(1) has the meaning given the term `consumer reporting
agency' in section 603 of the Fair Credit Reporting Act (15
U.S.C. 1681a); and
``(2) includes an entity that collects commercial credit
data.
``(b) Requirements for Reporting Breaches.--
``(1) Applicable state law.--
``(A) In general.--Except as provided in paragraph
(2), if nonpublic data of a small business concern that
is collected or stored by a credit reporting company
has been breached, the credit reporting company shall
report the breach promptly and not later than as
required under the law of the State in which the small
business concern is located.
``(B) Locations in multiple states.--If a small
business concern that is affected by a breach described
in subparagraph (A) has locations in more than 1 State,
for the purposes of that subparagraph, the law of the
State that imposes the shortest period for the
reporting of the breach shall apply.
``(2) Exception.--
``(A) In general.--If a small business concern that
is affected by a breach described in paragraph (1)(A)
is located in a State that does not have a law that
imposes a set period for the reporting of the breach,
the credit reporting company to which the requirement
under that paragraph applies shall report the breach in
the most expeditious manner practicable and without
unreasonable delay.
``(B) Rule of construction regarding a law
enforcement request.--For the purposes of subparagraph
(A), a delay with respect to the reporting of a breach
described in that subparagraph that is caused by a
requirement to respond to a request submitted by a law
enforcement agency shall be construed to be a
reasonable delay.
``(c) Prohibition.--During the 180-day period beginning on the date
on which a breach described in subsection (b)(1)(A) occurs, a credit
reporting company may not charge a small business concern that is
affected by that breach for providing the small business concern with
the credit report of the small business concern.
``(d) No Preemption.--Nothing in this section shall preempt any
State law with respect to credit reporting companies.''.
(b) GAO Report.--
(1) Definitions.--In this subsection--
(A) the term ``credit reporting company''--
(i) has the meaning given the term
``consumer reporting agency'' in section 603 of
the Fair Credit Reporting Act (15 U.S.C.
1681a); and
(ii) includes an entity that collects
commercial credit data; and
(B) the term ``small business concern'' has the
meaning given the term in section 3(a) of the Small
Business Act (15 U.S.C. 632(a)).
(2) Report.--Not later than 1 year after the date of
enactment of this Act, the Comptroller General of the United
States shall submit to Congress a report regarding the economic
harm incurred by small business concerns as a result of data
breaches at credit reporting companies.
<all>