H.R.1841 - Data Accountability and Trust Act (DATA) of 2011112th Congress (2011-2012)
|Sponsor:||Rep. Stearns, Cliff [R-FL-6] (Introduced 05/11/2011)|
|Committees:||House - Energy and Commerce|
|Latest Action:||House - 05/13/2011 Referred to the Subcommittee on Commerce, Manufacturing, and Trade. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Summary: H.R.1841 — 112th Congress (2011-2012)All Information (Except Text)
Introduced in House (05/11/2011)
Data Accountability and Trust Act of 2011 - Requires the Federal Trade Commission (FTC) to promulgate regulations requiring each person engaged in interstate commerce that owns or possesses electronic data containing personal information to establish security policies and procedures.
Authorizes the FTC to require a standard method or methods for destroying obsolete nonelectronic data.
Requires information brokers to submit their security policies to the FTC in conjunction with a security breach notification or on FTC request. Requires the FTC to conduct or require an audit of security practices when information brokers are required to provide notification of such a breach. Authorizes additional audits after a breach.
Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals, (2) provide to individuals whose personal information it maintains a means to review it, (3) place notice on the Internet instructing individuals how to request access to such information, and (4) correct inaccurate information.
Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information.
Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).
Prescribes procedures for notification to the FTC and affected individuals of information security breaches. Sets forth special notification requirements for breaches: (1) by contractors who maintain or process electronic data containing personal information, (2) involving telecommunications and computer services, and (3) of health information.
Terminates this Act effective September 30, 2016.