Summary: H.R.3635 — 113th Congress (2013-2014)All Information (Except Text)

Bill summaries are authored by CRS.

Shown Here:
Passed House amended (07/28/2014)

Safe and Secure Federal Websites Act of 2014 - (Sec. 2) Prohibits a federal agency from deploying or making available to the public a new federal personally identifiable information website (new Federal PII Website) until the chief information officer of the agency submits a certification to Congress that the website is fully functional and secure, as those terms are defined by this Act. Defines "new Federal PII website" as a website that: (1) is operated by (or under contract with) an agency; (2) elicits, collects, stores, or maintains personally identifiable information (i.e., information that can be used to identify an individual, such as a social security number, a date and place of birth, a mother's maiden name, biometric records, or other information linked to an individual); and (3) is first made accessible to the public and collects or stores personally identifiable information on or after October 1, 2012.

Exempts beta websites designed for testing and development if users execute an agreement acknowledging the risks involved.

(Sec. 3) Directs the Director of the Office of Management and Budget (OMB) to establish and oversee policies and procedures for federal agencies to follow in the event of a breach of information security involving the disclosure of personally identifiable information, including: (1) notice, not later than 72 hours after discovery of a breach or possible breach, to individuals whose personally identifiable information could be compromised as a result of such breach; (2) timely reporting to a federal cyber security center designated by this Act; and (3) any additional actions that the Director finds necessary and appropriate.

Requires: (1) agency heads to ensure that agency actions taken in response to a breach comply with OMB policies and procedures established by this Act; and (2) the OMB Director to report to Congress, not later than March 1 of each year, on agency compliance with such policies and procedures.