H.R.1770 - Data Security and Breach Notification Act of 2015114th Congress (2015-2016)
|Sponsor:||Rep. Blackburn, Marsha [R-TN-7] (Introduced 04/14/2015)|
|Committees:||House - Energy and Commerce|
|Committee Reports:||H. Rept. 114-908|
|Latest Action:||01/03/2017 Placed on the Union Calendar, Calendar No. 719. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Summary: H.R.1770 — 114th Congress (2015-2016)All Bill Information (Except Text)
Introduced in House (04/14/2015)
Data Security and Breach Notification Act of 2015
Requires certain commercial entities and non-profit organizations that use, access, transmit, store, dispose of, or collect unencrypted nonpublic personal information to restore the integrity, security, and confidentiality of their data systems following the discovery of a security breach.
Requires notification to: (1) affected U.S. residents when there is a reasonable risk that such a breach has resulted in, or will result in, identity theft, economic harm, or financial fraud; (2) the Federal Trade Commission (FTC) and the U.S. Secret Service or the Federal Bureau of Investigation if an unauthorized person accesses or acquires the personal information of more than 10,000 individuals; and (3) consumer reporting agencies if notice must be provided to more than 10,000 individuals.
Establishes special procedures to coordinate the notices that must be provided when: (1) a breached entity processes personal data on behalf of a non-breached entity; or (2) a provider of electronic data transmission, storage, or network connection services becomes aware of a breach.
Provides authority to the FTC and states to enforce against violations of this Act.
Directs the FTC to educate small businesses about data security and establish an Internet website containing non-binding best practices.
Preempts state information security and notification laws, but does not exempt an entity from liability under common law. Provides for the requirements of this Act to apply to certain entities in place of security practices and notification standards currently enforced by the Federal Communications Commission (FCC), except for FCC regulations that pertain solely to 9-1-1 calls.