S.2289 - Data Breach Prevention and Compensation Act of 2018115th Congress (2017-2018) |
|Sponsor:||Sen. Warren, Elizabeth [D-MA] (Introduced 01/10/2018)|
|Committees:||Senate - Banking, Housing, and Urban Affairs|
|Latest Action:||Senate - 07/12/2018 Committee on Banking, Housing, and Urban Affairs. Hearings held. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
- Passed Senate
- Passed House
- To President
- Became Law
Summary: S.2289 — 115th Congress (2017-2018)All Information (Except Text)
Introduced in Senate (01/10/2018)
Data Breach Prevention and Compensation Act of 2018
This bill creates the Office of Cybersecurity within the Federal Trade Commission (FTC) that, in part, must:
- supervise, evaluate, and regulate specified agencies' management of data security;
- examine agencies annually for compliance with regulations;
- investigate an agency in the event of a breach covered by the bill or suspected noncompliance with regulations, and report on any findings of such investigation; and
- coordinate with the National Institute of Standards and Technology and the National Cybersecurity and Communications Integration Center of the Department of Homeland Security.
The office is authorized to: (1) investigate an agency's compliance with regulations regarding any data breach, and (2) enjoin an agency from violating specified regulations.
Specified consumer reporting agencies, in part, must:
- provide the office with information relating to security measures,
- demonstrate reasonable data protection measures, and
- notify the FTC of a covered breach.
The bill establishes civil penalties for violations and directs the FTC to enforce compliance.