Summary: S.2289 — 115th Congress (2017-2018)All Information (Except Text)

There is one summary for S.2289. Bill summaries are authored by CRS.

Shown Here:
Introduced in Senate (01/10/2018)

Data Breach Prevention and Compensation Act of 2018

This bill creates the Office of Cybersecurity within the Federal Trade Commission (FTC) that, in part, must:

  • supervise, evaluate, and regulate specified agencies' management of data security;
  • examine agencies annually for compliance with regulations;
  • investigate an agency in the event of a breach covered by the bill or suspected noncompliance with regulations, and report on any findings of such investigation; and
  • coordinate with the National Institute of Standards and Technology and the National Cybersecurity and Communications Integration Center of the Department of Homeland Security.

The office is authorized to: (1) investigate an agency's compliance with regulations regarding any data breach, and (2) enjoin an agency from violating specified regulations.

Specified consumer reporting agencies, in part, must:

  • provide the office with information relating to security measures,
  • demonstrate reasonable data protection measures, and
  • notify the FTC of a covered breach.

The bill establishes civil penalties for violations and directs the FTC to enforce compliance.