US HB1704 | 2015-2016 | 114th Congress
Status
Spectrum: Partisan Bill (Democrat 1-0)
Status: Introduced on March 26 2015 - 25% progression, died in committee
Action: 2015-04-29 - Referred to the Subcommittee on the Constitution and Civil Justice.
Pending: House Subcommittee on the Constitution And Civil Justice Committee
Text: Latest bill text (Introduced) [PDF]
Status: Introduced on March 26 2015 - 25% progression, died in committee
Action: 2015-04-29 - Referred to the Subcommittee on the Constitution and Civil Justice.
Pending: House Subcommittee on the Constitution And Civil Justice Committee
Text: Latest bill text (Introduced) [PDF]
Summary
Personal Data Notification and Protection Act of 2015 Requires certain businesses that use, access, transmit, store, dispose of, or collect sensitive personally identifiable information about more than 10,000 individuals during any 12-month period to notify individuals whose information is believed to have been accessed or acquired through a discovered security breach. Directs businesses, within 30 days after discovery of a breach, to notify: (1) affected individuals by mail, telephone, or email; and (2) major media outlets if the number of affected residents of a state exceeds 5,000. Allows the Federal Trade Commission (FTC) to extend the notification period if a business seeks additional time. Requires the Department of Homeland Security (DHS) to designate a federal government entity to receive notices about security incidents, threats, and vulnerabilities. Directs businesses to notify the DHS-designated entity, and requires the DHS-designated entity to then notify the U.S. Secret Service, the Federal Bureau of Investigation (FBI), and the FTC, if a security breach affects: (1) more than 5,000 individuals, (2) a database that contains the sensitive information of more than 500,000 individuals, (3) federal government databases, or (4) federal employees or contractors involved in national security or law enforcement. Requires the DHS-designated entity to also make the information available to other appropriate federal agencies for law enforcement, national security, or computer security purposes. Authorizes the Secret Service or the FBI to require businesses to delay or exempt individuals from notifications for national security or law enforcement purposes. Requires businesses to notify consumer reporting agencies if more than 5,000 individuals must be notified of a breach. Exempts a business from individual notification requirements if the business: (1) conducts and notifies the FTC of a risk assessment finding no reasonable risk that a breach resulted in, or will result in, harm to the affected individuals, provided that the FTC is given 10 days to determine whether individual notification should be provided before the exemption automatically becomes effective; or (2) uses or participates in a security program that blocks the use of certain sensitive personal information to initiate financial transactions if the program also notifies affected individuals after a breach that results in fraud or unauthorized transactions. Sets forth authority for the FTC and states to enforce against violations of this Act. Amends the federal criminal code to extend extraterritorially the application of penalties for fraud offenses involving an access device issued, owned, managed, or controlled by a financial institution, credit card system member, or other entity organized under the laws of the United States or any U.S. state or territory. (An access device is any card, code, electronic serial number, telecommunications service, or other means of account access that can be used to initiate a transfer of funds or to obtain money, goods, or services.) Removes a condition under current law that subjects a person to such penalties only if the underlying articles, property, or proceeds are held within or have transferred through U.S. jurisdiction.
Title
Personal Data Notification and Protection Act of 2015
Sponsors
| Rep. James Langevin [D-RI] |
History
| Date | Chamber | Action |
|---|---|---|
| 2015-04-29 | House | Referred to the Subcommittee on the Constitution and Civil Justice. |
| 2015-04-29 | House | Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations. |
| 2015-03-27 | House | Referred to the Subcommittee on Commerce, Manufacturing, and Trade. |
| 2015-03-26 | House | Referred to House Judiciary |
| 2015-03-26 | House | Referred to House Energy and Commerce |
| 2015-03-26 | House | Referred to the Committee on Energy and Commerce, and in addition to the Committee on the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned. |
| 2015-03-26 | House | Introduced in House |
Same As/Similar To
HB1584 (Related) 2015-12-02 - Ordered to be Reported by Voice Vote.
Subjects
Commerce
Computer security and identity theft
Consumer affairs
Consumer credit
Criminal investigation, prosecution, interrogation
Fraud offenses and financial crimes
Government employee pay, benefits, personnel management
Jurisdiction and venue
Public contracts and procurement
Right of privacy
Computer security and identity theft
Consumer affairs
Consumer credit
Criminal investigation, prosecution, interrogation
Fraud offenses and financial crimes
Government employee pay, benefits, personnel management
Jurisdiction and venue
Public contracts and procurement
Right of privacy
US Congress State Sources
| Type | Source |
|---|---|
| Summary | https://www.congress.gov/bill/114th-congress/house-bill/1704/all-info |
| Text | https://www.congress.gov/114/bills/hr1704/BILLS-114hr1704ih.pdf |
