Senator Introduces Security Breach Notification Bill
Senator Jeff Sessions has introduced a Security Breach notification bill in the U.S. Senate.
S. 1326 is titled the "Notification of Risk to Personal Data Act".
The bill would require that any agency or person who owns or uses computerized data containing sensitive personal information to "implement and maintain reasonable security and notification procedures."
The law would also require such entities to, if it determines, "after discovery and a reasonable investigation, that a significant risk of identity theft exists as a result of a breach of the system," to notify any individual who is known to be a citizen of the United States.
Companies would also have to notify the credit reporting agencies in the event of breach.
The bill defines "security breach" to mean:
"compromise of the security of computerized data containing sensitive personal data that establishes a reasonable basis to conclude that a significant risk of identity theft to an individual exists, and does not include the compromise of computerized data, if the agency or person concludes, after conducting a reasonable investigation, that there is not a significant risk of identity theft to an indiviudal . . . including a situation where the agency or person maintains or participates in a security program reasonably designed to block unauthorized transactions before they are charged to an indivudal's account and the security program does not indicate that the compromise of sensitive personal information has resulted in fraud or
unauthorized transactions."
The bill would pre-empt all state laws relating to security breaches.
S. 1326 is titled the "Notification of Risk to Personal Data Act".
The bill would require that any agency or person who owns or uses computerized data containing sensitive personal information to "implement and maintain reasonable security and notification procedures."
The law would also require such entities to, if it determines, "after discovery and a reasonable investigation, that a significant risk of identity theft exists as a result of a breach of the system," to notify any individual who is known to be a citizen of the United States.
Companies would also have to notify the credit reporting agencies in the event of breach.
The bill defines "security breach" to mean:
"compromise of the security of computerized data containing sensitive personal data that establishes a reasonable basis to conclude that a significant risk of identity theft to an individual exists, and does not include the compromise of computerized data, if the agency or person concludes, after conducting a reasonable investigation, that there is not a significant risk of identity theft to an indiviudal . . . including a situation where the agency or person maintains or participates in a security program reasonably designed to block unauthorized transactions before they are charged to an indivudal's account and the security program does not indicate that the compromise of sensitive personal information has resulted in fraud or
unauthorized transactions."
The bill would pre-empt all state laws relating to security breaches.
posted by - at 12:49 PM
0 Comments:
Post a Comment
<< Home