Professional Documents
Culture Documents
S.L.C.
114TH CONGRESS
1ST SESSION
S. ll
A BILL
To require notification of information security breaches and
to enhance penalties for cyber criminals, and for other
purposes.
1
ALB15691
S.L.C.
2
1
2
3
4
SEC.
3.
NOTIFICATION
OF
INFORMATION
SECURITY
BREACH.
(a) NOTIFICATION.
(1) IN
GENERAL.A
10
11
12
13
14
thorized person; or
15
16
17
18
(2) LAW
ENFORCEMENT.
19
(A) DESIGNATION
20
21
(i) IN
OF A GOVERNMENT EN-
GENERAL.Not
later than 60
22
23
24
25
26
ALB15691
S.L.C.
3
1
vulnerabilities.
(ii) RESPONSIBILITIES
IGNATED ENTITY.The
shall
OF THE DES-
designated entity
10
11
12
13
14
poses; and
15
16
17
18
19
security purposes.
20
21
22
23
24
ALB15691
S.L.C.
4
1
10
individuals;
11
12
13
or
14
15
16
17
18
19
enforcement.
20
(C) FTC
REVIEW OF THRESHOLDS.
21
22
23
24
25
ALB15691
S.L.C.
5
1
(ii)
RULEMAKING.The
Federal
promulgate
regulations,
as
necessary,
10
11
12
13
14
15
16
(1) THIRD-PARTY
17
(A) IN
AGENTS.
GENERAL.In
the event of a
18
19
20
21
22
23
24
ALB15691
S.L.C.
6
1
(B) COVERED
(C)
VIDERS.For
party agent.
10
(2) SERVICE
11
EXCEPTION
receiving
(A) IN
FOR
SERVICE
PRO-
PROVIDERS.
GENERAL.If
12
13
14
15
16
17
18
19
20
21
22
reasonably identified.
23
(B) COVERED
24
receiv-
25
ALB15691
S.L.C.
7
1
3
4
5
6
TO
AFFECTED
INDIVID-
UALS.
(A) IN
GENERAL.Unless
subject to a
10
11
12
13
14
15
16
(B) FOLLOW-UP
NOTIFICATION.Not
later
17
18
19
20
21
22
23
24
25
mation.
ALB15691
S.L.C.
8
1
(2) DELAY
POSES.
(A) LAW
ENFORCEMENT.If
a Federal
10
11
12
13
14
15
16
17
(B) NATIONAL
SECURITY.If
a Federal
18
19
20
21
22
23
24
25
ALB15691
S.L.C.
9
1
is necessary.
7
8
9
NOTIFICATION.
(A) METHOD
OF NOTIFICATION.A
cov-
10
11
12
13
14
following methods:
15
16
17
18
(ii) Telephone.
19
20
(B) CONTENT
OF NOTIFICATION.Regard-
21
22
23
24
ALB15691
S.L.C.
10
1
8
9
10
11
12
quire about
13
14
15
16
vidual.
17
(2) SUBSTITUTE
18
NOTIFICATION.
(A) CIRCUMSTANCES
19
STITUTE NOTIFICATION.A
20
21
22
23
24
ALB15691
S.L.C.
11
1
ty; or
fied.
(B) FORM
9
10
TION.Substitute
OF
SUBSTITUTE
NOTIFICA-
11
12
13
14
and
15
16
17
18
19
quired reside.
20
(3) COST
OF NOTIFICATION.A
covered entity
21
22
23
24
(e) TREATMENT
OF
PERSONS GOVERNED
BY
OTHER
ALB15691
S.L.C.
12
1 covered entity who is in compliance with any other Federal
2 law that requires such covered entity to provide notifica3 tion to individuals following a breach of security shall be
4 deemed to be in compliance with this section.
5
6
10
Federal
Trade
11
45(a)(2)); and
Commission
Act
(15
U.S.C.
12
13
14
15
16
(b) APPLICATION
17 OPERATORS,
AND
TO
TELECOMMUNICATIONS CARRIERS.
ALB15691
S.L.C.
13
1
2
3
(c) ENFORCEMENT
BY
SION.
(1) UNFAIR
TICES.A
Federal
practices.
Trade
Commission
Act
10
(2) POWERS
OF COMMISSION.
11
(A) IN
GENERAL.Except
(15
U.S.C.
as provided in
12
13
14
15
16
17
18
19
(B) PRIVILEGES
AND IMMUNITIES.Any
20
21
22
23
(3) MAXIMUM
TOTAL
LIABILITY.Notwith-
24
25
ALB15691
S.L.C.
14
1
sion; and
7
8
9
OF
ACTION.Nothing in
19
20
21
22
(D); and
23
24
25
tively; and
ALB15691
S.L.C.
15
1
2
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ALB15691
S.L.C.
16
1
fine
years; and
of
not
more
than
$500,000
10
11
12
13
14
15
16
17
18
19
20
21
22
years; and
23
24
ALB15691
S.L.C.
17
1
2
3
4
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ALB15691
S.L.C.
18
1
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ALB15691
S.L.C.
19
1
10
11
12
13
14
15
16
17
18
19
20
21
organization); and
22
23
end; and
24
ALB15691
S.L.C.
20
1
not
more
than
$500,000
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
ALB15691
S.L.C.
21
1
(2) in chapter 63
(A) in section 1343
4
5
10
11
12
13
14
15
and
16
(B)
in
section
1344,
by
striking
17
18
19
20
21
22
inserting
23
24
fined
not
more
than
$500,000
ALB15691
S.L.C.
22
1
2
3
10
11
12
13
14
15
16
17
circulated by Interpol.
18
19 State, or designee, shall consult with the appropriate gov20 ernment official of each country in which 1 or more inter21 national cyber criminals are physically present to deter22 mine what actions the government of such country has
23 taken
(1) to apprehend and prosecute such criminals;
24
25
and
ALB15691
S.L.C.
23
1
(1) IN
GENERAL.The
10
11
12
down by country;
13
14
15
16
17
18
19
20
21
22
year
23
24
25
charged;
ALB15691
S.L.C.
24
(iii) his or her previous country of res-
1
2
idence; and
(iv) the country from which he or she
3
4
5
CONGRESSIONAL
COMMIT-
TEES.For
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
SEC. 7. DEFINITIONS.
25
In this Act:
ALB15691
S.L.C.
25
1
(1) BREACH
OF SECURITY.The
term breach
information.
5
6
7
ENTITY.
GENERAL.The
10
11
12
13
tion.
14
15
(B) EXEMPTIONS.The term covered entity does not include the following:
16
17
18
19
20
21
22
23
24
25
ALB15691
S.L.C.
26
1
(4) DATA
IN ELECTRONIC FORM.The
term
(5) DESIGNATED
ENTITY.The
term des-
9
10
(6) PERSONAL
(A) IN
INFORMATION.
GENERAL.The
11
12
13
14
15
16
17
18
19
20
21
22
23
24
ALB15691
S.L.C.
27
1
2
10
11
12
13
14
15
16
17
18
19
fication number.
20
(B) EXCLUSIONS.
21
(i) PUBLIC
RECORD INFORMATION.
22
23
24
25
ALB15691
S.L.C.
28
1
media.
(ii) ENCRYPTED,
REDACTED, OR SE-
CURED DATA.Personal
ments unusable.
(7) SERVICE
information does
PROVIDER.The
term service
10
11
12
13
14
15
16
17
18
19
20
21
22
23
storage, or connections.
ALB15691
S.L.C.
29
1
2