3.0.0 1027 2023-01-11T13:27:27Z 2023-01-11T13:27:27Z Senate S 2015-04-21 114 sscm00 Commerce, Science, and Transportation Committee Senate Standing Referred to 2015-04-21T19:21:16Z 2015-04-21 sscm00 Commerce, Science, and Transportation Committee Senate Read twice and referred to the Committee on Commerce, Science, and Transportation. (Sponsor introductory remarks on measure: CR S2304) IntroReferral 2015-04-21 Introduced in Senate IntroReferral 10000 9 Library of Congress K000360 Sen. Kirk, Mark Steven [R-IL] MARK KIRK R IL STEVEN N G000555 Sen. Gillibrand, Kirsten E. [D-NY] Kirsten Gillibrand D NY E. 2015-04-21 True Commerce Bank accounts, deposits, capital Civil actions and liability Computer security and identity theft Congressional oversight Consumer affairs Criminal investigation, prosecution, interrogation Criminal procedure and sentencing Federal Trade Commission (FTC) Federal preemption Fraud offenses and financial crimes Health information and medical records Intellectual property International organizations and cooperation Internet and video services Internet, web applications, social media Right of privacy State and local government operations Commerce 00 2015-04-21 Introduced in Senate 2015-06-05T19:23:26Z Data Breach Notification and Punishing Cyber Criminals Act of 2015

Requires certain commercial entities that acquire, maintain, store, or utilize individuals' nonpublic personal information to protect and secure any such data that is held unencrypted in electronic form.

Directs entities that own or license such data, following discovery of a security breach, to notify each individual U.S. citizen or resident: (1) whose personal information is reasonably believed to have been accessed and acquired by an unauthorized person; or (2) who may be at risk of identity theft, fraud, actual financial harm, or other unlawful conduct.

Requires the Department of Homeland Security (DHS) to designate a federal entity to receive information from commercial entities regarding breaches, incidents, threats, and vulnerabilities. Requires the DHS-designated entity to provide such information to: (1) the U.S. Secret Service and the Federal Bureau of Investigation; (2) the Federal Trade Commission (FTC) for civil law enforcement purposes; and (3) other federal agencies for law enforcement, national security, or data security purposes.

Directs entities to notify the DHS-designated entity if a breach involves: (1) the personal information of more than 1,000 individuals, (2) a data system containing the personal information of more than 250,000 individuals, (3) federal databases, or (4) the personal information of primarily federal employees and contractors involved in national security or law enforcement.

Provides alternative compliance procedures for: (1) third parties that maintain personal data in electronic form on behalf of another entity, and (2) certain electronic data service providers.

Sets forth FTC enforcement authority.

Exempts from the requirements of this Act: (1) financial institutions subject to the Gramm-Leach-Bliley Act, and (2) entities subject to health information privacy regulations. Provides for the requirements of this Act to apply to certain entities in place of security practices and notification standards currently enforced by the Federal Communications Commission.

Increases maximum fines or terms of imprisonment for certain cyber-related criminal offenses involving identity theft or fraud.

Directs the Department of State to consult with governments of countries in which international cyber criminals are physically present (if the countries do not have a mutual legal assistance or an extradition treaty with the United States) to determine what actions those governments have taken to prosecute and prevent cyber or intellectual property crimes against U.S. interests or citizens.

Preempts certain state data security laws.

]]> Data Breach Notification and Punishing Cyber Criminals Act of 2015 Display Title Data Breach Notification and Punishing Cyber Criminals Act of 2015 Official Title as Introduced A bill to require notification of information security breaches and to enhance penalties for cyber criminals, and for other purposes. Introduced in Senate IS Short Titles as Introduced Data Breach Notification and Punishing Cyber Criminals Act of 2015 Introduced in Senate 2015-04-21T04:00:00Z https://www.govinfo.gov/content/pkg/BILLS-114s1027is/xml/BILLS-114s1027is.xml 2015-04-21 Read twice and referred to the Committee on Commerce, Science, and Transportation. (Sponsor introductory remarks on measure: CR S2304) text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries and statuses for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.