


109 HR 5838 IH: Federal Agency Data Breach

U.S. House of Representatives
2006-07-19
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.


	
		I
		109th CONGRESS
		2d Session
		H. R. 5838
		IN THE HOUSE OF REPRESENTATIVES
		
			July 19, 2006
			Mr. Tom Davis of
			 Virginia (for himself, Ms. Pryce of
			 Ohio, Mr. Buyer,
			 Mr. Bradley of New Hampshire, and
			 Ms. Corrine Brown of Florida)
			 introduced the following bill; which was referred to the
			 Committee on Government
			 Reform
		
		A BILL
		To amend title 44, United States Code, to strengthen
		  requirements related to security breaches of data involving the disclosure of
		  sensitive personal information.
	
	
		1.Short titleThis Act may be cited as the
			 Federal Agency Data Breach
			 Notification Act.
		2.Federal agency data
			 breach notification requirements
			(a)Authority of
			 Director of Office of Management and Budget to establish data breach
			 policiesSection 3543(a) of title 44, United States Code, is
			 amended—
				(1)by striking
			 and at the end of paragraph (7);
				(2)by striking the
			 period and inserting ; and at the end of paragraph (8);
			 and
				(3)by adding at the
			 end the following:
					
						(9)establishing
				policies, procedures, and standards for agencies to follow in the event of a
				breach of data security involving the disclosure of sensitive personal
				information in violation of section 552a of title 5, including a requirement
				for timely notice to be given to those individuals whose sensitive personal
				information could be compromised as a result of such breach, except no notice
				shall be required if the breach does not create a reasonable risk of identity
				theft, fraud, or other unlawful conduct regarding such
				individual.
						.
				(b)Authority of
			 Chief Information Officer to enforce data breach policiesSection
			 3544(a)(3) of title 44, United States Code, is amended by inserting after
			 authority to ensure compliance with the following: and,
			 to the extent determined necessary and explicitly authorized by the head of the
			 agency, to enforce.
			(c)Inclusion of
			 data breach notification in agency information security
			 programsSection 3544(b) of title 44, United States Code, is
			 amended—
				(1)by striking
			 and at the end of paragraph (7);
				(2)by
			 striking the period and inserting ; and at the end of paragraph
			 (8); and
				(3)by adding at the
			 end the following:
					
						(9)procedures for
				notifying individuals whose sensitive personal information is compromised
				consistent with policies, procedures, and standards established under section
				3543(a)(9) of this
				title.
						.
				(d)Sensitive
			 personal information definitionSection 3542(b) of title 44,
			 United States Code, is amended by adding at the end the following new
			 paragraph:
				
					(4)The term
				sensitive personal information means any information contained
				in a record, as defined in section 552a(4) of title 5.
					.
			
