[Congressional Bills 111th Congress]
[From the U.S. Government Publishing Office]
[S. 1070 Introduced in Senate (IS)]

111th CONGRESS
  1st Session
                                S. 1070

  To establish the Small Business Information Security Task Force to 
address information security concerns relating to credit card data and 
                     other proprietary information.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                              May 19, 2009

Ms. Snowe (for herself and Ms. Landrieu) introduced the following bill; 
 which was read twice and referred to the Committee on Small Business 
                          and Entrepreneurship

_______________________________________________________________________

                                 A BILL


 
  To establish the Small Business Information Security Task Force to 
address information security concerns relating to credit card data and 
                     other proprietary information.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SMALL BUSINESS INFORMATION SECURITY TASK FORCE.

    (a) Definitions.--In this section--
            (1) the terms ``Administration'' and ``Administrator'' mean 
        the Small Business Administration and the Administrator 
        thereof, respectively;
            (2) the term ``small business concern'' has the same 
        meaning as in section 3 of the Small Business Act (15 U.S.C. 
        632); and
            (3) the term ``task force'' means the task force 
        established under subsection (b).
    (b) Establishment.--The Administrator, in coordination with the 
Secretary of Homeland Security, shall establish a task force, to be 
known as the Small Business Information Security Task Force, to address 
the information technology security needs of small business concerns 
and to help small business concerns prevent the loss of credit card 
data.
    (c) Duties.--The task force shall--
            (1) identify--
                    (A) the information technology security needs of 
                small business concerns; and
                    (B) the programs and services provided by the 
                Federal Government, State Governments, and 
                nongovernment organizations that serve those needs;
            (2) assess the extent to which the programs and services 
        identified under paragraph (1)(B) serve the needs identified 
        under paragraph (1)(A);
            (3) make recommendations to the Administrator on how to 
        more effectively serve the needs identified under paragraph 
        (1)(A) through--
                    (A) programs and services identified under 
                paragraph (1)(B); and
                    (B) new programs and services promoted by the task 
                force;
            (4) make recommendations on how the Administrator may 
        promote--
                    (A) new programs and services that the task force 
                recommends under paragraph (3)(B); and
                    (B) programs and services identified under 
                paragraph (1)(B);
            (5) make recommendations on how the Administrator may 
        inform and educate with respect to--
                    (A) the needs identified under paragraph (1)(A);
                    (B) new programs and services that the task force 
                recommends under paragraph (3)(B); and
                    (C) programs and services identified under 
                paragraph (1)(B);
            (6) make recommendations on how the Administrator may more 
        effectively work with public and private interests to address 
        the information technology security needs of small business 
        concerns; and
            (7) make recommendations on the creation of a permanent 
        advisory board that would make recommendations to the 
        Administrator on how to address the information technology 
        security needs of small business concerns.
    (d) Internet Website Recommendations.--The task force shall make 
recommendations to the Administrator relating to the establishment of 
an Internet website to be used by the Administration to receive and 
dispense information and resources with respect to the needs identified 
under subsection (c)(1)(A) and the programs and services identified 
under subsection (c)(1)(B). As part of the recommendations, the task 
force shall identify the Internet sites of appropriate programs, 
services, and organizations, both public and private, to which the 
Internet website should link.
    (e) Education Programs.--The task force shall make recommendations 
to the Administrator relating to developing additional education 
materials and programs with respect to the needs identified under 
subsection (c)(1)(A).
    (f) Existing Materials.--The task force shall organize and 
distribute existing materials that inform and educate with respect to 
the needs identified under subsection (c)(1)(A) and the programs and 
services identified under subsection (c)(1)(B).
    (g) Coordination With Public and Private Sector.--In carrying out 
its responsibilities under this section, the task force shall 
coordinate with, and may accept materials and assistance as it 
determines appropriate from, public and private entities, including--
            (1) any subordinate officer of the Administrator;
            (2) any organization authorized by the Small Business Act 
        to provide assistance and advice to small business concerns;
            (3) other Federal agencies, their officers, or employees; 
        and
            (4) any other organization, entity, or person not described 
        in paragraph (1), (2), or (3).
    (h) Appointment of Members.--
            (1) Chairperson and vice-chairperson.--The task force shall 
        have--
                    (A) a Chairperson, appointed by the Administrator; 
                and
                    (B) a Vice-Chairperson, appointed by the 
                Administrator, in consultation with appropriate 
                nongovernmental organizations, entities, or persons.
            (2) Members.--
                    (A) Chairperson and vice-chairperson.--The 
                Chairperson and the Vice-Chairperson shall serve as 
                members of the task force.
                    (B) Additional members.--
                            (i) In general.--The task force shall have 
                        additional members, each of whom shall be 
                        appointed by the Chairperson, with the approval 
                        of the Administrator.
                            (ii) Number of members.--The number of 
                        additional members shall be determined by the 
                        Chairperson, in consultation with the 
                        Administrator, except that--
                                    (I) the additional members shall 
                                include, for each of the groups 
                                specified in paragraph (3), at least 1 
                                member appointed from within that 
                                group; and
                                    (II) the number of additional 
                                members shall not exceed 13.
            (3) Groups represented.--The groups specified in this 
        paragraph are--
                    (A) subject matter experts;
                    (B) users of information technologies within small 
                business concerns;
                    (C) vendors of information technologies to small 
                business concerns;
                    (D) academics with expertise in the use of 
                information technologies to support business;
                    (E) small business trade associations;
                    (F) Federal, State, or local agencies, including 
                the Department of Homeland Security, engaged in 
                securing cyberspace; and
                    (G) information technology training providers with 
                expertise in the use of information technologies to 
                support business.
            (4) Political affiliation.--The appointments under this 
        subsection shall be made without regard to political 
        affiliation.
    (i) Meetings.--
            (1) Frequency.--The task force shall meet at least 2 times 
        per year, and more frequently if necessary to perform its 
        duties.
            (2) Quorum.--A majority of the members of the task force 
        shall constitute a quorum.
            (3) Location.--The Administrator shall designate, and make 
        available to the task force, a location at a facility under the 
        control of the Administrator for use by the task force for its 
        meetings.
            (4) Minutes.--
                    (A) In general.--Not later than 30 days after the 
                date of each meeting, the task force shall publish the 
                minutes of the meeting in the Federal Register and 
                shall submit to Administrator any findings or 
                recommendations approved at the meeting.
                    (B) Submission to congress.--Not later than 60 days 
                after the date that the Administrator receives minutes 
                under subparagraph (A), the Administrator shall submit 
                to the Committee on Small Business and Entrepreneurship 
                of the Senate and the Committee on Small Business of 
                the House of Representatives such minutes, together 
                with any comments the Administrator considers 
                appropriate.
            (5) Findings.--
                    (A) In general.--Not later than the date on which 
                the task force terminates under subsection (m), the 
                task force shall submit to the Administrator a final 
                report on any findings and recommendations of the task 
                force approved at a meeting of the task force.
                    (B) Submission to congress.--Not later than 90 days 
                after the date on which the Administrator receives the 
                report under subparagraph (A), the Administrator shall 
                submit to the Committee on Small Business and 
                Entrepreneurship of the Senate and the Committee on 
                Small Business of the House of Representatives the full 
                text of the report submitted under subparagraph (A), 
                together with any comments the Administrator considers 
                appropriate.
    (j) Personnel Matters.--
            (1) Compensation of members.--Each member of the task force 
        shall serve without pay for their service on the task force.
            (2) Travel expenses.--Each member of the task force shall 
        receive travel expenses, including per diem in lieu of 
        subsistence, in accordance with applicable provisions under 
        subchapter I of chapter 57 of title 5, United States Code.
            (3) Detail of sba employees.--The Administrator may detail, 
        without reimbursement, any of the personnel of the 
        Administration to the task force to assist it in carrying out 
        the duties of the task force. Such a detail shall be without 
        interruption or loss of civil status or privilege.
            (4) SBA support of the task force.--Upon the request of the 
        task force, the Administrator shall provide to the task force 
        the administrative support services that the Administrator and 
        the Chairperson jointly determine to be necessary for the task 
        force to carry out its duties.
    (k) Not Subject to Federal Advisory Committee Act.--The Federal 
Advisory Committee Act (5 U.S.C. App.) shall not apply to the task 
force.
    (l) Startup Deadlines.--The initial appointment of the members of 
the task force shall be completed not later than 90 days after the date 
of enactment of this Act, and the first meeting of the task force shall 
be not later than 180 days after the date of enactment of this Act.
    (m) Termination.--
            (1) In general.--Except as provided in paragraph (2), the 
        task force shall terminate at the end of fiscal year 2013.
            (2) Exception.--If, as of the termination date under 
        paragraph (1), the task force has not complied with subsection 
        (i)(4) with respect to 1 or more meetings, then the task force 
        shall continue after the termination date for the sole purpose 
        of achieving compliance with subsection (i)(4) with respect to 
        those meetings.
    (n) Authorization of Appropriations.--There is authorized to be 
appropriated to carry out this section $300,000 for each of fiscal 
years 2010 through 2013.
                                 <all>