US SB3333 | 2011-2012 | 112th Congress
Status
Spectrum: Partisan Bill (Republican 6-0)
Status: Introduced on June 21 2012 - 25% progression, died in committee
Action: 2012-06-21 - Read twice and referred to the Committee on Commerce, Science, and Transportation.
Pending: Senate Commerce, Science, And Transportation Committee
Text: Latest bill text (Introduced) [PDF]
Status: Introduced on June 21 2012 - 25% progression, died in committee
Action: 2012-06-21 - Read twice and referred to the Committee on Commerce, Science, and Transportation.
Pending: Senate Commerce, Science, And Transportation Committee
Text: Latest bill text (Introduced) [PDF]
Summary
Data Security and Breach Notification Act of 2012 - Requires commercial entities that acquire, maintain, store, or utilize personal information (covered entities) to take reasonable measures to protect and secure data in electronic form containing personal information. Directs a covered entity that owns or licenses such data to give notice of any breach of the security of the system that the entity reasonably believes has caused or will cause identity theft or other financial harm to each individual: (1) who is a U.S. citizen or resident; and (2) whose personal information was, or that the covered entity reasonably believes has been, accessed and acquired by an unauthorized person. Requires a covered entity to notify the Secret Service or the Federal Bureau of Investigation (FBI) of a security breach of personal information involving more than 10,000 individuals. Requires a third-party entity contracted to maintain, store, or process data containing personal information to notify the covered entity of a breach of security of a system. Requires a service provider to notify the covered entity if it becomes aware of a breach of security involving personal information owned or possessed by a covered entity and if such covered entity can be reasonably identified. Allows delays of notifications to avoid impeding a civil or criminal investigation or threatening national or homeland security. Sets forth the methods for notification under this Act. Preempts information security practices of the Communications Act applicable to telecommunication carriers, satellite operators, and cable operators. Sets forth civil monetary penalties for violations of this Act. Exempts financial institutions and entities subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Title
Data Security and Breach Notification Act of 2012
Sponsors
| Sen. Pat Toomey [R-PA] | Sen. Roy Blunt [R-MO] | Sen. Jim DeMint [R-SC] | Sen. Dean Heller [R-NV] |
| Sen. Marco Rubio [R-FL] | Sen. Olympia Snowe [R-ME] |
History
| Date | Chamber | Action |
|---|---|---|
| 2012-06-21 | Senate | Read twice and referred to the Committee on Commerce, Science, and Transportation. |
Subjects
Bank accounts, deposits, capital
Civil actions and liability
Commerce
Computer security and identity theft
Consumer affairs
Internet and video services
Right of privacy
Civil actions and liability
Commerce
Computer security and identity theft
Consumer affairs
Internet and video services
Right of privacy
US Congress State Sources
| Type | Source |
|---|---|
| Summary | https://www.congress.gov/bill/112th-congress/senate-bill/3333/all-info |
| Text | https://www.congress.gov/112/bills/s3333/BILLS-112s3333is.pdf |
