summary
Introduced
04/04/2014
04/04/2014
In Committee
04/11/2014
04/11/2014
Crossed Over
Passed
Dead
01/03/2015
01/03/2015
Introduced Session
113th Congress
Bill Summary
Data Accountability and Trust Act - Requires the Federal Trade Commission (FTC) to promulgate regulations requiring each person engaged in interstate commerce that owns or possesses data containing personal information to establish specified security policies and procedures to treat and protect such information. Requires the regulations to include methods for disposing of both electronic and nonelectronic data. Requires information brokers to submit their security policies to the FTC in conjunction with a notification of a security breach notification or on FTC request. Authorizes the FTC to conduct information security practices audits of brokers who have had a security breach or require such brokers to conduct independent audits. Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals, (2) provide to individuals whose personal information it maintains a means to review it, (3) place a conspicuous notice on the Internet instructing individuals how to request access to such information, and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, any data containing personal information. Makes it unlawful for information brokers to obtain or disclose personal information by false pretenses (pretexting). Requires such person to notify the FTC and affected individuals of information security breaches. Sets forth requirements concerning such notification, including method of notification requirements and timeliness requirements. Allows an exemption from notification requirements if such person determines that there is no reasonable risk of identity theft, fraud, or other unlawful conduct. Preempts state information security laws.
AI Summary
This bill, the Data Accountability and Trust Act, requires companies that handle personal information in interstate commerce to establish security policies and procedures to protect that data, including methods for securely disposing of both electronic and non-electronic information. It specifically targets "information brokers," which are defined as entities that collect and sell personal information about individuals who are not their customers, requiring them to submit their security policies to the Federal Trade Commission (FTC), notify the FTC and affected individuals of data breaches, and allow individuals to review and correct their personal information. The bill also mandates that information brokers maintain audit trails of data access and transmissions and prohibits them from obtaining personal information through deceptive means, known as "pretexting." Furthermore, it requires companies to notify individuals and the FTC of security breaches within 60 days, unless delayed for law enforcement or national security reasons, and outlines specific content and methods for such notifications, with an exemption if there's no reasonable risk of identity theft or fraud. Importantly, this bill preempts state data security laws, meaning it would establish a uniform federal standard for data protection and breach notification.
Committee Categories
Business and Industry
Sponsors (6)
Bobby Rush (D)*,
Joe Barton (R),
David Cicilline (D),
Daniel Lipinski (D),
Jerry McNerney (D),
Jan Schakowsky (D),
Last Action
Referred to the Subcommittee on Commerce, Manufacturing, and Trade. (on 04/11/2014)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location | Created |
|---|---|---|
| State Bill Page | https://www.congress.gov/bill/113th-congress/house-bill/4400/all-info | 04/06/2014 |
| BillText | http://gpo.gov/fdsys/pkg/BILLS-113hr4400ih/pdf/BILLS-113hr4400ih.pdf | 04/09/2014 |
| Bill | http://gpo.gov/fdsys/pkg/BILLS-113hr4400ih/pdf/BILLS-113hr4400ih.pdf.pdf | 04/09/2014 |
Loading...