RL34120
Federal Information Security and Data Breach Notification Laws
April 03, 2008

Download Locations

Summary

The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, and the Fair Credit Reporting Act. Information security laws are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations where unauthorized persons have access or potential access to personally identifiable information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and include requirements for incident reporting and handling and external breach notification. During the 110th Congress, three data security bills -- S. 239 (Feinstein), S. 495 (Leahy), and S. 1178 (Inouye) -- were reported favorably out of Senate committees. Those bills include information security and data breach notification requirements. Other data security bills were also introduced, including S. 806 (Pryor), S. 1202 (Sessions), S. 1260 (Carper), S. 1558 (Coleman), H.R. 516 (Davis), H.R. 836 (Smith), H.R. 958 (Rush), H.R. 1307 (Wilson), H.R. 1685 (Price), and H.R. 2124 (Davis). For related reports, see CRS Report RL33273, Data Security: Federal Legislative Approaches, by Gina Marie Stevens. Also see the Current Legislative Issues web page for "Privacy and Data Security" available at [http://www.crs.gov]. This report will be updated.

    Related Legislation:
  • S.239
  • S.495
  • S.1178
  • S.806
  • S.1202
  • S.1260
  • S.1558
  • H.R.516
  • H.R.836
  • H.R.958
  • H.R.1307
  • H.R.1685
  • H.R.2124

XML

Available Versions