Accession Number : ADA509890


Title :   Federal Information Security and Data Breach Notification Laws


Descriptive Note : Congressional rept.


Corporate Author : LIBRARY OF CONGRESS WASHINGTON DC CONGRESSIONAL RESEARCH SERVICE


Personal Author(s) : Stevens, Gina


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a509890.pdf


Report Date : 29 Jan 2009


Pagination or Media Count : 23


Abstract : The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, and the Fair Credit Reporting Act. Also included in this report is a brief summary of the Payment Card Industry Data Security Standard (PCI DSS), an industry regulation developed by VISA, MasterCard, and other bank card distributors. Information security laws are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations where unauthorized persons have access or potential access to personally identifiable information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and include requirements for incident reporting and handling and external breach notification. During the 110th Congress, three data security bills--S. 239 (Feinstein), S. 495 (Leahy), and S. 1178 (Inouye)--were reported favorably out of Senate committees. Those bills include information security and data breach notification requirements. Several other data security bills were also introduced. The 109th and 110th Congresses did not pass data security legislation. In the 111th Congress, expectations are that efforts to move data security legislation will continue this year.


Descriptors :   *DATA PROCESSING SECURITY , *INFORMATION SECURITY , UNITED STATES GOVERNMENT , ACQUISITION , HEALTH , ACCESS , GUIDANCE , BUDGETS , COMPENSATION , INSURANCE , LEGISLATION , LAW ENFORCEMENT , SENATE , GOVERNMENT EMPLOYEES , COMMERCE , CONTROL , INDUSTRIES


Subject Categories : Information Science


Distribution Statement : APPROVED FOR PUBLIC RELEASE