BillTrack50 logo
Free Signup Login
Bill

Bill > HR135

US HR135

US HR135
Cyber Privacy Fortification Act of 2017

summary

Introduced
01/03/2017
In Committee
01/12/2017
Crossed Over
Passed
Dead
12/31/2018

Introduced Session

115th Congress

Bill Summary

Cyber Privacy Fortification Act of 2017 This bill amends the federal criminal code to provide criminal penalties for intentional failures to provide required notices regarding security breaches of computerized data that there is reason to believe resulted in improper access to specified sensitive personally identifiable information that is electronic or digital. A person who owns or possesses data in electronic form containing a means of identification, and who has knowledge of a major security breach of the system containing such data, must notify the U.S. Secret Service or the Federal Bureau of Investigation. A "major security breach" involves: (1) a means of identification pertaining to at least 10,000 individuals that is reasonably believed to have been acquired, (2) databases owned by the federal government, or (3) a means of identification of federal employees or contractors involved in national security matters or law enforcement. The Department of Justice and state attorneys general may bring civil actions and obtain injunctive relief for violations of federal laws relating to data security. Federal agencies must prepare and make available to the public privacy impact assessments that describe the impact of certain proposed and final agency rules on the privacy of individuals. Agencies may waive or delay certain privacy impact assessment requirements for emergencies and national security reasons. Federal agencies must: (1) periodically review promulgated rules that have a significant privacy impact on individuals or a privacy impact on a substantial number of individuals, and (2) consider whether each such rule can be amended or rescinded in a manner that minimizes any such impact while remaining in accordance with applicable statutes. The bill provides access to judicial review to individuals adversely affected or aggrieved by final agency action on any such rule.

AI Summary

This bill, the Cyber Privacy Fortification Act of 2017, has several key provisions: 1. It creates a new federal crime for the intentional failure to provide required notices about security breaches involving sensitive personally identifiable information, such as Social Security numbers, financial account information, or biometric data. Violators can face fines or up to 5 years in prison. 2. It requires entities that experience a "major security breach" affecting at least 10,000 individuals, government databases, or government employees/contractors in national security or law enforcement to promptly notify the U.S. Secret Service or FBI. 3. It authorizes the Attorney General and state Attorneys General to bring civil actions and seek injunctions against businesses that violate federal data security laws. 4. It requires federal agencies to conduct privacy impact assessments when proposing new rules that involve the collection, use, or disclosure of personally identifiable information. Agencies must also periodically review existing rules to minimize privacy impacts. 5. It provides for judicial review of agency compliance with the privacy impact assessment requirements, allowing individuals adversely affected to challenge agency actions. The overall goal of the bill is to enhance data privacy protections and enforcement, both through criminal penalties for security breach notification failures and new requirements for federal agencies to assess and minimize the privacy implications of their rules and regulations.

Committee Categories

Justice, Military Affairs and Security

Sponsors (2)

Last Action

Referred to the Subcommittee on Regulatory Reform, Commercial And Antitrust Law. (on 01/12/2017)

bill text

bill summary

Loading...

bill summary

Loading...
Loading...