This bill establishes penalties for companies that don't give notice to their customers about security breaches that involve sensitive personally identifiable information. Under this legislation, people who own or possess such data would have a legal responsibility to report such a breach to the U.S. Secret Service or the Federal Bureau of Investigation (FBI).
Personally identifiable information includes names, addresses, phone numbers, credit card or bank account information, and social security numbers. Under this legislation, a "major security breach" is defined as breaches that involve:
- Personally identifiable information from more than 10,000 individuals;
- Information gleaned from databases owned by the federal government;
- The identification of federal employees
- Significant affects on national security or law enforcement.