Like Causes?

Install the App

house Bill H.R. 104

Should There Be Federal Penalties When Companies Don't Tell Customers About A Data Breach?

Argument in favor

Creating criminal charges for failing to notify customers of a data breach ensures that businesses are good custodians of customer data.

bart's Opinion
This is a no brainer. Bring this bill to the floor and pass it.
Like (28)
George's Opinion
All companies and or commercial entities that have and use my personal information should be held responsible for any damages due to misuse of this information, especially if they fail to secure it properly. For example encrypt data at rest.
Like (4)

Argument opposed

Customers whose data is breached can already sue the entity that let their information be compromised in civil court. This bill is redundant and unnecessary.

Hayden's Opinion
No criminal charges but there should be civil remedies.
Like (1)
Lance's Opinion
Companies already do an excellent job of informing customers of security breaches, such a law will only complicate things.
Like (1)

What is House Bill H.R. 104?

This bill establishes penalties for companies that don't give notice to their customers about security breaches that involve sensitive personally identifiable information. Under this legislation, people who own or possess such data would have a legal responsibility to report such a breach to the U.S. Secret Service or the Federal Bureau of Investigation (FBI).

Personally identifiable information includes names, addresses, phone numbers, credit card or bank account information, and social security numbers. Under this legislation, a "major security breach" is defined as breaches that involve: 

  • Personally identifiable information from more than 10,000 individuals; 
  • Information gleaned from databases owned by the federal government; 
  • The identification of federal employees 
  • Significant affects on national security or law enforcement.


People who offer their personal information to companies in the U.S., those who are in danger of, or have had their information breached, federal employees, the government, and it's secrets.

Cost of House Bill H.R. 104

A CBO cost estimate is unavailable.

More Information

Of Note:

After Target and Home Depot reported significant customer data breaches in 2014, President Obama has offered proposals similar to this legislation in order to protect customer’s private information.


Under H.R. 104, the Attorney General and any state Attorney General would be authorized to bring civil actions and obtain injunctive relief in the case of a customer data breach.

Federal agencies would be required to create and make publicly available privacy impact assessments that describe proposed rules that agencies plan to adopt to protect the privacy of individuals. H.R. 104 would allow federal agencies to waive or delay certain privacy impact assessment requirements for emergencies and for national security reasons.

Federal agencies would also be required to periodically review rules that have significant privacy impacts on a substantial number of individuals. Access to judicial review for individuals adversely affected by final agency actions would be provided for under this legislation.


Inside Privacy

Courthouse News Service

Los Angeles Times (Context)

(Photo Credit: Flickr user seanrcallagy)


Cyber Privacy Fortification Act of 2015

Official Title

To protect cyber privacy, and for other purposes.

bill Progress

  • Not enacted
    The President has not signed this bill
  • The senate has not voted
  • The house has not voted
      house Committees
      Committee on the Judiciary
      Crime, Terrorism and Homeland Security
    IntroducedJanuary 6th, 2015