S 1350 IS, the Notification of Risk to Personal Data Act.
Date Introduced: June 26, 2003.
Sponsor: Sen. Dianne Feinstein (D-CA).
Source: Congressional Record, June 26, 2003, at pages S8739-40.
 

S. 1350

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Notification of Risk to Personal Data Act''.

SEC. 2. DEFINITIONS.

In this Act, the following definitions shall apply:

SEC. 3. DATABASE SECURITY.

(a) DISCLOSURE OF SECURITY BREACH.--

(b) CIVIL REMEDIES.--

(c) ENFORCEMENT.--The Federal Trade Commission is authorized to enforce compliance with this section, including the assessment of fines under subsection (b)(1).

SEC. 4. ENFORCEMENT BY STATE ATTORNEYS GENERAL.

(a) IN GENERAL.--

(b) CONSTRUCTION.--For purposes of bringing any civil action under subsection (a), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on such attorney general by the laws of that State to--

(c) VENUE; SERVICE OF PROCESS.--

SEC. 5. EFFECT ON STATE LAW.

The provisions of this Act shall supersede any inconsistent provisions of law of any State or unit of local government relating to the notification of any resident of the United States of any breach of security of an electronic database containing such resident's personal information (as defined in this Act), except as provided under sections 1798.82 and 1798.29 of the California Civil Code.

SEC. 6. EFFECTIVE DATE.

This Act shall take effect on the expiration of the date which is 6 months after the date of enactment of this Act.