Sec. 201. Purpose and applicability of data privacy and security program
423 words·~2 min read·
/bill/113/s/1995/is/section-201A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The purpose of this subtitle is to ensure standards for developing and implementing administrative, technical, and physical safeguards to protect the security of sensitive personally identifiable information. A business entity engaging in interstate commerce that involves collecting, accessing, transmitting, using, storing, or disposing of sensitive personally identifiable information in electronic or digital form on 10,000 or more United States persons is subject to the requirements for a data privacy and security program under section 202 for protecting sensitive personally identifiable information.
Notwithstanding any other obligation under this subtitle, this subtitle does not apply to the following: A financial institution subject to the data security requirements and standards under 501(b) of the Gramm-Leach-Bliley Act (15 U.S.C. 6801(b)) and subject to the jurisdiction of an agency or authority described in section 505(a) of the Gramm-Leach-Bliley Act (15 U.S.C. 6805(a)), if the Federal functional regulator (as defined in section 509 of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6809 )) with jurisdiction over that financial institution has issued a regulation under title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq. ) that requires financial institutions within its jurisdiction to provide notification to individuals following a breach of security.
A business entity subject to the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1301 et seq.), including the data security requirements and implementing regulations of that Act. A business entity that— is acting as a business associate, as that term is defined under the Health Insurance Portability and Accountability Act of 1996 ( 42 U.S.C. 1301 et seq. ) and is in compliance with the requirements imposed under that Act and implementing regulations promulgated under that Act; and is subject to, and currently in compliance, with the privacy and data security requirements under sections 13401 and 13404 of division A of the American Reinvestment and Recovery Act of 2009 (42 U.S.C. 17931 and 17934) and implementing regulations promulgated under such sections.
A service provider for any electronic communication by a third party, to the extent that the service provider is exclusively engaged in the transmission, routing, or temporary, intermediate, or transient storage of that communication. Public records not otherwise subject to a confidentiality or nondisclosure requirement, or information obtained from a public record, including information obtained from a news report or periodical. Nothing in this subtitle shall be construed to modify, limit, or supersede the operation of the provisions of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq. ), or its implementing regulations, including such regulations adopted or enforced by the States.
Connectionstraces to 5
Citation graph
cites case law
Sec. 201
Purpose and applicability of data privacy and security program
Cites 5Cited by 0 across 0 sources