Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 113th Congress · S. 1995 (Introduced in Senate) — To protect consumers by mitigating the vulnerability of personally identifiable information to theft through a securi... · Sec. 220

Sec. 220. Supplemental enforcement by individuals

375 words·~2 min read·/bill/113/s/1995/is/section-220

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Any person aggrieved by a violation of the provisions of section 211, 213, 214, 215, or 216 by a business entity may bring a civil action in a court of appropriate jurisdiction to recover for personal injuries sustained as a result of the violation. As provided in subsection (c), an individual may commence a civil action on his own behalf against any business entity who is alleged to have violated the provisions of this subtitle. Any individual harmed by a failure of a business entity to comply with the provisions of section 211, 213, 214, 215, or 216 shall be able to collect damages of not more than $500 per day per individual whose sensitive personally identifiable information was, or is reasonably believed to have been, accessed or acquired by an unauthorized person, up to a maximum of $20,000,000 per violation.
A business entity may be liable for punitive damages if the business entity— intentionally or willfully violates the provisions of section 211, 213, 214, 215, or 216; or failed to comply with the requirements of subsections
(a)through
(d)of section 202. A business entity that violates the provisions of section 211, 213, 214, 215, or 216 may be enjoined to provide required remedies under section 215 by a court of competent jurisdiction. The rights and remedies available under this subsection are cumulative and shall not affect any other rights and remedies available under law. The rights and remedies provided for in this section may not be waived by any agreement, policy form, or condition of employment including by a predispute arbitration agreement. No predispute arbitration agreement shall be valid or enforceable, if the agreement requires arbitration of a dispute arising under this section. In determining the amount of a civil penalty under this subsection, the court shall take into account— the degree of culpability of the business entity; any prior violations of this subtitle by the business entity; the ability of the business entity to pay a civil penalty; the effect on the ability of the business entity to continue to do business; the number of individuals whose sensitive personally identifiable information was compromised by the breach; the relative cost of compliance with this subtitle; and such other matters as justice may require.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.