Sec. 221. Relation to other laws
236 words·~1 min read·
/bill/113/s/1995/is/section-221A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The provisions of this subtitle shall supersede any other provision of Federal law or any provision of law of any State relating to notification by a business entity engaged in interstate commerce or an agency of a security breach, except as provided in this subsection. Nothing in this subtitle shall be construed to exempt any entity from liability under common law, including through the operation of ordinary preemption principles, and including liability through State trespass, contract, or tort law, for damages caused by the failure to notify an individual following a security breach.
Nothing in this Act shall supersede the data security requirements of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq. ), or implementing regulations based on that Act. To the extent that a business entity acts as a covered entity or a business associate under the Health Information Technology for Economic and Clinical Health Act (42 U.S.C. 17932), and has the obligation to provide breach notification under that Act or its implementing regulations, the requirements of this Act shall not apply.
To the extent that a business entity acts as a vendor of personal health records, a third-party service provider, or other entity subject to the Health Information Technology for Economical and Clinical Health Act ( 42 U.S.C. 17937 ), and has the obligation to provide breach notification under that Act or its implementing regulations, the requirements of this Act shall not apply.
Connectionstraces to 3
Citation graph
cites case law
Cites 3Cited by 0 across 0 sources