Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 113th Congress · S. 1995 (Introduced in Senate) — To protect consumers by mitigating the vulnerability of personally identifiable information to theft through a securi... · Sec. 301

Sec. 301. General services administration review of contracts

394 words·~2 min read·/bill/113/s/1995/is/section-301·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In considering contract awards totaling more than $500,000 and entered into after the date of enactment of this Act with data brokers, the Administrator of the General Services Administration shall evaluate— the data privacy and security program of a data broker to ensure the privacy and security of data containing sensitive personally identifiable information, including whether such program adequately addresses privacy and security threats created by malicious software or code, or the use of peer-to-peer file sharing software; the compliance of a data broker with such program; the extent to which the databases and systems containing sensitive personally identifiable information of a data broker have been compromised by security breaches; and the response by a data broker to such breaches, including the efforts by such data broker to mitigate the impact of such security breaches.
The data privacy and security program of a data broker shall be deemed sufficient for the purposes of subsection (a), if the data broker complies with or provides protection equal to industry standards, as identified by the Federal Trade Commission, that are applicable to the type of sensitive personally identifiable information involved in the ordinary course of business of such data broker. In awarding contracts with data brokers for products or services related to access, use, compilation, distribution, processing, analyzing, or evaluating sensitive personally identifiable information, the Administrator of the General Services Administration shall— include monetary or other penalties— for failure to comply with subtitles A and B of title II; or if a contractor knows or has reason to know that the sensitive personally identifiable information being provided is inaccurate, and provides such inaccurate information; and require a data broker that engages service providers not subject to subtitle A of title II for responsibilities related to sensitive personally identifiable information to— exercise appropriate due diligence in selecting those service providers for responsibilities related to sensitive personally identifiable information; take reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the security, privacy, and integrity of the sensitive personally identifiable information at issue; and require such service providers, by contract, to implement and maintain appropriate measures designed to meet the objectives and requirements in title II.
The penalties under subsection
(c)shall not apply to a data broker providing information that is accurately and completely recorded from a public record source or licensor.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.