Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 113th Congress · S. 2519 (Engrossed in Senate) — To codify an existing operations center for cybersecurity. · Sec. 7

Sec. 7. Cyber incident response plan; clearances; breaches

635 words·~3 min read·/bill/113/s/2519/es/section-7

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Subtitle C of title II of the Homeland Security Act of 2002 ( 6 U.S.C. 141 et seq. ), as amended by section 3, is amended by adding at the end the following: The Under Secretary appointed under section 103(a)(1)(H) shall, in coordination with appropriate Federal departments and agencies, State and local governments, sector coordinating councils, information sharing and analysis organizations (as defined in section 212(5)), owners and operators of critical infrastructure, and other appropriate entities and individuals, develop, regularly update, maintain, and exercise adaptable cyber incident response plans to address cybersecurity risks (as defined in section 226) to critical infrastructure.
The Secretary shall make available the process of application for security clearances under Executive Order 13549 (75 Fed. Reg. 162; relating to a classified national security information program) or any successor Executive Order to appropriate representatives of sector coordinating councils, sector information sharing and analysis organizations (as defined in section 212(5)), owners and operators of critical infrastructure, and any other person that the Secretary determines appropriate. .
The Director of the Office of Management and Budget shall ensure that data breach notification policies and guidelines are updated periodically and require— except as provided in paragraph (4), notice by the affected agency to each committee of Congress described in section 3544(c)(1) of title 44, United States Code, the Committee on the Judiciary of the Senate, and the Committee on Homeland Security and the Committee on the Judiciary of the House of Representatives, which shall— be provided expeditiously and not later than 30 days after the date on which the agency discovered the unauthorized acquisition or access; and include— information about the breach, including a summary of any information that the agency knows on the date on which notification is provided about how the breach occurred; an estimate of the number of individuals affected by the breach, based on information that the agency knows on the date on which notification is provided, including an assessment of the risk of harm to affected individuals; a description of any circumstances necessitating a delay in providing notice to affected individuals; and an estimate of whether and when the agency will provide notice to affected individuals; and notice by the affected agency to affected individuals, pursuant to data breach notification policies and guidelines, which shall be provided as expeditiously as practicable and without unreasonable delay after the agency discovers the unauthorized acquisition or access.
The Attorney General, the head of an element of the intelligence community (as such term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)), or the Secretary may delay the notice to affected individuals under paragraph (1)(B) if the notice would disrupt a law enforcement investigation, endanger national security, or hamper security remediation actions. During the first 2 years beginning after the date of enactment of this Act, the Director of the Office of Management and Budget shall, on an annual basis— assess agency implementation of data breach notification policies and guidelines in aggregate; and include the assessment described in clause
(i)in the report required under section 3543(a)(8) of title 44, United States Code. Any element of the intelligence community (as such term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)) that is required to provide notice under paragraph (1)(A) shall only provide such notice to appropriate committees of Congress. Nothing in the amendment made by subsection
(a)or in subsection (b)(1) shall be construed to alter any authority of a Federal agency or department. The table of contents in section 1(b) of the Homeland Security Act of 2002 ( 6 U.S.C. 101 note), as amended by section 3, is amended by inserting after the item relating to section 226 the following: Sec. 227. Cyber incident response plan. Sec. 228. Clearances. .
Connectionstraces to 4
1 reference not yet in our index
  • 75 FR 162
Citation graph
cites case law
Sec. 7
Cyber incident response plan; clearances; breaches
U.S.C.§ 141
Fed. Reg.Presidential Documents
U.S.C.§ 3003
U.S.C.§ 101
Fed. Reg.75 FR 162
Cites 5Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.