Sec. 1636. Procedures and reporting requirement on cybersecurity breaches and loss of personally identifiable information
189 words·~1 min read·
/bill/115/hr/5515/eh/section-1636·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In the event of a significant loss of personally identifiable information of civilian or uniformed members of the Armed Forces, the Secretary of Defense shall promptly submit to the congressional defense committees notice in writing of such loss. Such notice may be submitted in classified or unclassified formats. Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall establish and submit to the congressional defense committees procedures for complying with the requirements of subsection (a).
Such procedures shall be consistent with the national security of the United States, the protection of operational integrity, and the protection of personally identifiable information of civilian and uniformed members of the Armed Forces. In this section, the term significant loss of personally identifiable information means an intentional, accidental, or otherwise known disclosure of information that can be used to distinguish or trace an individual’s identity, such as the name, Social Security number, date and place of birth, biometric records, home or other phone numbers, or other demographic, personnel, medical, or financial information, involving 250 or more civilian or uniformed members of the Armed Forces.