Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 115th Congress · H.R. 6743 (Reported in House) — To amend the Gramm-Leach-Bliley Act to provide a national standard for financial institution data security and breach... · Sec. 2

Sec. 2. Breach notification standards

423 words·~2 min read·/bill/115/hr/6743/rh/section-2

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Section 501 of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 ) is amended— in subsection (b)(3) by striking the period at the end and inserting , including through the provision of a breach notice in the event of unauthorized access that is reasonably likely to result in identity theft, fraud, or economic loss. ; and by adding at the end the following: Subject to section 504(a)(2) and sections 505(b) and 505(c), within 6 months after the date of enactment of this subsection, each agency or authority required to establish standards described under subsection (b)(3) with respect to the provision of a breach notice shall ensure that such standards are in compliance with subsection (b).
Notwithstanding section 505(a)(6), with respect to an entity engaged in providing insurance, the standards under subsection
(b)shall be enforced— with respect to any such standards related to data security safeguards, by— the State insurance authority of the State in which the entity is domiciled; or in the case of an insurance agency or brokerage, the State insurance authority of the State in which such agency or brokerage has its principal place of business; and with respect to any such standards related to notification of the breach of data security, by the State insurance authority of any State in which customers of the entity are affected by such a breach of data security. Notwithstanding subsection (b), an assuming insurer that experiences a breach of data security shall only be required to notify the State insurance authority of the State in which the assuming insurer is domiciled. For purposes of this paragraph, the term assuming insurer means an entity engaged in providing insurance that acquires an insurance obligation or risk from another entity engaged in providing insurance pursuant to a reinsurance agreement. In carrying out subsection
(b)with respect to an entity engaged in providing insurance, a State insurance authority shall establish the standards for safeguarding customer information maintained by entities engaged in activities described in section 4(k)(4)(B) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(4)(k)(4)(B)) that are the same as the standards contained in the interagency guidelines issued by the Comptroller of the Currency, the Board of Governors of the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision titled Interagency Guidelines Establishing Standards for Safeguarding Customer Information , published February 1, 2001 (66 Fed. Reg. 8633), and such standards shall be applied as if the entity engaged in providing insurance was a bank to the extent appropriate and practicable. .
Connectionstraces to 2
1 reference not yet in our index
  • 66 FR 8633
Citation graph
cites case law
Sec. 2
Breach notification standards
U.S.C.§ 6801
U.S.C.§ 1843
Fed. Reg.66 FR 8633
Cites 3Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.