Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 115th Congress · S. 2124 (Introduced in Senate) — To ensure the privacy and security of sensitive personal information, to prevent and mitigate identity theft, to prov... · Sec. 201

Sec. 201. Purpose and applicability of consumer privacy and data security program

324 words·~1 min read·/bill/115/s/2124/is/section-201

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The purpose of this subtitle is to ensure standards for developing and implementing administrative, technical, and physical safeguards to protect the security of sensitive personally identifiable information. A covered entity engaging in interstate commerce that collects, uses, accesses, transmits, stores, or disposes of sensitive personally identifiable information in electronic or digital form of not less than 10,000 United States persons during any 12-month period is subject to the requirements for a consumer privacy and data security program for protecting sensitive personally identifiable information.
Notwithstanding any other obligation under this subtitle, this subtitle does not apply to the following: Financial institutions— subject to and in compliance with the data security requirements and standards under section 501(b) of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801(b) ); and subject to the jurisdiction of an agency or authority described in section 505(a) of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6805(a) ). An entity that is subject to and in compliance with the data security requirements of the following, with respect to data that is subject to such requirements:
Section 13401 of the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17931 ). Part 160 or 164 of title 45, Code of Federal Regulations (or any successor regulations). The regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 ( 42 U.S.C. 1320d–2 note). In the case of a business associate, as defined in section 13400 of the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17921 ), the applicable privacy and data security requirements of part 1 of subtitle D of title XIII of division A of the American Reinvestment and Recovery Act of 2009 ( 42 U.S.C. 17931 et seq.).
A service provider for any electronic communication by a third party, to the extent that the service provider is engaged solely in the transmission, routing, or temporary, intermediate, or transient storage of that communication.
Connectionstraces to 4
1 reference not yet in our index
  • 42 USC 1320d–2
Citation graph
cites case law
Sec. 201
Purpose and applicability of consumer privacy and data security program
U.S.C.§ 6801
U.S.C.§ 6805
U.S.C.§ 17931
U.S.C.§ 17921
Cite42 USC 1320d–2
Cites 5Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.