Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · S. 2968 (Introduced in Senate) — To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaning... · Sec. 107

Sec. 107. Right to data security

298 words·~1 min read·/bill/116/s/2968/is/section-107·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A covered entity shall establish, implement, and maintain reasonable data security practices to protect the confidentiality, integrity, and accessibility of covered data. Such data security practices shall be appropriate to the volume and nature of the covered data at issue. Data security practices required under subsection
(a)shall include, at a minimum, the following: Identifying and assessing any reasonably foreseeable risks to, and vulnerabilities in, each system maintained by the covered entity that processes or transfers covered data, including unauthorized access to or risks to covered data, human vulnerabilities, access rights, and use of service providers. Such activities shall include a plan to receive and respond to unsolicited reports of vulnerabilities by entities and individuals. Taking preventive and corrective action to mitigate any risks or vulnerabilities to covered data identified by the covered entity, which may include implementing administrative, technical, or physical safeguards or changes to data security practices or the architecture, installation, or implementation of network or operating software. Disposing covered data that is required to be deleted or is no longer necessary for the purpose for which the data was collected unless an individual has provided affirmative express consent to such retention. Such process shall include destroying, permanently erasing, or otherwise modifying the covered data to make such data permanently unreadable or indecipherable and unrecoverable and data hygiene practices to ensure ongoing compliance with this subsection. Training all employees with access to covered data on how to safeguard covered data and protect individual privacy and updating that training as necessary. Not later than 1 year after the date of enactment of this Act, the Commission, in conjunction with the National Institute of Standards and Technology, shall publish guidance for covered entities on how to provide effective data security and privacy training as described in subsection (b)(4).
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.