Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · S. 4626 (Introduced in Senate) — To establish data privacy and data security protections for consumers in the United States. · Sec. 204

Sec. 204. Protection of covered data

355 words·~2 min read·/bill/116/s/4626/is/section-204

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A covered entity shall establish, implement, and maintain reasonable administrative, technical, and physical data security policies and practices to protect against risks to the confidentiality, security, and integrity of covered data. The data security policies and practices required under subsection
(a)shall be— appropriate to the size and complexity of the covered entity, the nature and scope of the covered entity’s collection or processing of covered data, the volume and nature of the covered data at issue, and the cost of available tools to improve security and reduce vulnerabilities; and designed to— identify and assess vulnerabilities to covered data; take reasonable preventative and corrective action to address known vulnerabilities to covered data; and detect, respond to, and recover from cybersecurity incidents related to covered data. The Commission may, pursuant to a proceeding in accordance with section 553 of title 5, United States Code, issue regulations to identify processes for receiving and assessing information regarding vul­ner­a­bil­i­ties to covered data that are reported to the covered entity. In promulgating regulations under this paragraph, the Commission shall consult with, and take into consideration guidance from, the National Institute for Standards and Technology Not later than 1 year after the date of enactment of this Act, the Commission shall issue guidance to covered entities on how to— identify and assess vulnerabilities to covered data, including— the potential for unauthorized access to covered data; vulnerabilities in the covered entity’s collection or processing of covered data; the management of access rights; and the use of service providers to process covered data; take reasonable preventative and corrective action to address vulnerabilities to covered data; and detect, respond to, and recover from cybersecurity incidents and events. A covered entity that is required to comply with title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq.) or the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17931 et seq.), and is in compliance with the information security requirements of such Act, shall be deemed to be in compliance with the requirements of this section with respect to covered data that is subject to the requirements of such Act.
Connectionstraces to 2
Citation graph
cites case law
Sec. 204
Protection of covered data
U.S.C.§ 6801
U.S.C.§ 17931
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.