Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 1494 (Introduced in Senate) — To protect the privacy of consumers. · Sec. 6

Sec. 6. Security

393 words·~2 min read·/bill/117/s/1494/is/section-6

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Each covered entity and service provider shall develop, document, implement, and maintain a comprehensive data security program that contains reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of personal data from unauthorized access, use, destruction, acquisition, modification, or disclosure. The safeguards required under subsection
(a)with respect to a covered entity or service provider shall be appropriate to— the size, complexity, and resources of the covered entity or service provider; the nature and scope of the activities of the covered entity or service provider; the technical feasibility and cost of available tools, external audits or assessments, and other measures used by the covered entity or service provider to improve security and reduce vulnerabilities; the sensitivity of the personal data involved; and the potential for unauthorized access, use, destruction, acquisition, modification, or disclosure of the personal data involved to result in economic loss, identity theft, fraud, or physical injury to the individuals to whom such data relates. A comprehensive data security program under this section shall be designed to, at a minimum— designate an employee or employees to be responsible for overseeing and maintaining its safeguards; identify material internal and external risks to the security and confidentiality of personal data and assess the sufficiency of any safeguards in place to control these risks, including consideration of risks in each relevant area of the operations of the covered entity or service provider, including— employee training and management; information systems, including network and software design, as well as information processing, storage, transmission, and disposal; detecting, preventing, and responding to attacks, intrusions, or other systems failures; and whether the covered entity or service provider has taken action to address and prevent reasonably known and addressable security vulnerabilities; implement safeguards designed to control the risks identified in the covered entity's or service provider's risk assessment, and regularly assess the effectiveness of those safeguards; maintain reasonable procedures to require that third parties and service providers to whom personal data is transferred by the covered entity or service provider involved maintain reasonable administrative, technical, and physical safeguards designed to protect the security and confidentiality of personal data; and evaluate and make reasonable adjustments to the safeguards in light of material changes in technology, internal or external threats to personal data, and the changing business arrangements or operations of the covered entity or service provider.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.