Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 8014 (Introduced in House) — To provide for individual rights relating to privacy of personal information, to establish privacy and security requi... · Sec. 213

Sec. 213. Notification of data breach or data-sharing abuse

481 words·~2 min read·/bill/119/hr/8014/ih/section-213·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In the case of a data breach or data-sharing abuse with respect to personal information maintained by a covered entity, such covered entity shall, without undue delay and, if feasible, not later than 72 hours after becoming aware of such data breach or data-sharing abuse, notify the Director of such data breach or data-sharing abuse, unless such data breach or data-sharing abuse is unlikely to create or increase foreseeable privacy harms. If the notification required by paragraph
(1)is made more than 72 hours after the covered entity becomes aware of the data breach or data-sharing abuse, such notification shall be accompanied by a statement of the reasons for the delay. In the case of a data breach or data-sharing abuse with respect to personal information maintained by a covered entity that such covered entity obtained from another covered entity, the covered entity experiencing such data breach or data-sharing abuse shall, without undue delay and, if feasible, not later than 72 hours after becoming aware of such data breach or data-sharing abuse, notify such other covered entity of such data breach or data-sharing abuse, unless such data breach or data-sharing abuse is unlikely to create or increase foreseeable privacy harms. A covered entity receiving notice under this subsection of a data breach or data-sharing abuse shall notify any other covered entity from which the covered entity receiving notice obtained personal information involved in such data breach or data-sharing abuse, in the same manner as required under the preceding sentence for the covered entity experiencing such data breach or data-sharing abuse. In the case of a data breach or data-sharing abuse with respect to personal information maintained by a covered entity (or a data breach or data-sharing abuse about which a covered entity is notified under subsection (b)), if such covered entity has a relationship with an individual whose personal information was involved or potentially involved in such data breach or data-sharing abuse, such covered entity shall notify such individual of such data breach or data-sharing abuse not later than 14 days after becoming aware of such data breach or data-sharing abuse (or, in the case of a data breach or data-sharing abuse about which a covered entity is notified under subsection (b), not later than 14 days after being so notified), if such data breach or data-sharing abuse creates or increases foreseeable privacy harms. A covered entity shall notify an individual as required by paragraph
(1)through— the same medium through which such individual routinely interacts with such covered entity; and one additional medium of notification, if such covered entity has the personal information necessary to make a notification through such an additional medium without causing excessive financial burden for such covered entity. This section shall not apply to a covered entity if a person uses personal information obtained from a data breach or data-sharing abuse not involving such covered entity.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.