§ 5725. Contracts for data processing or maintenance
218 words·~1 min read·
/usc/title-38/section-5725A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
(a)Contract Requirements.— If the Secretary enters into a contract for the performance of any Department function that requires access to sensitive personal information, the Secretary shall require as a condition of the contract that—
(1)the contractor shall not, directly or through an affiliate of the contractor, disclose such information to any other person unless the disclosure is lawful and is expressly permitted under the contract;
(2)the contractor, or any subcontractor for a subcontract of the contract, shall promptly notify the Secretary of any data breach that occurs with respect to such information.
(b)Liquidated Damages.— Each contract subject to the requirements of subsection
(a)shall provide for liquidated damages to be paid by the contractor to the Secretary in the event of a data breach with respect to any sensitive personal information processed or maintained by the contractor or any subcontractor under that contract.
(c)Provision of Credit Protection Services.— Any amount collected by the Secretary under subsection
(b)shall be deposited in or credited to the Department account from which the contractor was paid and shall remain available for obligation without fiscal year limitation exclusively for the purpose of providing credit protection services pursuant to section 5724(b) of this title.
(Added Pub. L. 109–461, title IX, § 902(a), Dec. 22, 2006, 120 Stat. 3456.)
Connections12 cite this · traces to 1
Cited by 12 sections · top 3
Traces to 1 document
2 references not yet in our index
- Pub. L. 109–461, title IX, § 902(a)
- 120 Stat. 3456
Citation graph
cites case law
§ 5725
Contracts for data processing or maintenance
Fed. Reg.×12
Pub. L.Pub. L. 109–461, title IX, § 902(a)
Stat.120 Stat. 3456
Cites 3Cited by 12 across 1 source