(a)
(2) Each report submitted under paragraph (1) shall identify, for each data breach covered by the report—
(A) the Administration and facility of the Department responsible for processing or maintaining the sensitive personal information involved in the data breach; and
(B) the status of any remedial or corrective action with respect to the data breach.
(b)
(2) In the event of a data breach with respect to sensitive personal information processed or maintained by the Secretary that is the sensitive personal information of a member of the Army, Navy, Air Force, or Marine Corps or a civilian officer or employee of the Department of Defense that the Secretary determines is significant under paragraph (1), the Secretary shall provide the notice required under paragraph (1) to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives in addition to the Committees on Veterans' Affairs of the Senate and House of Representatives.
(3) Notice under paragraphs (1) and (2) shall be provided promptly following the discovery of such a data breach and the implementation of any measures necessary to determine the scope of the breach, prevent any further breach or unauthorized disclosures, and reasonably restore the integrity of the data system.
(Added Pub. L. 109–461, title IX, §902(a), Dec. 22, 2006, 120 Stat. 3457.)
Sections: Previous 5712 5713 5721 5722 5723 5724 5725 5726 5727 5728 5901 5902 5903 5904 5905 Next
Last modified: October 26, 2015