(a) Contract Requirements.— If the Secretary enters into a contract for the performance of any Department function that requires access to sensitive personal information, the Secretary shall require as a condition of the contract that—
(1)the contractor shall not, directly or through an affiliate of the contractor, disclose such information to any other person unless the disclosure is lawful and is expressly permitted under the contract;
(2)the contractor, or any subcontractor for a subcontract of the contract, shall promptly notify the Secretary of any data breach that occurs with respect to such information.
(b) Liquidated Damages.— Each contract subject to the requirements of subsection (a) shall provide for liquidated damages to be paid by the contractor to the Secretary in the event of a data breach with respect to any sensitive personal information processed or maintained by the contractor or any subcontractor under that contract.
(c) Provision of Credit Protection Services.— Any amount collected by the Secretary under subsection (b) shall be deposited in or credited to the Department account from which the contractor was paid and shall remain available for obligation without fiscal year limitation exclusively for the purpose of providing credit protection services pursuant to section
5724(b) of this title.
The table below lists the classification updates, since Jan. 3, 2012, for this section. Updates to a broader range of sections may be found at the update page for containing chapter, title, etc.
The most recent Classification Table update that we have noticed was Tuesday, August 13, 2013
An empty table indicates that we see no relevant changes listed in the classification tables. If you suspect that our system may be missing something, please double-check with the Office of the Law Revision Counsel.
Description of Change
Statutes at Large
LII has no control over and does not endorse any external Internet site that contains links to or references LII.