Federal Information Security and Data Breach Notification Laws [January 29, 2009] [open pdf - 258KB]
From the Summary: "The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, and the Fair Credit Reporting Act. Also included in this report is a brief summary of the Payment Card Industry Data Security Standard (PCI DSS), an industry regulation developed by VISA, MasterCard, and other bank card distributors. Information security laws are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations where unauthorized persons have access or potential access to personally identifiable information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and include requirements for incident reporting and handling and external breach notification."
CRS Report for Congress, RL34120