Notification of Risk to Personal Data Act

[AI summary unavailable — showing source text] Notification of Risk to Personal Data Act - Prescribes notification procedures governing any agency, or person engaged in interstate commerce, that owns or licenses electronic data containing personal information, following the discovery of a breach of security of the system containing such data. Amends the Gramm-Leach-Bliley Act to require a financial institution, at which a breach of personal information is reasonably believed to have occurred, to promptly notify: (1) each affected customer; (2) each pertinent consumer reporting agency; (3) the information clearinghouse established by the Federal Trade Commission (FTC) under this Act; and (4) appropriate law enforcement agencies in any case in which the financial institution has reason to believe that the breach or suspected breach affects a large number of customers. Requires any person that maintains personal information for or on behalf of a financial institution to notify promptly the financial institution of any case in which such customer information has been, or is reasonably believed to have been, breached. Amends the Fair Credit Reporting Act to require a consumer reporting agency to maintain a fraud alert file with resp…