Data Security and Breach Notification Act of 2011

[AI summary unavailable — showing source text] Data Security and Breach Notification Act of 2011 - Requires the Federal Trade Commission (FTC) to promulgate regulations requiring each covered entity (proprietorships, partnerships, estates, trusts, cooperatives, and nonprofit and for-profit corporations) that owns or possesses data containing personal information to implement policies and procedures regarding information security practices for the treatment and protection of such information. Sets forth additional requirements for information brokers, including requiring brokers to: (1) submit their security policies to the FTC with a notification of a security breach or upon FTC request; (2) establish procedures to assure the accuracy of the information they collect, assemble, or maintain that is personal information or that identifies an individual; (3) provide individuals access to their personal information for review; and (4) correct inaccurate information. Authorizes the FTC to conduct information security practices audits of brokers who have had a security breach or require such brokers to conduct independent audits. Directs the FTC to require information brokers to establish measures that facilitate the auditing or retra…