Data Security and Breach Notification Act of 2013

[AI summary unavailable — showing source text] Data Security and Breach Notification Act of 2013 - Requires commercial entities that acquire, maintain, store, or utilize personal information (covered entities) to take reasonable measures to protect and secure data in electronic form containing personal information. Directs a covered entity that owns or licenses such data to give notice of any breach of security that the entity reasonably believes has caused or will cause identity theft or other actual financial harm to each individual: (1) who is a U.S. citizen or resident; and (2) whose personal information was, or that the covered entity reasonably believes has been, accessed and acquired by an unauthorized person. Requires a covered entity to notify the Secret Service or the Federal Bureau of Investigation (FBI) of a security breach of personal information involving more than 10,000 individuals. Requires a third-party entity contracted to maintain, store, or process data containing personal information to notify the covered entity of a breach of security of a system. Requires a service provider to notify the covered entity if it becomes aware of a breach of security involving personal information owned or possessed by a cove…