Personal Data Notification and Protection Act of 2015

[AI summary unavailable — showing source text] Personal Data Notification and Protection Act of 2015 Requires certain businesses that use, access, transmit, store, dispose of, or collect sensitive personally identifiable information about more than 10,000 individuals during any 12-month period to notify individuals whose information is believed to have been accessed or acquired through a discovered security breach. Directs businesses, within 30 days after discovery of a breach, to notify: (1) affected individuals by mail, telephone, or email; and (2) major media outlets if the number of affected residents of a state exceeds 5,000. Allows the Federal Trade Commission (FTC) to extend the notification period if a business seeks additional time. Requires the Department of Homeland Security (DHS) to designate a federal government entity to receive notices about security incidents, threats, and vulnerabilities. Directs businesses to notify the DHS-designated entity, and requires the DHS-designated entity to then notify the U.S. Secret Service, the Federal Bureau of Investigation (FBI), and the FTC, if a security breach affects: (1) more than 5,000 individuals, (2) a database that contains the sensitive information of more than 500,00…