Data Security Act of 2015

[AI summary unavailable — showing source text] Data Security Act of 2015 Requires individuals, corporations, or other non-government entities that access, maintain, communicate, or handle sensitive financial account information or nonpublic personal information to implement an information security program and to notify consumers, federal law enforcement, appropriate administrative agencies, payment card networks, and consumer reporting agencies of certain data breaches of unencrypted sensitive information likely to cause identity theft or fraudulent transactions on consumer financial accounts. Directs entities to require their third-party service providers by contract to implement appropriate safeguards for sensitive information. Allows an entity to delay notifications upon the request of a law enforcement agency. Provides special notification procedures for: (1) third-party service providers that maintain data in electronic form on behalf of another entity, and (2) certain electronic data carriers. Allows financial institutions to communicate with account holders regarding breaches at third-party entities with access to their account information. Sets forth alternative compliance procedures for: (1) financial institutions and …