Data Breach Notification and Punishing Cyber Criminals Act of 2015

[AI summary unavailable — showing source text] Data Breach Notification and Punishing Cyber Criminals Act of 2015 Requires certain commercial entities that acquire, maintain, store, or utilize individuals' nonpublic personal information to protect and secure any such data that is held unencrypted in electronic form. Directs entities that own or license such data, following discovery of a security breach, to notify each individual U.S. citizen or resident: (1) whose personal information is reasonably believed to have been accessed and acquired by an unauthorized person; or (2) who may be at risk of identity theft, fraud, actual financial harm, or other unlawful conduct. Requires the Department of Homeland Security (DHS) to designate a federal entity to receive information from commercial entities regarding breaches, incidents, threats, and vulnerabilities. Requires the DHS-designated entity to provide such information to: (1) the U.S. Secret Service and the Federal Bureau of Investigation; (2) the Federal Trade Commission (FTC) for civil law enforcement purposes; and (3) other federal agencies for law enforcement, national security, or data security purposes. Directs entities to notify the DHS-designated entity if a breach invol…