Page:United States Statutes at Large Volume 120.djvu/3489

 120 STAT. 3458

PUBLIC LAW 109–461—DEC. 22, 2006 ‘‘(4) DATA BREACH.—The term ‘data breach’ means the loss, theft, or other unauthorized access, other than those incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. ‘‘(5) DATA BREACH ANALYSIS.—The term ‘data breach analysis’ means the process used to determine if a data breach has resulted in the misuse of sensitive personal information. ‘‘(6) FRAUD RESOLUTION SYSTEMS.—The term ‘fraud resolution services’ means services to assist an individual in the process of recovering and rehabilitating the credit of the individual after the individual experiences identity theft. ‘‘(7) IDENTITY THEFT.—The term ‘identity theft’ has the meaning given such term under section 603 of the Fair Credit Reporting Act (15 U.S.C. 1681a). ‘‘(8) IDENTITY THEFT INSURANCE.—The term ‘identity theft insurance’ means any insurance policy that pays benefits for costs, including travel costs, notary fees, and postage costs, lost wages, and legal fees and expenses associated with efforts to correct and ameliorate the effects and results of identity theft of the insured individual. ‘‘(9) INFORMATION OWNER.—The term ‘information owner’ means an agency official with statutory or operational authority for specified information and responsibility for establishing the criteria for its creation, collection, processing, dissemination, or disposal, which responsibilities may extend to interconnected systems or groups of interconnected systems. ‘‘(10) INFORMATION RESOURCES.—The term ‘information resources’ means information in any medium or form and its related resources, such as personnel, equipment, funds, and information technology. ‘‘(11) INFORMATION SECURITY.—The term ‘information security’ means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability. ‘‘(12) INFORMATION SECURITY REQUIREMENTS.—The term ‘information security requirements’ means information security requirements promulgated in accordance with law, or directed by the Secretary of Commerce, the National Institute of Standards and Technology, and the Office of Management and Budget, and, as to national security systems, the President. ‘‘(13) INFORMATION SYSTEM.—The term ‘information system’ means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information, whether automated or manual. ‘‘(14) INTEGRITY.—The term ‘integrity’ means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. ‘‘(15) NATIONAL SECURITY SYSTEM.—The term ‘national security system’ means an information system that is protected at all times by policies and procedures established for the processing, maintenance, use, sharing, dissemination or disposition of information that has been specifically authorized under

VerDate 14-DEC-2004

12:05 Jul 13, 2007

Jkt 059194

PO 00003

Frm 00261

Fmt 6580

Sfmt 6581

E:\PUBLAW\PUBL003.109

APPS06

PsN: PUBL003

�