Incidents that may have been exempt from H.R. 2221 were it law during the incident

[David Shettler <dave () opensecurityfoundation org>]

http://datalossdb.org/index/not_covered_by_hr2221

The incidents on the above linked page would not have fallen under the
jurisdiction of the FTC were H.R. 2221 law and in effect at the time
of these breaches. You can read more about our analysis of H.R. 2221
here, but to summarize:

The FTC would not have jurisdiction over:

    * Banks
    * Savings and Loan
    * Thrifts
    * The Insurance Industry
    * Non-Profits (including Education)

...and possibly more. These groups represent a significant percentage
of the DataLossDB database.

NOTE: These results are imperfect.  Some companies are large and have
many subsidiaries in differing industries making it difficult to
isolate via a simple search query, but for the most part, this should
be an interesting reflection of what the bill might miss.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php