11:12 pm - S.1789 Personal Data Privacy and Security Act of 2005
(Introduced in Senate)
Title: A bill to prevent and mitigate identity theft, to ensure
privacy, to provide notice of security breaches, and to enhance criminal
penalties, law enforcement assistance, and other protections against security
breaches, fraudulent access, and misuse of personally identifiable information.
Related Bills: S.1332
Latest Major Action: 11/17/2005
Placed on Senate Legislative Calendar under General Orders. Calendar No. 297.
SUMMARY AS OF:
9/29/2005--Introduced.
Personal Data Privacy and Security Act of 2005 - Amends the federal criminal
code to prohibit: (1) intentionally accessing a computer without authorization
and obtaining data broker information; (2) concealing security breaches
involving sensitive personally identifiable information; and (3) unlawfully
accessing another person's means of identification during a felony involving
computers. Amends the Racketeer Influenced and Corrupt Organizations Act to
cover fraud in connection with such unauthorized access. Directs the U.S.
Sentencing Commission to amend the sentencing guidelines regarding identity
theft.
Requires a data broker to: (1) disclose to an individual, upon request,
personal electronic records pertaining to such individual maintained for
disclosure to third parties; and (2) publish on its website its procedures for
responding to claims of inaccuracies.
Establishes safeguards to protect the privacy and security of personal
information applicable to certain business entities, which shall notify
specified parties of security breaches.
Requires the Administrator of the General Services Administration (GSA), in
considering contract awards totaling more than $500,000, to evaluate: (1) the
data privacy and security program of a data broker; (2) program compliance; (3)
the extent to which databases and systems have been compromised by security
breaches; and (4) data broker responses to such breaches.
Directs: (1) the Secret Service to report to Congress on security breaches;
and (2) the Comptroller General to conduct a study and audit of, and report on,
federal agency use of data brokers or commercial databases containing personally
identifiable information.
Sets remedies for violations of this Act.
11:09 pm - H.R.3997 Financial Data Protection Act of 2005
(Introduced in House)
Title: To amend the Fair Credit Reporting Act to provide for secure
financial data, and for other purposes.
Related Bills: S.2169
Latest Major Action: 3/16/2006 House committee/subcommittee actions.
Status: Ordered to be Reported (Amended) by Voice Vote.
SUMMARY AS OF: 10/6/2005--Introduced.
Financial Data Protection Act of 2005 - Amends the Fair Credit Reporting Act
to prescribe safeguards for data security.
Declares that each consumer reporter shall have an affirmative obligation to
implement policies and procedures to protect the security and confidentiality of
any consumer's sensitive financial personal information maintained, serviced, or
communicated by or on the reporter's behalf against any unauthorized use
reasonably likely to result in substantial harm or inconvenience to the
consumer.
Defines "consumer reporter" as any consumer reporting agency, financial
institution, or person: (1) which, for monetary fees, dues, on a cooperative
nonprofit basis, or otherwise regularly engages in the practice of assembling or
evaluating consumer information for the purpose of furnishing consumer reports
to third parties, of providing or collecting payment for or marketing products
and services, or for employment purposes; and (2) which uses any means or
facility of interstate commerce for such purposes.
Prescribes implementation guidelines that include: (1) investigation
requirements; (2) investigation notices and system restoration requirements; (3)
third party duties; (4) consumer notice; (5) financial fraud mitigation; and (6)
free file monitoring.
Directs the Secretary of the Treasury, the Board of Governors of the Federal
Reserve System, and the Federal Trade Commission jointly to develop implementing
standards and guidelines.
11:07 pm - S.2169 Financial Data Protection Act of 2005
(Introduced in Senate)
Title: A bill to amend the Fair Credit Reporting Act to provide for
secure financial data, and for other purposes.
Related Bills:
H.R.3997
Latest Major Action: 12/21/2005 Referred to Senate committee.
Status: Read twice and referred to the Committee on Banking, Housing, and Urban
Affairs.
SUMMARY AS OF: 12/21/2005--Introduced.
Financial Data Protection Act of 2005 - Amends the Fair Credit Reporting Act
to prescribe safeguards for data security.
Declares that each consumer reporter shall have an affirmative obligation to
implement policies and procedures to protect the security and confidentiality of
any consumer's sensitive financial personal information maintained, serviced, or
communicated by or on the reporter's behalf against any unauthorized use
reasonably likely to result in substantial harm or inconvenience to the
consumer.
Defines "consumer reporter" as any consumer reporting agency, financial
institution, or person: (1) which, for monetary fees, dues, on a cooperative
nonprofit basis, or otherwise regularly engages in the practice of assembling or
evaluating consumer information for the purpose of furnishing consumer reports
to third parties, of providing or collecting payment for or marketing products
and services, or for employment purposes; and (2) which uses any means or
facility of interstate commerce for such purposes.
Prescribes implementation guidelines that include: (1) investigation
requirements; (2) investigation notices and system restoration requirements; (3)
third party duties; (4) consumer notice; (5) financial fraud mitigation; and (6)
free file monitoring.
Directs the Secretary of the Treasury, the Board of Governors of the Federal
Reserve System, and the Federal Trade Commission jointly to develop implementing
standards and guidelines.
11:05 pm - H.R.3140 Consumer Data Security and Notification Act of
2005 (Introduced in House)
Title: To expand the protections for sensitive personal information in
Federal law to cover the information collection and sharing practices of
unregulated information brokers, to enhance information security requirements
for consumer reporting agencies and information brokers, and to require consumer
reporting agencies, financial institutions, and other entities to notify
consumers of data security breaches involving sensitive consumer information,
and for other purposes.
Latest Major Action: 6/30/2005 Referred to
House committee. Status: Referred to the House Committee on Financial Services.
SUMMARY AS OF: 6/30/2005--Introduced.
Consumer Data Security and Notification Act of 2005 - Amends the Fair Credit
Reporting Act (FCRA) to cover communication of personally identifiable
information by certain unregulated information brokers who, for compensation,
regularly assemble or evaluate personally identifiable information for the
purpose of furnishing reports to third parties (thereby bringing them within the
scope of FCRA coverage).
Imposes an affirmative, continuing obligation upon each consumer reporting
agency to respect the privacy of consumers and to protect the security and
confidentiality of their nonpublic personal information.
Instructs the Federal Trade Commission to promulgate safeguards for the
protection of nonpublic consumer information.
Amends the Gramm-Leach-Bliley Act to direct federal oversight agencies to
include certain data security notification requirements within the regulations
governing financial institutions.
11:03 pm - S.1216 Financial Privacy Breach Notification Act of
2005 (Introduced in Senate)
Title: A bill to require financial institutions and financial service
providers to notify customers of the unauthorized use of personal financial
information, and for other purposes.
Latest Major Action: 6/9/2005
Referred to Senate committee. Status: Read twice and referred to the Committee
on Banking, Housing, and Urban Affairs.
SUMMARY AS OF: 6/9/2005--Introduced.
Financial Privacy Breach Notification Act of 2005 - Amends the
Gramm-Leach-Bliley Act to require a financial institution to promptly notify the
following entities whenever a breach of personal information has occurred at
such institution: (1) each customer affected by such breach; (2) certain
consumer reporting agencies; and (3) appropriate law enforcement agencies.
Requires any person that maintains personal information for or on behalf of a
financial institution to promptly notify the institution of any case in which
such customer information has been breached. Prescribes notification
procedures.
Authorizes a customer injured by a violation of this Act to institute a civil
action to recover damages.
Authorizes the Federal Trade Commission to enforce compliance with this Act,
including the assessment of fines for violations.
11:02 pm - S.1408 Identity Theft Protection Act (Introduced in
Senate)
Title: A bill to strengthen data protection and safeguards, require
data breach notification, and further prevent identity theft.
Latest
Major Action: 12/8/2005 Placed on Senate Legislative Calendar under General
Orders. Calendar No. 320.
SUMMARY AS OF: 7/14/2005--Introduced.
Identity Theft Protection Act - Requires: (1) a covered entity (i.e., any
commercial entity or charitable, educational, or nonprofit organization that
acquires, maintains, or utilizes sensitive personal information) to take
reasonable steps to protect against security breaches and to prevent
unauthorized access to sensitive personal information that the entity sells,
maintains, collects, or transfers; and (2) the Federal Trade Commission (FTC) to
promulgate regulations to implement that requirement.
Requires a covered entity, upon discovering a breach of security, to: (1)
report the breach to the FTC or other appropriate federal regulator and notify
all consumer reporting agencies specified in the Fair Credit Reporting Act if it
determines that the breach affects the sensitive personal information of 1,000
or more individuals; and (2) notify individuals if it determines that the breach
has resulted in, or poses a reasonable risk of, theft of their identity.
Authorizes a consumer to place a security freeze on his or her credit report
by making a request to a consumer credit reporting agency in writing or by
telephone, subject to specified requirements.
Directs that any violation of this Act be treated as an unfair or deceptive
act or practice proscribed under a rule issued pursuant to the Federal Trade
Commission Act. Sets civil penalties for violations.
Places specified limits on the use of, and access to, social security
numbers.
Directs the Chairman of the FTC to establish an Information Security Working
Group to develop best practices to protect sensitive personal information.
11:00 pm - H.R.4127 Data Accountability and Trust Act (DATA)
(Introduced in House)
Title: To protect consumers by requiring reasonable security
policies and procedures to protect computerized data containing personal
information, and to provide for nationwide notice in the event of a security
breach.
Latest Major Action: 11/3/2005 House committee/subcommittee
actions. Status: Forwarded by Subcommittee to Full Committee (Amended) by the
Yeas and Nays: 13 - 8.
SUMMARY AS OF: 10/25/2005--Introduced.
Data Accountability and Trust Act (DATA) - Instructs the Federal Trade
Commission ( FTC) to promulgate regulations that require each person engaged in
interstate commerce that owns or possesses data in electronic form containing
personal information to establish and implement policies and procedures
regarding information security practices for the treatment and protection of
personal information.
Sets forth special requirements for information brokers.
Prescribes notification procedures for breaches of information security.
Grants the FTC enforcement powers.
Preempts state information security laws.
10:58 pm - S.1594 Financial Privacy Protection Act of 2005
(Introduced in Senate)
Title: A bill to require financial services providers to maintain
customer information security systems and to notify customers of unauthorized
access to personal information, and for other purposes.
Latest Major
Action: 7/29/2005 Referred to Senate committee. Status: Read twice and
referred to the Committee on Banking, Housing, and Urban Affairs.
SUMMARY AS OF: 7/29/2005--Introduced.
Financial Privacy Protection Act of 2005 - Amends the Gramm-Leach-Bliley Act
to require each financial institution to develop and maintain a security system
designed to prevent any breach with respect to its customer information.
Prescribes guidelines for: (1) federal functional regulators to issue
regulations governing a customer information security system; and (2) financial
institutions to notify customers of unauthorized access to customer
information.
Provides for: (1) civil action for damages by a customer adversely affected
by a violation of this Act; (2) injunctions against a financial institution in
violation or potential violation of this Act; and (3) civil enforcement actions
by state Attorneys General.
Amends the Fair Credit Reporting Act to: (1) require a consumer reporting
agency to trigger a fraud alert in a consumer file upon notification by a
consumer of a data security breach or suspected breach under this Act; and (2)
prohibit the user of a consumer report to take any adverse action with respect
to a consumer based solely on the inclusion of a fraud alert, extended alert, or
active duty alert in the file of that consumer.
10:47 pm - H.R.1263 Consumer Privacy Protection Act of 2005
(Introduced in House)
To protect and enhance consumer privacy, and for
other purposes
Latest Major Action: 3/22/2005 Referred to House
subcommittee. Status: Referred to the Subcommittee on Commerce, Trade and
Consumer Protection.
SUMMARY AS OF:
3/10/2005--Introduced.
Consumer Privacy Protection Act of 2005 - Requires data collection
organizations, under specified conditions, to notify consumers: (1) at the time
of collection that their personally identifiable information may be used for an
unrelated transaction purpose; and (2) of any material change in the
organization's privacy policy statement immediately after each change.
Requires such organizations to establish a privacy policy with respect to the
collection, sale, disclosure for consideration, or use of the consumer's
information.
Requires an organization to provide consumers, without charge, the
opportunity to preclude the sale or disclosure of their information to any
organization that is not an information-sharing partner. Prescribes requirements
for opportunities an organization may give consumers to limit other information
practices of the organization.
Directs an organization to prepare and implement an information security
policy that prevents the unauthorized disclosure or release of a consumer's
information.
Requires the Federal Trade Commission (FTC) to presume that an organization
is in compliance with this Act if it participates in an approved five-year
self-regulatory program. Prescribes requirements for a self-regulatory consumer
dispute resolution process.
Directs the FTC to: (1) facilitate electronic and promote the use of common
identity theft affidavits; (2) require the timely resolution of identity theft
disputes; (3) utilize the Identity Theft Clearinghouse to transmit information
to appropriate entities for protective action and to mitigate losses; and (4)
provide change of address protection for consumers.
Requires: (1) the Comptroller General to analyze the impact on U.S.
interstate and foreign commerce of information privacy laws, regulations, or
agreements enacted, promulgated, or adopted by other nations, and whether the
enforcement mechanisms or procedures of them result in discriminatory treatment
of U.S. entities; and (2) the Secretary of Commerce, based on such results, to
take steps to mitigate against such discriminatory impact.
Directs the Secretary to seek harmonization of this Act with other
international privacy laws, regulations, and agreements for the advancement of
transnational and electronic commerce.
The practical effect of this state law may be limited by the federal government's
