S AMDT 1490

You haven’t voted yet. Abstain
 
S.1348 A bill to provide for comprehensive immigration reform and for other purposes.
Sponsor: John Ensign (R) NV
 
Status: Active
0 votes
 
 
 
    Be The First To Vote
 
yes
0 votes
 
 
 
 
Details
 
Take Action:
 
 
 
email congress
 
 
link
 
 
Summary:
Summary not available.
 
Text of Legislation:

S 1490 IS

111th CONGRESS

1st Session

S. 1490

To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

IN THE SENATE OF THE UNITED STATES

July 22, 2009

Mr. LEAHY introduced the following bill; which was read twice and referred to the Committee on the Judiciary

A BILL

To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

    Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title- This Act may be cited as the ‘Personal Data Privacy and Security Act of 2009’.

    (b) Table of Contents- The table of contents of this Act is as follows:

      Sec. 1. Short title; table of contents.

      Sec. 2. Findings.

      Sec. 3. Definitions.

TITLE I--ENHANCING PUNISHMENT FOR IDENTITY THEFT AND OTHER VIOLATIONS OF DATA PRIVACY AND SECURITY

      Sec. 101. Organized criminal activity in connection with unauthorized access to personally identifiable information.

      Sec. 102. Concealment of security breaches involving sensitive personally identifiable information.

      Sec. 103. Review and amendment of Federal sentencing guidelines related to fraudulent access to or misuse of digitized or electronic personally identifiable information.

      Sec. 104. Effects of identity theft on bankruptcy proceedings.

TITLE II--DATA BROKERS

      Sec. 201. Transparency and accuracy of data collection.

      Sec. 202. Enforcement.

      Sec. 203. Relation to State laws.

      Sec. 204. Effective date.

TITLE III--PRIVACY AND SECURITY OF PERSONALLY IDENTIFIABLE INFORMATION

Subtitle A--A Data Privacy and Security Program

      Sec. 301. Purpose and applicability of data privacy and security program.

      Sec. 302. Requirements for a personal data privacy and security program.

      Sec. 303. Enforcement.

      Sec. 304. Relation to other laws.

Subtitle B--Security Breach Notification

      Sec. 311. Notice to individuals.

      Sec. 312. Exemptions.

      Sec. 313. Methods of notice.

      Sec. 314. Content of notification.

      Sec. 315. Coordination of notification with credit reporting agencies.

      Sec. 316. Notice to law enforcement.

      Sec. 317. Enforcement.

      Sec. 318. Enforcement by State attorneys general.

      Sec. 319. Effect on Federal and State law.

      Sec. 320. Authorization of appropriations.

      Sec. 321. Reporting on risk assessment exemptions.

      Sec. 322. Effective date.

Subtitle C--Office of Federal Identity Protection

      Sec. 331. Office of Federal Identity Protection.

TITLE IV--GOVERNMENT ACCESS TO AND USE OF COMMERCIAL DATA

      Sec. 401. General services administration review of contracts.

      Sec. 402. Requirement to audit information security practices of contractors and third party business entities.

      Sec. 403. Privacy impact assessment of government use of commercial information services containing personally identifiable information.

      Sec. 404. Implementation of chief privacy officer requirements.

SEC. 2. FINDINGS.

    Congress finds that--

      (1) databases of personally identifiable information are increasingly prime targets of hackers, identity thieves, rogue employees, and other criminals, including organized and sophisticated criminal operations;

      (2) identity theft is a serious threat to the Nation’s economic stability, homeland security, the development of e-commerce, and the privacy rights of Americans;

      (3) over 9,300,000 individuals were victims of identity theft in America last year;

      (4) security breaches are a serious threat to consumer confidence, homeland security, e-commerce, and economic stability;

      (5) it is important for business entities that own, use, or license personally identifiable information to adopt reasonable procedures to ensure the security, privacy, and confidentiality of that personally identifiable information;

      (6) individuals whose personal information has been compromised or who have been victims of identity theft should receive the necessary information and assistance to mitigate their damages and to restore the integrity of their personal information and identities;

      (7) data brokers have assumed a significant role in providing identification, authentication, and screening services, and related data collection and analyses for commercial, nonprofit, and government operations;

      (8) data misuse and use of inaccurate data have the potential to cause serious or irreparable harm to an individual’s livelihood, privacy, and liberty and undermine efficient and effective business and government operations;

      (9) there is a need to ensure that data brokers conduct their operations in a manner that prioritizes fairness, transparency, accuracy, and respect for the privacy of consumers;

      (10) government access to commercial data can potentially improve safety, law enforcement, and national security; and

      (11) because government use of commercial data containing personal information potentially affects individual privacy, and law enforcement and national security operations, there is a need for Congress to exercise oversight over government use of commercial data.

SEC. 3. DEFINITIONS.

    In this Act, the following definitions shall apply:

      (1) AGENCY- The term ‘agency’ has the same meaning given such term in section 551 of title 5, United States Code.

      (2) AFFILIATE- The term ‘affiliate’ means persons related by common ownership or by corporate control.

      (3) BUSINESS ENTITY- The term ‘business entity’ means any organization, corporation, trust, partnership, sole proprietorship, unincorporated association, or venture established to make a profit, or nonprofit.

      (4) IDENTITY THEFT- The term ‘identity theft’ means a violation of section 1028 of title 18, United States Code.

      (5) DATA BROKER- The term ‘data broker’ means a business entity which for monetary fees or dues regularly engages in the practice of collecting, transmitting, or providing access to sensitive personally identifiable information on more than 5,000 individuals who are not the customers or employees of that business entity or affiliate primarily for the purposes of providing such information to nonaffiliated third parties on an interstate basis.

      (6) DATA FURNISHER- The term ‘data furnisher’ means any agency, organization, corporation, trust, partnership, sole proprietorship, unincorporated association, or nonprofit that serves as a source of information for a data broker.

      (7) ENCRYPTION- The term ‘encryption’--

        (A) means the protection of data in electronic form, in storage or in transit, using an encryption technology that has been adopted by an established standards setting body which renders such data indecipherable in the absence of associated cryptographic keys necessary to enable decryption of such data; and

        (B) includes appropriate management and safeguards of such cryptographic keys so as to protect the integrity of the encryption.

      (8) PERSONAL ELECTRONIC RECORD-

        (A) IN GENERAL- The term ‘personal electronic record’ means data associated with an individual contained in a database, networked or integrated databases, or other data system that is provided to nonaffiliated third parties and includes sensitive personally identifiable information about that individual.

        (B) EXCLUSIONS- The term ‘personal electronic record’ does not include--

          (i) any data related to an individual’s past purchases of consumer goods; or

          (ii) any proprietary assessment or evaluation of an individual or any proprietary assessment or evaluation of information about an individual.

      (9) PERSONALLY IDENTIFIABLE INFORMATION- The term ‘personally identifiable information’ means any information, or compilation of information, in electronic or digital form serving as a means of identification, as defined by section 1028(d)(7) of title 18, United State Code.

      (10) PUBLIC RECORD SOURCE- The term ‘public record source’ means the Congress, any agency, any State or local government agency, the government of the District of Columbia and governments of the territories or possessions of the United States, and Federal, State or local courts, courts martial and military commissions, that maintain personally identifiable information in records available to the public.

      (11) SECURITY BREACH-

        (A) IN GENERAL- The term ‘security breach’ means compromise of the security, confidentiality, or integrity of computerized data through misrepresentation or actions that result in, or there is a reasonable basis to conclude has resulted in, acquisition of or access to sensitive personally identifiable information that is unauthorized or in excess of authorization.

        (B) EXCLUSION- The term ‘security breach’ does not include--

          (i) a good faith acquisition of sensitive personally identifiable information by a business entity or agency, or an employee or agent of a business entity or agency, if the sensitive personally identifiable information is not subject to further unauthorized disclosure; or

          (ii) the release of a public record not otherwise subject to confidentiality or nondisclosure requirements.

      (12) SENSITIVE PERSONALLY IDENTIFIABLE INFORMATION- The term ‘sensitive personally identifiable information’ means any information or compilation of information, in electronic or digital form that includes--

        (A) an individual’s first and last name or first initial and last name in combination with any 1 of the following data elements:

          (i) A non-truncated social security number, driver’s license number, passport number, or alien registration number.

          (ii) Any 2 of the following:

            (I) Home address or telephone number.

            (II) Mother’s maiden name, if identified as such.

            (III) Month, day, and year of birth.

          (iii) Unique biometric data such as a finger print, voice print, a retina or iris image, or any other unique physical representation.

          (iv) A unique account identifier, electronic identification number, user name, or routing code in combination with any associated security code, access code, or password that is required for an individual to obtain money, goods, services, or any other thing of value; or

        (B) a financial account number or credit or debit card number in combination with any security code, access code, or password that is required for an individual to obtain credit, withdraw funds, or engage in a financial transaction.

TITLE I--ENHANCING PUNISHMENT FOR IDENTITY THEFT AND OTHER VIOLATIONS OF DATA PRIVACY AND SECURITY


Full Text of Legislation
 
Subject Name:
Subjects not available.
 
All Actions:

Actions Date
Action Text
Actions not available.
 
Titles:

Title not available.
 
Committee:

Committees not available.
 
Related Bill Details:

Related bills not available.
 
Amendments

Amendments not available.
 
 
Co-sponsors
There are no co-sponsors for this bill.
 
 
 
 
about govit
 
|
 
contact us
 
|
 
terms of use
 
|
 
privacy policy
 
Govit™ 2008