EPIC Bill Track
Tracking Privacy, Speech, and Cyber-Liberties
Bills in the 109th Congress

Last Updated August 9, 2005

111th Congress Bill Track | 109th Congress | 108th Congress | 107th Congress | 106th Congress | 105th Congress

Data Brokers
(see also Identity Theft bills)

HR. 3140
Consumer Data Security and Notification Act (Bean)

Subjects information collected by data brokers to the provisions covering consumer reports under the Fair Credit Reporting Act. Directs the FTC to establish security, confidentiality, and notification regulations for consumer reporting agencies. Grants private investigators access to consumer reports in connection with lawful investigations. Amends the Gramm-Leach-Bliley Act to require financial institutions to notify customers of security breaches.

6/30/2005 Referred to House Committee on Financial Services.

S. 500
Information Protection and Security Act (Nelson)

Directs the FTC to regulate information brokers. Data brokers would be required to ensure data accuracy and confidentiality, authenticate and track users, detect and prevent unauthorized activity, and mitigate potential harm to individuals. In addition, individuals would have the right to access, correct, and know which third parties have procured their personal information. Violations of these regulations would be treated as unfair or deceptive acts of practices under the Federal Trade Commission Act. Individuals would have a private right of action if injured by violations of this Act. States would also be able to bring civil actions on behalf of residents.

3/3/2005 Referred to Senate Committee on Commerce, Science, and Transportation.


S. 737 Security and Freedom Enhancement Act. SAFE Act (Craig)

Amends the USA PATRIOT Act to require orders for roving wiretap to specify the identity of the target or the place to be wiretapped, and that surveillance only be conducted when suspect is present at that place. Limits the authority to delay notice of the issuance of a search warrant to circumstances where providing immediate notice will endanger the life or physical safety of an individual or result in flight from prosecution, the destruction of or tampering with evidence, or the intimidation of potential witnesses. Restricts FBI access to business records for foreign intelligence and international terrorism investigations to cases where there are specific and articulable facts giving reason to believe that targeted person is a foreign power or agent. Prohibits an electronic communication service provider from disclosing that the FBI has sought access to telephone records for 90 days after receipt of such request, with exceptions (current law places no limits on nondisclosure).

4/6/2005 Referred to Senate Committee on the Judiciary.

HR. 3199 USA PATRIOT and Terrorism Prevention Reauthorization Act (Sensensenbrenner)

Makes 14 of 16 provisions of USA PATRIOT Act permanent. Section 206 relating to roving wiretaps and Section 215 concerning access to business records are extenteded for ten years with certain restrictions. Requests for business records must be "reasonably expected" to be foreign intelligence information not concerning a US person, or relevant to an ongoing terrorism investigation. In addition, receivers of such requests are allowed to consult an attorney and challenge it in court.

7/29/2005 Resolving differences / Conference -- Senate actions. Status: Senate insists on its amendment, asks for a conference, appoints conferees Specter; Hatch; Kyl; DeWine; Sessions; Roberts; Leahy; Kennedy; Rockefeller; Levin.

Identification Cards

HR. 418
Real ID Act (Sensenbrenner)

Establishes national security standards for State issued driver's licenses and identification card, including a common machine-readable technology, incorporation of specified data, and certain anti-fraud security features. Requires verification of information presented and evidence of lawful presence in the United States to obtain a drivers license. Non-privacy related titles change immigration procedures and provide for border infrastructure.

 5/11/2005: Signed into law by President, became Public Law 109-13

Identity Theft

S. 1789 Personal Data Privacy and Security Act (Specter)

Grants individuals the right to access and establishes procedures for correcting information collected by data brokers, preempts state laws. Requires businesses collecting personally identifiable information to develop and publish a data privacy and security program. Enhances criminal penalties for ID theft, and appropriates $25 million a year for grants to State and local governments for enforcement purposes. Requires notification of individuals affected by a security breach and establishes fines and terms of imprisonment for concealment. Provides exemptions for entities that perform a risk assessment concluding that there was, or will not be, any harm to individuals affected, or that participate in a security program designed to block the use of personal information for unauthorized financial transactions before they are charged to an individual's account. Requires evaluation and audit of security and privacy policies of government contractors.

9/29/2005 Referred to Senate committee. Status: Read twice and referred to the Committee on the Judiciary.

S. 768 Comprehensive Identity Theft Prevention Act (Schumer)

Sets limits on the sale, and notification requirements in case of unauthorized acquisition of sensitive personal information. With certain exceptions, prohibits the solicitation, sale, purchase, use, and access to SSNs. Establishes an Office of Identity Theft within the FTC to enforce this Act.

 4/12/2005 Referred to Senate committee. Status: Read twice and referred to the Committee on Commerce, Science, and Transportation.

S. 1408 Identity Theft Protection Act  (Smith)

Directs FTC to promulgate regulations to require covered entities to develop and implement information security programs. Requires notification in cases of security breaches affecting 1,000 individuals or more. Allows consumers to request a security freeze on their credit report. Prohibits soliciting SSNs unless there is a specific use for which no other identifier can reasonably be used, the display of SSNs on employee IDs, and granting inmates access to SSNs. Allows State Attorney Generals to bring civil action on behalf of its residents for violations of this Act. Preempts state actions relating to provisions of this Act. Establishes an Information Security Working Group to develop security best management practices.

7/28/2005 Senate committee/subcommittee actions. Status: Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.

Junk Fax

S. 714 Junk Fax Protection Act (Smith)

Prohibits unsolicited advertisement via fax to a person who has indicated they wish not to receive such communication, unless there is an existing business relationship and the advertisement contains an opt-out notice.

7/9/2005: Signed into law by President, became Public Law 109-21

Notification Requirements
(see also Identity Theft bills)

S. 751 Notification of Risk to Personal Data Act (Feinstein)

Requires persons and Federal agencies that own, license or collect personal information to notify individuals whose information was obtained by an unauthorized person. Requires entities possessing but not owning or licensing such data, to notify the information owner in case of unauthorized acquisition. Federal agencies are exempt for national security and law enforcement purposes.

7/21/2005 Senate committee/subcommittee actions. Status: Committee on the Judiciary. Date of scheduled consideration. SD-226. 9:30 a.m.

S. 1336
Consumer Identify Protection Act  (Pryor)

Grants individuals the right to place a security freeze on their credit report at no cost, thereby limiting third parties' access to such personal information. Requires consumer reporting agencies to notify consumers when they have disclosed frozen account information to third parties. Allows private right of civil action for violations of this Act.

 6/29/2005 Referred to Senate committee. Status: Read twice and referred to the Committee on Commerce, Science, and Transportation.

HR. 1069
Notification of Risk to Personal Data Act (Bean)

Requires financial institutions where a breach of personal information is reasonably believed to have occurred to notify affected customers, consumer reporting agencies, the information clearinghouse established by the FTC under this Act, and law enforcement agencies. Entities maintaining personal information on behalf of financial institutions would be required to notify the financial institution in case of security breach. Requires consumer reporting agencies to place a fraud alert on individuals affected by a security breach. Authorizes State Attorneys General to bring civil actions in Federal district court to enforce this Act on behalf of the residents of the State. Directs the FTC to establish and maintain a clearinghouse to collect and analyze information required under this Act.

 5/13/2005 Referred to House subcommittee. Status: Referred to the Subcommittee on Financial Institutions and Consumer Credit.


HR. 29 Securely Protect Yourself Against Cyber Trespass Act, or Spy Act (Bono)

Makes unlawful the unauthorized usage of a computer to take control of it, modify its setting, collect of induce the owner to disclose personally identifiable information, install unsolicited software, and tamper with security, anti-spyware, or anti-virus software. In addition, unless prior notification is given, the transmission or execution of any information collection program is made unlawful. Provides an exception with respect to Web pages visited within a particular website when the information collected is sent only to the provider of the website accessed.

 5/23/2005 Passed in House 393-4, Referred to Senate Committee on Commerce, Science, and Transportation.

HR. 744
Internet Spyware Prevention Act of 2005, or I-SPY Act (Goodlatte)

Criminalizes unauthorized access of a computer through the installation of a program or code, and intentionally using it to obtain or transmit personal information with the intent to defraud or injure a person or cause damage to a computer, in furtherance of a Federal criminal offense, or to intentionally impair the computer's security protection with intent to defraud or injure. Prohibits civil action under State law premised upon violation of this Act. Authorizes $10 million a year to the Attorney General for prosecutions of spyware, phishing, and pharming crimes.

 5/23/2005 Passed in House 395-1, Referred to Senate Committee on the Judiciary

Social Security Numbers
(see also Identity Theft bills)

HR. 1078 Social Security Number Protection Act (Markey)

Establishes criminal penalties for the sale and purchase of SSNs. Makes exceptions for national security, law enforcement, public health, emergency situations, research purposes, cases where an individual makes voluntary and affirmative consent to the sale, and other circumstances specified by the FTC.

5/19/2005 Referred to House Subcommittee on Financial Institutions and Consumer Credit.

HR. 1745
Social Security Number Privacy and Identity Theft Prevention Act (Shaw)

Prohibits displaying SSNs on government issued checks and ID cards, and granting access to prisoners. Bans the sale, purchase and display of SSNs, and using an SSN to locate or identify an individual with intent to injure or use their ID for any illegal purpose. Considers refusal to do business without receipt of SSN an unfair or deceptive act or practice. Establishes civil and criminal penalties, and enhanced penalties in case of terrorism, drug trafficking, violence, or prior offenses.

 5/19/2005 Referred to House Subcommittee on Financial Institutions and Consumer Credit.


HR. 1139
Wireless 411 Privacy Act (Pitts)

Requires notification and express prior authorization from current wireless subscribers, and the option to de-list for new subscribers,  before their number is included in any wireless directory assistance database (411 list). Allows a provider to connect a 411 call only if the destination subscriber is provided prior notice of the caller's identity and is permitted to reject the call, the subscriber's number is not disclosed to caller, and the subscriber is not unlisted. Prohibits wireless providers from charging for exercising any of these rights.

3/22/2005 Referred to House Subcommittee on Telecommunications and the Internet.

Return to EPIC Privacy Page | EPIC Home Page.