EPIC Bill Track
Tracking Privacy, Speech, and
Cyber-Liberties
Bills in the 109th Congress
HR.
3140 |
Consumer
Data Security and Notification Act (Bean) |
|
Subjects information
collected by data brokers to the provisions covering consumer reports
under the Fair Credit Reporting Act. Directs the FTC to establish
security, confidentiality, and notification regulations for consumer
reporting agencies. Grants private investigators access to consumer
reports in connection with lawful investigations. Amends the
Gramm-Leach-Bliley Act to require financial institutions to notify
customers of security breaches. |
6/30/2005 Referred to House Committee on Financial Services. |
S.
500 |
Information
Protection and Security Act (Nelson) |
|
Directs the FTC to
regulate information brokers. Data brokers would be
required to ensure data accuracy and confidentiality, authenticate and
track users, detect and prevent unauthorized activity, and mitigate
potential harm to individuals. In addition, individuals
would have the right to access, correct, and know which third parties
have procured their personal information. Violations of these
regulations would be treated as unfair or deceptive acts of practices
under the Federal Trade Commission Act. Individuals would have a
private right of action if injured by violations of this Act. States
would also be able to bring civil actions on behalf of residents. |
3/3/2005 Referred to Senate Committee on Commerce, Science, and Transportation. |
S. 737 | Security and Freedom Enhancement Act. SAFE Act (Craig) |
|
Amends the USA PATRIOT Act to require orders for roving wiretap to specify the identity of the target or the place to be wiretapped, and that surveillance only be conducted when suspect is present at that place. Limits the authority to delay notice of the issuance of a search warrant to circumstances where providing immediate notice will endanger the life or physical safety of an individual or result in flight from prosecution, the destruction of or tampering with evidence, or the intimidation of potential witnesses. Restricts FBI access to business records for foreign intelligence and international terrorism investigations to cases where there are specific and articulable facts giving reason to believe that targeted person is a foreign power or agent. Prohibits an electronic communication service provider from disclosing that the FBI has sought access to telephone records for 90 days after receipt of such request, with exceptions (current law places no limits on nondisclosure). |
4/6/2005 Referred to Senate Committee on the Judiciary. |
HR. 3199 | USA PATRIOT and Terrorism Prevention Reauthorization Act (Sensensenbrenner) |
|
Makes 14 of 16
provisions of USA PATRIOT Act permanent. Section 206 relating to roving
wiretaps and Section 215 concerning access to business records are
extenteded for ten years with certain restrictions. Requests for
business records must be "reasonably expected" to be foreign
intelligence information not concerning a US person, or relevant to an
ongoing terrorism investigation. In addition, receivers of such
requests are allowed to consult an attorney and challenge it in court. |
7/29/2005 Resolving differences / Conference -- Senate actions. Status: Senate insists on its amendment, asks for a conference, appoints conferees Specter; Hatch; Kyl; DeWine; Sessions; Roberts; Leahy; Kennedy; Rockefeller; Levin. |
HR. 418 |
Real
ID Act (Sensenbrenner) |
|
Establishes national
security standards for State issued driver's licenses and
identification card, including a common machine-readable technology,
incorporation of specified data, and certain anti-fraud security
features. Requires verification of information presented and evidence
of lawful presence in the United States to obtain a drivers license.
Non-privacy related titles change immigration procedures and provide
for border infrastructure. |
5/11/2005:
Signed into law by President, became Public Law 109-13 |
S. 1789 | Personal Data Privacy and Security Act (Specter) |
|
Grants individuals
the right to access and establishes procedures for correcting
information collected
by data brokers, preempts state laws. Requires businesses collecting
personally identifiable
information to develop and publish a data privacy and security
program. Enhances criminal penalties for ID theft, and
appropriates $25 million a year for grants to State and
local
governments for enforcement purposes.
Requires notification of individuals affected by a security breach and
establishes fines and terms of imprisonment for concealment. Provides
exemptions for entities that perform a risk assessment concluding that
there was, or will not be, any harm to individuals affected, or that
participate in a security program designed to block the use of personal
information for unauthorized financial transactions before they are
charged to an individual's account. Requires
evaluation and audit of security and privacy policies of
government contractors. |
9/29/2005 Referred to Senate committee. Status: Read twice and referred to the Committee on the Judiciary. |
S. 768 | Comprehensive Identity Theft Prevention Act (Schumer) |
|
Sets limits on the sale, and notification requirements in case of unauthorized acquisition of sensitive personal information. With certain exceptions, prohibits the solicitation, sale, purchase, use, and access to SSNs. Establishes an Office of Identity Theft within the FTC to enforce this Act. |
4/12/2005 Referred to Senate committee. Status: Read twice and referred to the Committee on Commerce, Science, and Transportation. |
S. 1408 | Identity Theft Protection Act (Smith) |
|
Directs FTC to
promulgate regulations to require covered entities to develop and
implement information security programs. Requires notification in cases
of security breaches affecting 1,000 individuals or more. Allows
consumers to request a security freeze on their credit report.
Prohibits soliciting SSNs unless there is a specific use for which no
other identifier can reasonably be used, the display of SSNs on
employee IDs, and granting inmates access to SSNs. Allows State
Attorney Generals to bring civil action on behalf of its residents for
violations of this Act. Preempts state actions relating to provisions
of this Act. Establishes an Information Security Working Group to
develop security best management practices. |
7/28/2005
Senate committee/subcommittee actions. Status: Committee on
Commerce, Science, and Transportation. Ordered to be reported with an
amendment in the nature of a substitute favorably. |
S. 714 | Junk Fax Protection Act (Smith) |
|
Prohibits unsolicited advertisement via fax to a person who has indicated they wish not to receive such communication, unless there is an existing business relationship and the advertisement contains an opt-out notice. |
7/9/2005: Signed into law by President, became Public Law 109-21 |
S. 751 | Notification of Risk to Personal Data Act (Feinstein) |
|
Requires persons and Federal agencies that own, license or collect personal information to notify individuals whose information was obtained by an unauthorized person. Requires entities possessing but not owning or licensing such data, to notify the information owner in case of unauthorized acquisition. Federal agencies are exempt for national security and law enforcement purposes. |
7/21/2005
Senate committee/subcommittee actions. Status: Committee on the
Judiciary. Date of scheduled consideration. SD-226. 9:30 a.m. |
S. 1336 |
Consumer Identify Protection Act (Pryor) |
|
Grants individuals
the right to place a security freeze on their credit report at
no cost, thereby limiting third parties' access to such personal
information.
Requires consumer reporting agencies to notify consumers when they have
disclosed frozen account information to third parties. Allows private
right of civil action for violations of this Act. |
6/29/2005
Referred to Senate committee. Status: Read twice and referred to the
Committee on Commerce, Science, and Transportation. |
HR. 1069 |
Notification
of Risk to Personal Data Act (Bean) |
|
Requires financial institutions where a breach of personal information is reasonably believed to have occurred to notify affected customers, consumer reporting agencies, the information clearinghouse established by the FTC under this Act, and law enforcement agencies. Entities maintaining personal information on behalf of financial institutions would be required to notify the financial institution in case of security breach. Requires consumer reporting agencies to place a fraud alert on individuals affected by a security breach. Authorizes State Attorneys General to bring civil actions in Federal district court to enforce this Act on behalf of the residents of the State. Directs the FTC to establish and maintain a clearinghouse to collect and analyze information required under this Act. |
5/13/2005 Referred to House subcommittee. Status: Referred to the Subcommittee on Financial Institutions and Consumer Credit. |
HR. 29 | Securely Protect Yourself Against Cyber Trespass Act, or Spy Act (Bono) |
|
Makes unlawful the
unauthorized usage of a computer to take control of it, modify its
setting, collect of induce the owner to disclose personally
identifiable information, install unsolicited software, and tamper with
security, anti-spyware, or anti-virus software. In addition, unless
prior notification is given, the transmission or execution of any
information collection program is made unlawful. Provides an exception
with
respect to Web pages visited within a particular website when the
information collected is sent only to the provider of the website
accessed. |
5/23/2005 Passed in House 393-4, Referred to Senate Committee on Commerce, Science, and Transportation. |
HR. 744 |
Internet Spyware Prevention Act of 2005, or I-SPY Act (Goodlatte) |
|
Criminalizes
unauthorized access of a computer through the installation of a program
or code, and intentionally using it to obtain or transmit personal
information with the intent to defraud or injure a person or cause
damage to a computer, in furtherance of a Federal criminal offense, or
to intentionally impair the computer's security protection with intent
to defraud or injure. Prohibits civil action under State law premised
upon violation of this Act. Authorizes $10 million a year to the
Attorney General for prosecutions of spyware, phishing, and pharming
crimes. |
5/23/2005
Passed in House 395-1, Referred to Senate Committee on the Judiciary |
HR. 1078 | Social Security Number Protection Act (Markey) |
|
Establishes criminal penalties for the sale and purchase of SSNs. Makes exceptions for national security, law enforcement, public health, emergency situations, research purposes, cases where an individual makes voluntary and affirmative consent to the sale, and other circumstances specified by the FTC. |
5/19/2005 Referred to House Subcommittee on Financial Institutions and Consumer Credit. |
HR. 1745 |
Social
Security Number Privacy and Identity Theft Prevention Act (Shaw) |
|
Prohibits displaying SSNs on government issued checks and ID cards, and granting access to prisoners. Bans the sale, purchase and display of SSNs, and using an SSN to locate or identify an individual with intent to injure or use their ID for any illegal purpose. Considers refusal to do business without receipt of SSN an unfair or deceptive act or practice. Establishes civil and criminal penalties, and enhanced penalties in case of terrorism, drug trafficking, violence, or prior offenses. |
5/19/2005 Referred to House Subcommittee on Financial Institutions and Consumer Credit. |
HR.
1139 |
Wireless
411 Privacy Act (Pitts) |
|
Requires notification and express prior authorization from current wireless subscribers, and the option to de-list for new subscribers, before their number is included in any wireless directory assistance database (411 list). Allows a provider to connect a 411 call only if the destination subscriber is provided prior notice of the caller's identity and is permitted to reject the call, the subscriber's number is not disclosed to caller, and the subscriber is not unlisted. Prohibits wireless providers from charging for exercising any of these rights. |
3/22/2005 Referred to House Subcommittee on Telecommunications and the Internet. |