Identity Theft Prevention Act

A bill to strengthen data protection and safeguards, require data breach notification, and further prevent identity theft.

12/5/2007--Reported to Senate amended. Identity Theft Prevention Act -
(Sec. 2) Requires any commercial entity or charitable, educational, or nonprofit organization that acquires, maintains, or uses sensitive personal information (covered entity) to develop, implement, maintain, and enforce a written program, containing administrative, technical, and physical safeguards, for the security of sensitive personal information it collects, maintains, sells, transfers, or disposes of. Defines "sensitive personal information" as an individual's name, address, or telephone number combined with at least one of the following relating to that individual:
(1) the social security number or numbers derived from that number;
(2) financial account or credit or debit card numbers combined with codes or passwords that permit account access, subject to exception; or
(3) a state driver's license or resident identification number.
(Sec. 3) Requires a covered entity:
(1) to report a security breach to the Federal Trade Commission (FTC);
(2) if the entity determines that the breach creates a reasonable risk of identity theft, to notify each affected individual; and
(3) if the breach involves 1,000 or more individuals, to notify all consumer reporting agencies specified in the Fair Credit Reporting Act.

(Sec. 4) Authorizes a consumer to place a security freeze on his or her credit report by making a request to a consumer credit reporting agency. Prohibits a reporting agency, when a freeze is in effect, from releasing the consumer's report for credit review purposes without the consumer's prior express authorization. Provides for freeze removal and suspension, limits related fees, and sets forth other security freeze requirements. Exempts from certain provisions of this Act:
(1) a consumer credit reporting agency that acts only as a reseller of credit information and does not maintain a permanent database of credit information;
(2) check services or fraud prevention services companies; and
(3) deposit account information service companies.

(Sec. 5) Requires:
(1) the establishment of the Information Security and Consumer Privacy Advisory Committee; and
(2) a related crime study and report, including regarding the correlation between methamphetamine use and identity theft crimes.

(Sec. 8) Treats any violation of this Act as an unfair or deceptive act or practice under the Federal Trade Commission Act. Requires enforcement under other specified laws. Allows enforcement by state attorneys general. Preempts state laws requiring notification of affected individuals of security breaches. Preempts state laws relating to the use of social security numbers.
(Sec. 11) Prohibits, subject to exception, a covered entity from soliciting a social security number from an individual unless there is a specific use of that number for which no other identifier can reasonably be used. Prohibits the display of social security numbers on identification cards commonly provided to employees, faculty, staff, or students and on state driver's licenses. Amends title II (Old Age, Survivors and Disability Insurance) (OASDI) of the Social Security Act to prohibit federal, state, and political subdivision governmental entities and their agents from using prisoners in a way that would allow the prisoners access to other individuals' social security numbers. Makes it unlawful to sell, purchase, provide, or display a social security number to the general public or to obtain or use any individual's social security number for the purpose of locating or identifying the individual with the intent to physically injure or harm the individual or for the purpose of using the individual's identity for any illegal purpose, subject to exceptions, including sales or displays of such numbers for the purposes of national security, public health or safety, and locating abducted children.
(Sec. 12) Requires each U.S. agency to:
(1) develop, implement, maintain, and enforce a written program for the security of sensitive personal information the agency collects, maintains, sells, transfers, or disposes of;
(2) use due diligence to investigate any suspected breach of security affecting sensitive personal information; and
(3) notify each affected individual after a breach.

(Sec. 14) Authorizes appropriations.


... morehide bill summarySee Full Bill Text

Sponsor

• Sen. Daniel Inouye [D, HI]
• and 4 Co-Sponsors
  • Sen. Bill Nelson [D, FL]
  • Sen. Mark Pryor [D, AR]
  • Sen. Gordon Smith [R, OR]
  • Sen. Ted Stevens [R, AK]
  close

Committees

• Senate Commerce, Science, and Transportation

Amendments

This bill has no amendments.

Amendments to S.1178

Number	Status	Purpose

Bill Status

Make a Bill Status Widget (Close help)

OpenCongress widgets allow you to display information about bills and issue areas on your own website or blog. First, select which bill or issue you want to track, then customize the appearance of the panel, and finally paste a simple chunk of HTML into your site. Now your community will have an easy, up-to-date way to track the status of important bills and issues in Congress.

Introduced		Voted on by Senate		Voted on by House		Considered By President		Bill Becomes Law
April 20, 2007

Show All Actions (8 actions)Hide Actions

All Bill Actions

• Added to calendar on Dec 05, 2007: Placed on Senate Legislative Calendar under General Orders. Calendar No. 520..
• Dec 05, 2007: Committee on Commerce, Science, and Transportation. Reported by Senator Inouye with amendments. With written report No. 110-235.
• Apr 25, 2007: Committee on Commerce, Science, and Transportation. Ordered to be reported with amendments favorably.
• Apr 25, 2007: Committee on Commerce, Science, and Transportation. Date of scheduled consideration. SR-253. 2:30 p.m.
• Apr 20, 2007: Read twice and referred to the Committee on Commerce, Science, and Transportation.
• Apr 20, 2007: Sponsor introductory remarks on measure. (CR S4812-4813)
• Introduced on Apr 20, 2007.
• Apr 20, 2007: Introductory remarks on measure. (CR S4812-4813)

---

Related Bills:

• S.806

Related Issue Areas:

• Consumers
• Administrative procedure
• Bank accounts
• Business
• 33 more
• Charities
• Consumer credit
• Credit bureaus
• Credit cards
• Criminal justice
• Debit cards
• Driver licenses
• Drug abuse
• Executive departments
• Federal Trade Commission
• Federal advisory bodies
• Federal preemption
• Finance
• Government information
• Government paperwork
• Government publicity
• Identification devices
• Identity theft
• Independent regulatory commissions
• Law
• Methamphetamine
• Nonprofit organizations
• Restrictive trade practices
• Social security
• Social security numbers
• Social services
• State and local government
• State laws
• Telecommunication
• Telephone
• Transportation
• Labor
• Prison labor

Data from the Congressional Research Service

Users tracking S.1178 (6) are also tracking:

Show More User Statistics... Hide User Statistics

In the News

June 22, 2007 Data Breach Legislation Sparks Debate

Bills introduced in 2007 include the Personal Data Privacy and Security Act of 2007 (S. 245) and the Identity Theft Prevention Act (S. 1178). ...

Was this article useful? Yes or No

Source: The Heartland Institute, IL

Did you find this article useful? Your opinion counts - together, we're finding the very best news and blog coverage about Congress available on the web.

June 19, 2007 EU Privacy Directive - Coming to the US?

... such as S.239, or whether we take the bigger step of forming a permanent committee under the FTC to monitor privacy as outlined by S.1178. ...

Was this article useful? Yes or No (1 of 1 found it useful.)

Source: Slashdot

Did you find this article useful? Your opinion counts - together, we're finding the very best news and blog coverage about Congress available on the web.

April 26, 2007 ID theft bill worries nation's leading retail lobby

The Senate Commerce, Science and Transportation Committee voted yesterday on S. 1178, the Identity Theft Protection Act of 2007, sponsored by committee ...

Was this article useful? Yes or No (0 of 1 found it useful.)

Source: DM News, NY

Did you find this article useful? Your opinion counts - together, we're finding the very best news and blog coverage about Congress available on the web.

4 more articles...
See most useful news articles

Blog Coverage

April 24, 2008 CRS — Information Security and Data Breach Notification Safeguards

During the 110th Congress, three data security bills — S. 239 (Feinstein), S. 495 (Leahy), and S. 1178 (Inouye) — were reported favorably out of Senate committees. Those bills include information security and data breach notification ...

Was this article useful? Yes or No

Source: Docuticker

Did you find this article useful? Your opinion counts - together, we're finding the very best news and blog coverage about Congress available on the web.

April 16, 2008 Hairycoeds

The National Retail Federation in Washington, the nation's leading lobby for retailers, is worried about some provisions of a new bill--the Identity Theft Protection Act of 2007 (S. 1178)--in the Senate. While welcoming a national . ...

Was this article useful? Yes or No

Source: Singles In Lakehamilton Ar

Did you find this article useful? Your opinion counts - together, we're finding the very best news and blog coverage about Congress available on the web.

April 09, 2008 Federal Legislative Outlook, Privacy/Antitrust Issues Discussed at ...

According to Strickland, the bill currently under examination in the Senate Commerce Committee (S. 1178) would cover entities not reached by the Gramm-Leach-Bliley Act and would probably extend the FTC’s Safeguards Rule to nonfinancial ...

Was this article useful? Yes or No

Source: Trade Regulation Talk

Did you find this article useful? Your opinion counts - together, we're finding the very best news and blog coverage about Congress available on the web.

16 more posts...
See most useful blog posts

Information made available by: