s 73 40864 1170738000 false 1179892800 8 495 2609 110 300065

5/23/2007--Reported to Senate amended. Personal Data Privacy and Security Act of 2007 - Title I: Enhancing Punishment For Identity Theft And Other Violations Of Data Privacy and Security - (Sec. 101) Amends the federal criminal code to add intentionally accessing a computer without authorization to the definition of racketeering activity. (Sec. 102) Imposes a fine and/or prison term of up to five years for intentionally and willfully concealing a security breach involving sensitive personally identifiable information that causes economic damage to one or more persons. Defines &quot;sensitive personally identifiable information&quot; to include an individual's name in combination with his or her social security number, home address, date of birth, biometrics data, or financial account information. (Sec. 103) Directs the U.S. Sentencing Commission to review and amend, if appropriate, federal sentencing guidelines for persons convicted of using fraud to access, or to misuse, digitized or electronic personally identifiable information, including sentencing guidelines for identity theft. (Sec. 104) Amends the federal bankruptcy code to prohibit the dismissal or conversion of a bankruptcy case based upon a debtor's failure to meet means testing eligibility requirements if such debtor is a victim of identity theft.<br/>Title II: Data Brokers - (Sec. 201) Requires interstate data brokers (defined as business entities which, for monetary fees or dues, regularly engage in the practice of collecting, transmitting, or providing access to sensitive personally identifiable information on more than 5,000 individuals to nonaffiliated third parties on an interstate basis) to: (1) disclose to a requesting individual all personal electronic records pertaining to such individual in their databases or systems at the time of such request; (2) provide guidance to such individuals for correcting inaccuracies in their records; (3) provide written or electronic notice of any adverse action taken against an individual by a third party based upon information in their databases; and (4) correct any inaccurate information in their databases.<br/>(Sec. 202) Imposes civil penalties on data brokers who violate the requirements of this title. Grants the Federal Trade Commission (FTC) enforcement authority over data brokers. Allows state attorneys general to pursue civil remedies against data brokers who are deemed to pose a threat to state residents.<br/>(Sec. 203) Preempts state regulation of data brokers.<br/>(Sec. 204) Makes the provisions of this title effective 180 days after enactment of this Act. Title III: Privacy And Security Of Personally Identifiable Information - Subtitle A: A Data Privacy and Security Program - (Sec. 301) Imposes requirements for a personal data privacy and security program on business entities that maintain sensitive personally identifiable information in electronic or digital form on 10,000 or more U.S. persons. Exempts certain financial institutions, covered entities under the Health Insurance Portability and Accountability Act (HIPAA), and public records from such requirements.<br/>(Sec. 302) Requires a business entity that is subject to data privacy and security requirements to: (1) implement a comprehensive personal data privacy and security program to ensure the privacy, security, and confidentiality of sensitive personally identifying information and to protect against breaches of and unauthorized access to such information; (2) conduct risk assessments of potential security breaches; (3) adopt risk management and control policies and procedures; (4) ensure employee training and supervision for implementation of data security programs; and (5) undertake vulnerability testing and monitoring of personal data privacy and security programs. (Sec. 303) Imposes civil penalties on business entities that violate the data privacy and security requirements of this subtitle. Grants enforcement authority for such requirements to the FTC.<br/>(Sec. 304) Preempts state laws relating to administrative, technical, and physical safeguards for the protection of sensitive personally identifying information.<br/>Subtitle B: Security Breach Notification - (Sec. 311) Requires any agency or business entity with sensitive personally identifiable information to notify without unreasonable delay any U.S. resident of a security breach in which such resident's information has been, or is reasonably believed to have been, accessed or acquired.<br/>(Sec. 312) Exempts agencies or business entities from security breach notification requirements if they provide written certification to the Secret Service that providing such notification would impede a criminal investigation or damage national security. Requires the Secret Service to evaluate the merits of such certifications.<br/>(Sec. 313) Requires an agency or business entity to give notice of a security breach to any affected individuals: (1) by written notice to their last known home mailing address, by telephone, or by email (if email notification was consented to); and (2) to major media outlets if the number of residents in a state affected by a security breach exceeds 5,000.<br/>(Sec. 314) Requires the notification to individuals whose sensitive personally identifiable information has been accessed to include: (1) a description of the categories of information an unauthorized individual has acquired; and (2) toll-free numbers for contacting the agency or business entity whose databases have been breached and major credit reporting agencies.<br/>(Sec. 315) Requires any business entity or agency that is required to provide notification to more than 5,000 individuals of a security breach to notify all consumer reporting agencies.<br/>(Sec. 316) Requires any business entity or agency to notify the Secret Service of security breaches of sensitive personally identifying information within 14 days of any data security breach that involves: (1) more than 10,000 individuals; (2) a database that contains information about more than one million individuals nationwide; (3) a federal government database; or (4) individuals known to be government employees or contractors involved in national security or law enforcement. Requires the Secret Service to notify the Federal Bureau of Investigation (FBI), the U.S. Postal Service, and the attorney general of each affected state of a security breach within 14 days of receiving notice of any breach.<br/>(Sec. 317) Authorizes the Attorney General to bring a civil action, including an injunction, in a U.S. district court for violations of security breach notification requirements.<br/>(Sec. 318) Allows state attorneys general to bring a civil action in a U.S. district court to enforce security breach notification requirements. Authorizes the Attorney General to stay, or intervene in, any state action.<br/>(Sec. 319) Declares that the provisions of this subtitle shall supersede any other provision of federal or state law relating to notification by an interstate business entity or agency of a security breach. (Sec. 320) Authorizes appropriations to the Secret Service to carry out investigations and risk assessments of security breaches.<br/>(Sec. 321) Requires the Secret Service to report to Congress on security breaches resulting from risk assessment exemptions.<br/>(Sec. 322) Makes the provisions of this subtitle effective 90 days after enactment of this Act. Subtitle C: Office of Federal Identity Protection - Establishes in the FTC an Office of Federal Identity Protection to assist victims of identity theft. Authorizes appropriations for such Office for FY2008-FY2012.<br/>Title IV: Government Access To And Use Of Commercial Data - (Sec. 401) Requires the Administrator of the General Services Administration (GSA), in awarding contracts totaling more than $500,000 to data brokers, to evaluate their data privacy and security programs, their compliance, the extent to which their databases and systems have been compromised by security breaches, and their responses to such breaches. Provides a compliance safe harbor for data brokers and penalties against data brokers for noncompliance with security breach notification requirements.<br/>(Sec. 402) Requires federal agencies to audit and evaluate the information security practices of government contractors and third parties that support the information technology systems of such agencies.<br/>(Sec. 403) Amends the E-Government Act of 2002 to require federal agencies that purchase or subscribe to personally identifiable information from a commercial entity to conduct privacy impact assessments on the use of those services.<br/>Requires the Comptroller General to conduct a study and audit and prepare a report for submission to Congress on federal agency adherence to privacy principles in using data brokers or commercial databases containing personally identifiable information.<br/>(Sec. 404) Requires the Department of Justice to designate a department-wide Chief Privacy Officer. Sets forth the duties and responsibilities of such Officer.<br/>

1179892800 2007-05-23 Fri Nov 07 13:20:22 -0600 2008 introduced 40864 'law':23 'bill':2 'ensur':10 'ident':7 'misus':35 'mitig':6 'notic':14 'secur':16,30 'theft':8 'access':33 'assist':25 'breach':17,31 'crimin':21 'enforc':24 'enhanc':20 'inform':39 'person':37 'provid':13 'fraudul':32 'penalti':22 'prevent':4 'privaci':11 'protect':28 'identifi':38 41026 false official introduced 40864 'act':6 '2007':8 'data':2 'secur':5 'person':1 'privaci':3 44106 false short 40864 'bill':3 'ident':1 'theft':2 44105 false popular reported to senate 40864 'act':6 '2007':8 'data':2 'secur':5 'person':1 'privaci':3 48875 true short action 40864 1179892800 Wed May 23 00:00:00 -0500 2007 113554 Committee on the Judiciary. Reported by Senator Leahy with amendments. With written report No. 110-70. Additional views filed. L000174 1940-03-31 12880 433 Russell Senate Office Building http://leahy.senate.gov/contact.cfm 202-224-3479 Patrick 'd':4 'vt':5 'sen':1 'leahi':3,7,9 'patrick':2,6,8 M 300065 Leahy Patrick_Leahy J. Sen. Patrick Leahy [D, VT] 6665 N00009918 10240 Democrat 202-224-4242 Roman Catholic VT Patrick Leahy 4.11764705882353 http://leahy.senate.gov/ SenatorPatrickLeahy B000944 1952-11-09 7993 713 Hart Senate Office Building http://brown.senate.gov/contact/ 202-228-6321 Sherrod 'd':4 'oh':5 'sen':1 'brown':3,7,9 'sherrod':2,6,8 M 400050 Brown Sherrod_Brown Sen. Sherrod Brown [D, OH] 5159 N00003535 13717 Democrat 202-224-2315 Lutheran OH Sherrod Brown 3.5 http://brown.senate.gov/ SherrodBrownOhio C000141 1943-10-05 3260 509 Hart Senate Office Building http://cardin.senate.gov/contact/email.cfm 202-224-1651 Benjamin 'd':4 'md':5 'sen':1 'cardin':3,7,9 'benjamin':2,6,8 M 400064 Cardin Benjamin_L._Cardin L. Sen. Benjamin Cardin [D, MD] 1500 N00001955 9595 Democrat 202-224-4524 Jewish MD Ben Benjamin Cardin 3.14705882352941 http://cardin.senate.gov/ SenatorCardin F000061 1953-03-02 3539 506 Hart Senate Office Building http://feingold.senate.gov/contact_opinion.html 202-224-2725 Russell 'd':4 'wi':5 'sen':1 'russel':2,6,8 'feingold':3,7,9 M 300042 Feingold Russell_Feingold D. Sen. Russell Feingold [D, WI] 1321 N00000036 13924 Democrat 202-224-5323 Jewish WI Russell Feingold 5.9 http://feingold.senate.gov SenRussFeingold O000167 1961-08-04 28998 Barack 'obama':2,4,6 'barack':1,3,5 M 400629 Obama Barack_Obama Barack Obama 8812 N00009638 54786 Democrat United Church of Christ Barack Obama 3.71101871101871 S000033 1941-09-08 3982 332 Dirksen Senate Office Building http://sanders.senate.gov/comments/ 202-228-0776 Bernard 'vt':5 'sen':1 'berni':8 'sander':3,7,10 'bernard':2,6,9 M 400357 Sanders Bernard_Sanders Sen. Bernard Sanders [I, VT] 1878 Bernie N00000528 9801 Independent 202-224-5141 Jewish VT Bernie Bernard Sanders 6.66666666666667 http://sanders.senate.gov/ SenatorSanders S000148 1950-11-23 15115 313 Hart Senate Office Building http://schumer.senate.gov/new_website/contact.cfm 202-228-3027 Charles 'd':4 'ny':5 'sen':1 'charl':2,6,8 'schumer':3,7,9 M 300087 Schumer Charles_Schumer E. Sen. Charles Schumer [D, NY] 7840 N00001093 20882 Democrat 202-224-6542 Jewish NY Chuck Charles Schumer 2.13592233009709 http://schumer.senate.gov/ senatorschumer S000709 1930-02-12 13850 711 Hart Senate Office Building http://specter.senate.gov/public/index.cfm?FuseAction=Contact.ContactForm 202-228-1229 Arlen 'd':4 'pa':5 'sen':1 'arlen':2,6,8 'specter':3,7,9 M 300092 Specter Arlen_Specter Sen. Arlen Specter [D, PA] 6033 N00001604 19504 Democrat 202-224-4254 Jewish PA Arlen Specter 1.82442748091603 http://specter.senate.gov/ calendar 40864 1179892800 Wed May 23 00:00:00 -0500 2007 113555 Placed on Senate Legislative Calendar under General Orders. Calendar No. 168. action 40864 1179892800 Wed May 23 00:00:00 -0500 2007 113554 Committee on the Judiciary. Reported by Senator Leahy with amendments. With written report No. 110-70. Additional views filed. action 40864 1178164800 Thu May 03 00:00:00 -0500 2007 110504 Committee on the Judiciary. Date of scheduled consideration. SD-226. 10:00 a.m. calendar 40864 1178164800 Thu May 03 00:00:00 -0500 2007 178027 Committee on the Judiciary. Ordered to be reported with amendments favorably. action 40864 1178164800 Thu May 03 00:00:00 -0500 2007 110753 Committee on the Judiciary. Ordered to be reported with amendments favorably. action 40864 1177473600 Wed Apr 25 00:00:00 -0500 2007 143310 Committee on the Judiciary. Date of scheduled consideration. SD-226. 10:00 a.m. action 40864 1170738000 Tue Feb 06 00:00:00 -0600 2007 105155 Introductory remarks on measure. (CR S1628-1629) introduced 40864 1170738000 Tue Feb 06 00:00:00 -0600 2007 92758 action 40864 1170738000 Tue Feb 06 00:00:00 -0600 2007 92759 Read twice and referred to the Committee on the Judiciary. action 40864 1170738000 Tue Feb 06 00:00:00 -0600 2007 113553 Sponsor introductory remarks on measure. (CR S1628-1629)