U.S. Congress - Text of H.R.1528 as Introduced in House Consumer Privacy Protection Act of 2011
The easiest way to email your members of Congress
Donate NowH.R.1528 - Consumer Privacy Protection Act of 2011
To protect and enhance consumer privacy, and for other purposes.
Loading Bill Text
Rollover any line of text to comment and/or link to it.
HR 1528 IHCommentsClose CommentsPermalink
112th CONGRESSCommentsClose CommentsPermalink
1st SessionCommentsClose CommentsPermalink
H. R. 1528CommentsClose CommentsPermalink
To protect and enhance consumer privacy, and for other purposes.CommentsClose CommentsPermalink
IN THE HOUSE OF REPRESENTATIVESCommentsClose CommentsPermalink
April 13, 2011CommentsClose CommentsPermalink
April 13, 2011CommentsClose CommentsPermalink
Mr. STEARNS (for himself, Mr. MATHESON, Mr. BILBRAY, and Mr. MANZULLO) introduced the following bill; which was referred to the Committee on Energy and CommerceCommentsClose CommentsPermalink
A BILLCommentsClose CommentsPermalink
To protect and enhance consumer privacy, and for other purposes.CommentsClose CommentsPermalink
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,CommentsClose CommentsPermalink
SECTION 1. SHORT TITLE.
This Act may be cited as the ‘Consumer Privacy Protection Act of 2011’.CommentsClose CommentsPermalink
SEC. 3. DEFINITIONS.
In this Act, the following definitions apply:CommentsClose CommentsPermalink
(1) AFFILIATE- The term ‘affiliate’ means any company that controls, is controlled by, or is under common control with another company.CommentsClose CommentsPermalink
(2) COMMISSION- The term ‘Commission’ means the Federal Trade Commission.CommentsClose CommentsPermalink
(3) CONSUMER- The term ‘consumer’ means an individual acting in the individual’s personal, family, or household capacity.CommentsClose CommentsPermalink
(4) COVERED ENTITY- (A) The term ‘covered entity’ means an entity (or an agent or affiliate of the entity) that collects (by any means, through any medium), sells, discloses for consideration, or uses personally identifiable information of more than 5,000 consumers during any consecutive 12-month period, and includes a non-profit organization, including any organization described in section 501(c) of the Internal Revenue Code of 1986 that is exempt from taxation under section 501(a) of such Code, notwithstanding the definition of the term ‘Acts to regulate commerce’ in section 4 of the Federal Trade Commission Act (
(B) Such term does not include--CommentsClose CommentsPermalink
(i) a governmental agency;CommentsClose CommentsPermalink
(ii) a provider of professional services, or any affiliate thereof, to the extent that such provider is obligated by rules of professional ethics, or by applicable law or regulation, not to voluntarily disclose confidential client information without the consent of the client; orCommentsClose CommentsPermalink
(iii) a data processing outsourcing entity.CommentsClose CommentsPermalink
(5) DATA PROCESSING OUTSOURCING ENTITY- The term ‘data processing outsourcing entity’ means, with respect to a covered entity, a non-affiliated entity that--CommentsClose CommentsPermalink
(A) provides information technology processing, Web hosting, or telecommunications services to the covered entity;CommentsClose CommentsPermalink
(B) is contractually obligated to comply with security controls specified by the covered entity; andCommentsClose CommentsPermalink
(C) has no right to use the covered entity’s personally identifiable information other than for performing data processing outsourcing services for the covered entity or as required by contract or law.CommentsClose CommentsPermalink
(6) DISPLAY- The term ‘display’ means intentionally communicating or otherwise making available (on the Internet or in any other manner) to another person.CommentsClose CommentsPermalink
(7) INFORMATION-SHARING AFFILIATE- The term ‘information-sharing affiliate’ means any affiliate that is under common control with a covered entity, or is contractually obligated to comply with the practices enumerated under the privacy policy statement of the covered entity required under section 5.CommentsClose CommentsPermalink
(8) PERSONALLY IDENTIFIABLE INFORMATION- (A) The term ‘personally identifiable information’, with respect to a covered entity means individually identifiable information relating to a living individual who can be identified from that information, and includes:CommentsClose CommentsPermalink
(i) the combination of a first name (or initial) and last name of an individual, whether given at birth or time of adoption, or resulting from a lawful change of name;CommentsClose CommentsPermalink
(ii) the postal address of a physical place of residence of such individual;CommentsClose CommentsPermalink
(iii) an e-mail address of such individual;CommentsClose CommentsPermalink
(iv) a telephone number or mobile device number dedicated to contacting such individual at any place other than the individual’s place of work;CommentsClose CommentsPermalink
(v) a social security number or other Federal or State government issued identification number issued to such individual; orCommentsClose CommentsPermalink
(vi) the complete account number of a credit or debit card issued to such individual.CommentsClose CommentsPermalink
(B) Such term also includes, when disclosed in connection with one or more of the items of information described in subparagraph (A)--CommentsClose CommentsPermalink
(i) a birth date, the number of a certificate of birth or adoption, or a place of birth; orCommentsClose CommentsPermalink
(ii) an electronic address, including an IP address.CommentsClose CommentsPermalink
(C) Such term does not include--CommentsClose CommentsPermalink
(i) anonymous or aggregate data, or any other information that does not identify a unique living individual;CommentsClose CommentsPermalink
(ii) information about a consumer inferred from data maintained about a consumer; orCommentsClose CommentsPermalink
(iii) information about a consumer that is publicly available or obtained from a public record.CommentsClose CommentsPermalink
(9) PROCESS- The term ‘process’, with respect to personally identifiable information, means any value-added activity performed on data by automated means.CommentsClose CommentsPermalink
(10) PUBLICLY AVAILABLE- The term ‘publicly available’, with respect to information, means information that is lawfully made available to the general public.CommentsClose CommentsPermalink
(11) PUBLIC RECORD- The term ‘public record’ means any item, collection, or grouping of information about an individual that is maintained by a Federal, State, or local government entity and that is made available to the public.CommentsClose CommentsPermalink
(12) PURCHASE- The term ‘purchase’ means providing, directly or indirectly, anything of value in exchange for a good or service.CommentsClose CommentsPermalink
(13) STATE- The term ‘State’ includes the several States, the District of Columbia, the Commonwealth of Puerto Rico, the Commonwealth of the Northern Mariana Islands, American Samoa, Guam, the Virgin Islands, the Freely Associated States, and any other territory or possession of the United States.CommentsClose CommentsPermalink
(14) TRANSACTION- The term ‘transaction’ means an interaction between a consumer and a covered entity resulting in--CommentsClose CommentsPermalink
(A) any use of information that is necessary to complete the interaction in the course of which information is collected, or to maintain the provisioning of a good or service requested by the consumer, including use--CommentsClose CommentsPermalink
(i) to approve, guarantee, process, administer, complete, enforce, provide, or market a product, service, account, benefit, transaction, or payment method that is requested or approved by the consumer;CommentsClose CommentsPermalink
(ii) to deliver goods, services, funds, or other consideration to, or on behalf of, the consumer;CommentsClose CommentsPermalink
(iii) to protect the health and safety of the consumer; andCommentsClose CommentsPermalink
(iv) related to website analytics methods or measurements for improving or enhancing products or services.CommentsClose CommentsPermalink
(B) any disclosure of information that is necessary for the consumer to enforce any right of the consumer;CommentsClose CommentsPermalink
(C) any disclosure of information that is required by law or by a court order;CommentsClose CommentsPermalink
(D) any use of information to verify personally identifiable information by the consumer, evaluate, detect, or reduce the risk of fraud or other criminal activity, or other risk-management activities; andCommentsClose CommentsPermalink
(E) the collection or use of personally identifiable information for the marketing or advertising of a covered entity’s products or services to its own customers or potential customers.CommentsClose CommentsPermalink
SEC. 4. PRIVACY NOTICES TO CONSUMERS.
(a) Notice Required- A covered entity shall provide to a consumer a notice containing the information required under subsection (b) as follows:CommentsClose CommentsPermalink
(1) The covered entity shall provide the notice before any personally identifiable information that is collected from a consumer is used by the covered entity for a purpose unrelated to a transaction.CommentsClose CommentsPermalink
(2) Upon a material change in the covered entity’s privacy policy under section 5(a), the covered entity shall provide the notice, not later than the first time after such change in policy that the covered entity seeks to sell, disclose for consideration, or use personally identifiable information to the extent practicable, to each consumer from whom the covered entity has collected such information.CommentsClose CommentsPermalink
(b) Form and Contents of Notice- A notice required under subsection (a) shall be provided in a clear and conspicuous manner, be prominently displayed or explicitly stated to the consumer, and contain the following information:CommentsClose CommentsPermalink
(1) A statement that the personally identifiable information collected by the covered entity may be used or disclosed for purposes or transactions unrelated to that for which it was collected, as described in the covered entity’s privacy statement.CommentsClose CommentsPermalink
(2) A description, appropriate to the applicable medium, of the manner in which the consumer may obtain a privacy policy statement that meets the requirements of section 5, which may include providing the consumer with an Internet website, a hyperlink to such a website, or a toll-free telephone number from which such a statement may be obtained. If the notice required under subsection (a) is provided to the consumer by means of an Internet website, one manner in which the consumer may obtain the privacy policy statement must be by means of an Internet website.CommentsClose CommentsPermalink
(3) If the notice is required under subsection (a)(2), a statement that there has been a material change in the covered entity’s privacy policy.CommentsClose CommentsPermalink
SEC. 5. PRIVACY POLICY STATEMENTS.
(a) Privacy Policy- A covered entity shall establish a privacy policy with respect to the collection, sale, disclosure for consideration, dissemination, use, and security of the personally identifiable information of consumers, the principal elements of which shall be embodied in a privacy policy statement (or statements) that meets the requirements of subsection (b).CommentsClose CommentsPermalink
(b) Statement- The statement (or statements) required under subsection (a) shall meet the following requirements:CommentsClose CommentsPermalink
(1) The statement must be brief, concise, clear, and conspicuous and written in plain language.CommentsClose CommentsPermalink
(2) The statement must be available to all consumers of the covered entity (regardless of the means by which a consumer conducts a transaction with the covered entity)--CommentsClose CommentsPermalink
(A) at no charge to the consumer; andCommentsClose CommentsPermalink
(B) at the time the covered entity first collects personally identifiable information about the consumer that may be used for a purpose unrelated to a transaction with the consumer and subsequently.CommentsClose CommentsPermalink
(3) The statement must disclose only the following:CommentsClose CommentsPermalink
(A) The identity of each covered entity, or a description of each class or type of covered entity, that may collect or use the information.CommentsClose CommentsPermalink
(B) The types of information that may be collected or used.CommentsClose CommentsPermalink
(C) How the information may be used.CommentsClose CommentsPermalink
(D) Whether the consumer is required to provide the information in order to do business with the covered entity.CommentsClose CommentsPermalink
(E) The extent to which the information is subject to sale or disclosure for consideration to a covered entity that is not an information-sharing affiliate of the covered entity providing the statement, including--CommentsClose CommentsPermalink
(i) a clear and prominent statement of the fact that the information is subject to such sale or disclosure for consideration;CommentsClose CommentsPermalink
(ii) a description of each class or type of covered entity to which the information may be sold or disclosed for consideration;CommentsClose CommentsPermalink
(iii) to the extent practicable, the purpose for which the information may be used; andCommentsClose CommentsPermalink
(iv) the types of information that may be sold or disclosed for consideration.CommentsClose CommentsPermalink
(F) Whether the information security practices of the covered entity meet the security requirements of section 8 in order to prevent unauthorized disclosure or release of personally identifiable information.CommentsClose CommentsPermalink
(c) Commission Facilitation- The Commission may take actions (including conducting industry-wide workshops) to facilitate the development of harmonized, universal wording or logo-based graphics in order to convey the contents of privacy policy statements required under this section.CommentsClose CommentsPermalink
SEC. 6. CONSUMER OPPORTUNITY TO LIMIT SALE OR DISCLOSURE OF INFORMATION.
(a) Preclusion of Sale or Disclosure-CommentsClose CommentsPermalink
(1) REQUIREMENT- A covered entity shall provide to the consumer, without charge, the opportunity to preclude any sale or disclosure for consideration of the consumer’s personally identifiable information, provided in a particular data collection, that may be used for a purpose other than a transaction with the consumer, to any covered entity that is not an information-sharing affiliate of the covered entity providing such opportunity.CommentsClose CommentsPermalink
(2) DURATION- A preclusion on sale or disclosure for consideration of information established by a consumer under this subsection shall remain in effect for 5 years or until the consumer indicates otherwise, whichever occurs sooner. A covered entity may not seek reconsideration of a consumer’s preclusion of such sale or disclosure until at least 1 year after such preclusion has been imposed by the consumer.CommentsClose CommentsPermalink
(b) Permission for Sale or Disclosure- A covered entity may provide the consumer an opportunity to permit the sale or disclosure described in subsection (a)(1) in exchange for a benefit to the consumer.CommentsClose CommentsPermalink
(c) Accessibility- The opportunity to preclude (or if offered, to permit) the sale or disclosure for consideration of information under this section must be both easy to access and use, and the notice of the opportunity to preclude must be clear and conspicuous.CommentsClose CommentsPermalink
SEC. 7. CONSUMER OPPORTUNITY TO LIMIT OTHER INFORMATION PRACTICES.
If a covered entity provides to a consumer the opportunity to limit other practices of the covered entity with respect to a particular collection or use of personally identifiable information regarding the consumer, other than that required by section 6--CommentsClose CommentsPermalink
(1) a notice and description of such opportunity must appear in the privacy statement;CommentsClose CommentsPermalink
(2) such opportunity must be easy to access and to use; andCommentsClose CommentsPermalink
(3) any limitation exercised by the consumer pursuant to such opportunity shall remain in effect, unless--CommentsClose CommentsPermalink
(A) the limitation is withdrawn by the consumer; orCommentsClose CommentsPermalink
(B) the covered entity provides the consumer at least 30 days notice before materially changing the limitation or terminating its compliance with the limitation.CommentsClose CommentsPermalink
SEC. 8. INFORMATION SECURITY OBLIGATIONS.
(a) Implementation- A covered entity shall prepare, revise as necessary, and implement an information security policy that is applicable to the information security practices and treatment of personally identifiable information maintained by the covered entity, that is designed to prevent the unauthorized disclosure or release of such information.CommentsClose CommentsPermalink
(b) Management Approval- An information security policy created pursuant to paragraph (1) shall be considered and approved by the senior management officials of the covered entity.CommentsClose CommentsPermalink
(c) Contents- An information security policy required under paragraph (1) shall include--CommentsClose CommentsPermalink
(1) a process for taking corrective action to prevent or mitigate unauthorized disclosure of information; andCommentsClose CommentsPermalink
(2) identifying an officer of the covered entity as the point of contact with responsibility for information security issues for the covered entity.CommentsClose CommentsPermalink
SEC. 9. SELF-REGULATORY PROGRAMS.
(a) Self-Regulatory Program-CommentsClose CommentsPermalink
(1) PRESUMPTION OF COMPLIANCE- The Commission shall presume that a covered entity is in compliance with the provisions of sections 4 through 8 if that covered entity--CommentsClose CommentsPermalink
(A) participates in a self-regulatory program approved under subsection (b); andCommentsClose CommentsPermalink
(B) is subject to enforcement under a self-regulatory program’s guidelines, procedures, requirements, and restrictions (including a remedial process under subsection (c)(7)).CommentsClose CommentsPermalink
(2) EFFECT OF WILLFUL NONCOMPLIANCE- A covered entity that participates in a self-regulatory program under this section shall not be liable for a civil penalty arising out of a violation of any provision of sections 4 through 8 unless such violation results from willful noncompliance with the guidelines, procedures, requirements, or restrictions of the program.CommentsClose CommentsPermalink
(b) Approval by Commission-CommentsClose CommentsPermalink
(1) APPROVAL- The Commission shall, within 90 days after submission of an application for approval of a self-regulatory program under this section (or of a material change in a program previously approved by the Commission), approve such program (or change) if the Commission finds that the program (or change) complies with the requirements of subsection (c).CommentsClose CommentsPermalink
(2) FORM OF APPLICATION- The Commission shall accept an application for approval under paragraph (1) in any reasonable form the applicant may submit.CommentsClose CommentsPermalink
(3) DURATION UNTIL RENEWAL- A self-regulatory program approved by the Commission under paragraph (1) shall be approved for a period of 5 years.CommentsClose CommentsPermalink
(4) REVOCATION OF APPROVAL- The Commission may, after notice and opportunity for a hearing, revoke approval granted under paragraph (1), if the Commission finds that a self-regulatory program fails to meet the requirements of subsection (c).CommentsClose CommentsPermalink
(5) JUDICIAL REVIEW- Any order by the Commission denying approval of a self-regulatory program shall be subject to judicial review, as provided in
(c) Requirements of Self-Regulatory Program- A self-regulatory program complies with the requirements of this subsection if the program provides each of the following:CommentsClose CommentsPermalink
(1) Guidelines and procedures requiring a program participant to provide substantially equivalent or greater protections for consumers and their personally identifiable information as are provided under sections 4 through 8.CommentsClose CommentsPermalink
(2) Procedures and requirements to provide for--CommentsClose CommentsPermalink
(A) an initial review of a participant’s privacy statement and privacy policy, and subsequent review whenever such statement or policy is substantively changed;CommentsClose CommentsPermalink
(B) a participant’s self-review and self-certification of its privacy policy and practices to ensure compliance with the guidelines, procedures, requirements, and restrictions of the program established under this subsection;CommentsClose CommentsPermalink
(C) a participant’s subsequent periodic self-reviews and self-certifications, which shall occur at least annually, of the its privacy policy and practices to ensure continued compliance with such guidelines, procedures, requirements, and restrictions;CommentsClose CommentsPermalink
(D) submission of self-reviews and self-certifications under this paragraph to any administrator of the program; andCommentsClose CommentsPermalink
(E) random review of participants, which may concentrate on selected compliance issues, if the self-regulatory program conducts--CommentsClose CommentsPermalink
(i) random compliance tests with respect to each participant not less frequently than every 3 years;CommentsClose CommentsPermalink
(ii) a full compliance test of a particular participant in any case where non-compliance with any of the selected compliance issues has been identified; andCommentsClose CommentsPermalink
(iii) full compliance tests of participants with a high number of complaints against them.CommentsClose CommentsPermalink
(3) Procedures and requirements that ensure that a program participant provides a process for resolving disputes with consumers relating to the privacy policy and practices of the participant. Such dispute resolution process--CommentsClose CommentsPermalink
(A) must be available without charge to a consumer;CommentsClose CommentsPermalink
(B) must be available at a cost to the participant that is reasonable and does not discourage participation by the participant in such process;CommentsClose CommentsPermalink
(C) must ensure that consumers are informed of how to utilize the process;CommentsClose CommentsPermalink
(D) may include, as one choice among others, binding arbitration; andCommentsClose CommentsPermalink
(E)(i) must be completed within 60 days after submission of the dispute by the consumer; orCommentsClose CommentsPermalink
(ii) must be completed within 90 days after submission of the dispute by the consumer, if the participant--CommentsClose CommentsPermalink
(I) determines that additional time is required to obtain information to make an informed decision with respect to the dispute; andCommentsClose CommentsPermalink
(II) notifies the consumer and the self-regulatory program that such additional time is required.CommentsClose CommentsPermalink
(4) Provisions for the use by participants in the program of a means (including the use of a seal) to represent the participant’s participation in the program.CommentsClose CommentsPermalink
(5) With respect to any nonvoluntary suspension or termination of participation in the program because of the participant’s failure to comply with the program, procedures or requirements to provide for the following:CommentsClose CommentsPermalink
(A) Publication of notice and the reasons for any such suspension or termination, except that no personally identifiable information related to such suspension or termination may be published.CommentsClose CommentsPermalink
(B) Notice to the Commission of any such termination.CommentsClose CommentsPermalink
(6) Requirements and restrictions that assure independence with respect to program eligibility, compliance, and dispute resolution mechanisms and decisions from improper interference by management or ownership of the self-regulatory program participant.CommentsClose CommentsPermalink
(7) A process for a noncompliant participant to take timely remedial action in order to come back into compliance with the program before suspension or termination of participation in the program.CommentsClose CommentsPermalink
(d) Consumer Dispute Resolution-CommentsClose CommentsPermalink
(1) SELF-REGULATORY DISPUTE PROCESS- If a consumer has a dispute with a participant in a self-regulatory program under this section or under section 5 of the Federal Trade Commission Act (
(2) RESOLUTION BY COMMISSION- A consumer may submit to the Commission for resolution a dispute with a participant in a self-regulatory program under this section, if the following requirements are met:CommentsClose CommentsPermalink
(A) The dispute was initially submitted under paragraph (1) for resolution through the participant’s dispute resolution process.CommentsClose CommentsPermalink
(B) The dispute submitted under paragraph (1) is not resolved--CommentsClose CommentsPermalink
(i) within 60 days after submission of the dispute by the consumer; orCommentsClose CommentsPermalink
(ii) to the satisfaction of the consumer.CommentsClose CommentsPermalink
(C) Notice of the facts of the dispute is submitted to the Commission not later than 30 days after the date on which the consumer is notified of the resolution through the participant’s dispute resolution process.CommentsClose CommentsPermalink
(D) The consumer has not voluntarily accepted a resolution of the dispute under paragraph (1).CommentsClose CommentsPermalink
(E) The dispute was not resolved through binding arbitration.CommentsClose CommentsPermalink
(3) LIMITATION- Nothing in this Act shall prevent the Commission from investigating compliance with this Act by a participant in a self-regulatory covered entity based upon a complaint from an individual or covered entity other than a consumer with a dispute with such participant, or on its own initiative, except that prior to instituting any such investigation the Commission shall afford the self-regulatory covered entity a reasonable opportunity to invoke its own remedial procedures and assure compliance by the participant.CommentsClose CommentsPermalink
(4) CLEAR AND CONVINCING EVIDENCE- The presumption established by paragraph (1) of subsection (a) may be overcome by clear and convincing evidence of non-compliance.CommentsClose CommentsPermalink
(e) Nonrelease of Certain Information- The Commission may not compel a participant in a self-regulatory program approved under subsection (b) (or an administrator of such a program) to provide proprietary information or personally identifiable information of consumers to the Commission unless the Commission provides assurances that such information will not be released to the public.CommentsClose CommentsPermalink
(f) Misrepresentation of Self-Regulatory Program Participation- It is unlawful for a covered entity to misrepresent that it is a participant in a self-regulatory program (including through any mechanism provided under subsection (c)(4)) when such covered entity is not, in fact, such a participant.CommentsClose CommentsPermalink
(g) Exempted Entity Participation- An entity that is not a covered entity and that voluntarily participates in a self-regulatory program under this section shall enjoy the rights and benefits provided under this section in any action or investigation under section 5 of the Federal Trade Commission Act (
SEC. 10. ENFORCEMENT.
(a) Unfair or Deceptive Act or Practice- A violation of any provision of this Act by a covered entity is an unfair or deceptive act or practice unlawful under section 5(a)(1) of the Federal Trade Commission Act (
(b) Guidelines and Opinions- In order to assist in compliance with this Act, the Federal Trade Commission may promulgate regulations and interpretive rules under section 18 of the Federal Trade Commission Act (
SEC. 11. NO PRIVATE RIGHT OF ACTION.
This Act may not be considered or construed to provide any private right of action. No private civil action relating to any act or practice governed under this Act may be commenced or maintained in any State court or under State law (including a pendent State claim to an action under Federal law).CommentsClose CommentsPermalink
SEC. 12. EFFECT ON OTHER LAWS.
(a) Qualified Exemption for Compliance With Other Federal Privacy Laws- To the extent that personally identifiable information protected under this Act is also protected under a provision of Federal privacy law described in subsection (c), a covered entity that complies with the relevant provision of such other Federal privacy law shall be deemed to have complied with the corresponding provision of this Act.CommentsClose CommentsPermalink
(b) Protection of Other Federal Privacy Laws- Nothing in this Act may be construed to modify, limit, supersede, or interfere with the operation of the Federal privacy laws described in subsection (c) or the provision of information permitted or required, expressly or by implication, by such laws, with respect to Federal rights and practices.CommentsClose CommentsPermalink
(c) Other Federal Privacy Laws Described- The provisions of law to which subsections (a) and (b) apply are the following:CommentsClose CommentsPermalink
(1)
(2) The Right to Financial Privacy Act of 1978 (
(3) The Fair Credit Reporting Act (
(4) The Fair Debt Collection Practices Act (
(5) The Children’s Online Privacy Protection Act of 1998 (
(6) Title V of the Gramm-Leach-Bliley Act of 1999 (
(7) The Electronic Communications Privacy Act of 1986 (
(8) The Driver’s Privacy Protection Act of 1994 (
(9) The Family Educational Rights and Privacy Act of 1974 (
(10) Section 445 of the General Education Provisions Act (
(11) The Privacy Protection Act of 1980 (
(12) Section 222 of the Communications Act of 1934 (
(13) The Cable Communications Policy Act of 1984 (
(14) The Communications Assistance for Law Enforcement Act (
(15) The Video Privacy Protection Act of 1988 (
(16) The Telephone Consumer Protection Act of 1991 (
(17) The Health Insurance Portability and Accountability Act of 1996 (
(18) The CAN-SPAM Act of 2003 (
(d) Preemption of State Privacy Laws- This Act preempts any statutory law, common law, rule, or regulation of a State, or a political subdivision of a State, to the extent such law, rule, or regulation relates to or affects the collection, use, sale, disclosure, retention, or dissemination of personally identifiable information in commerce. No State, or political subdivision of a State, may take any action to enforce this Act.CommentsClose CommentsPermalink
SEC. 13. EFFECTIVE DATE.
This Act shall apply with respect to personally identifiable information collected on or after the date that is 1 year after the date of enactment of this Act.CommentsClose CommentsPermalink
Vote on This Bill
-
Share This Bill
More Share via Email
