Also known as:
S. 495, PDPSA, National Data Law, Identity Theft bill, Personal Data Privacy and Security Act of 2007
The short title, as introduced:
Personal Data Privacy and Security Act of 2007
Official title as introduced:
A bill to prevent and mitigateentity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personallyentifiable information.
About this bill:
The U.S. Congress has been considering a national data privacy law for several years. In 2005, Senators Arlen Specter [PA] (sponsor) and co-sponsors Sen Russell D. Feingold [WI], Sen Dianne Feinstein [CA], and Sen Patrick J. Leahy introduced the Personal Data Privacy and Security Act of 2005, also known as PDPSA, the Identity Theft bill and S.1789.IS. It received much debate, but was stalled in the Senate.
This is the 2007 version, sponsored by Sen Patrick J. Leahy [VT] and introduced on Feb 6, 2007. Note: Some of the information that follows will no doubt change as the bill works its way through the legislative process.
Official summary of the bill:
Personal Data Privacy and Security Act of 2007 - Amends the federal criminal code to: (1) make fraud in connection with the unauthorized access of sensitive personallyentifiable information (in electronic or digital form) a predicate for racketeering charges; and (2) prohibit concealment of security breaches involving such information.
Directs the U.S. Sentencing Commission to review and amend its guidelines relating to fraudulent access to, or misuse of, digitized or electronic personallyentifiable information (includingentify theft).
Requires a data broker to: (1) disclose to an individual, upon request, personal electronic records pertaining to such individual maintained for disclosure to third parties; and (2) maintain procedures for correcting the accuracy of such records.
Establishes standards for developing and implementing safeguards to protect the security of sensitive personallyentifiable information. Imposes upon business entities civil penalties for violations of such standards. Requires such business entities to notify: (1) any individual whose information has been accessed or acquired; and (2) the U.S. Secret Service if the number of individuals involved exceeds 10,000.
Authorizes the Attorney General and state attorneys general to bring civil actions against business entities for violations of this Act.
Requires the Administrator of the General Services Administration (GSA), in considering contract awards totaling more than $500,000, to evaluate: (1) the data privacy and security program of a data broker; (2) program compliance; (3) the extent to which databases and systems have been compromised by security breaches; and (4) data broker responses to such breaches.
Requires federal agencies to conduct a privacy impact assessment before purchasing personallyentifiable information from a data broker.
Co-sponsors of the bill
Sen Sherrod Brown [OH]Sen Benjamin L.Cardin [MD]
Sen Russell D.Feingold [WI]
Sen BernardSanders [VT]
Sen Charles E. Schumer [NY]
Sen Arlen Specter [PA]
Copyright 2004-2008 The Data Governance Institute, LLC. All Rights Reserved The site is brought to you in partnership with the Business Intelligence Network
