GovTrack’s Bill Summary
We don’t have a summary available yet.
Library of Congress Summary
The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.
Requires any commercial entity or charitable, educational, or nonprofit organization that acquires, maintains, or uses sensitive personal information (covered entity) to develop, implement, maintain, and enforce a written program, containing administrative, technical, and physical safeguards, for the security of sensitive personal information it collects, maintains, sells, transfers, or disposes of.
Defines "sensitive personal information" as an individual's name, address, or telephone number combined with at least one of the following relating to that individual:
(1) the social security number or numbers derived from that number;
(2) financial account or credit or debit card numbers combined with codes or passwords that permit account access, subject to exception; or
(3) a state driver's license or resident identification number.
Requires a covered entity: (1) to report a security breach to the Federal Trade Commission (FTC); (2) if the entity determines that the breach creates a reasonable risk of identity theft, to notify each affected individual; and (3) if the breach involves 1,000 or more individuals, to notify all consumer reporting agencies specified in the Fair Credit Reporting Act.
Authorizes a consumer to place a security freeze on his or her credit report by making a request to a consumer credit reporting agency.
Prohibits a reporting agency, when a freeze is in effect, from releasing the consumer's report for credit review purposes without the consumer's prior express authorization.
Provides for freeze removal and suspension, limits related fees, and sets forth other security freeze requirements.
Exempts from certain provisions of this Act:
(1) a consumer credit reporting agency that acts only as a reseller of credit information and does not maintain a permanent database of credit information;
(2) check services or fraud prevention services companies; and
(3) deposit account information service companies.
Requires: (1) the establishment of the Information Security and Consumer Privacy Advisory Committee; and (2) a related crime study and report, including regarding the correlation between methamphetamine use and identity theft crimes.
Treats any violation of this Act as an unfair or deceptive act or practice under the Federal Trade Commission Act. Requires enforcement under other specified laws. Allows enforcement by state attorneys general. Preempts state laws requiring notification of affected individuals of security breaches. Preempts state laws relating to the use of social security numbers.
Prohibits, subject to exception, a covered entity from soliciting a social security number from an individual unless there is a specific use of that number for which no other identifier can reasonably be used.
Prohibits the display of social security numbers on identification cards commonly provided to employees, faculty, staff, or students and on state driver's licenses.
Amends title II (Old Age, Survivors and Disability Insurance) (OASDI) of the Social Security Act to prohibit federal, state, and political subdivision governmental entities and their agents from using prisoners in a way that would allow the prisoners access to other individuals' social security numbers.
Makes it unlawful to sell, purchase, provide, or display a social security number to the general public or to obtain or use any individual's social security number for the purpose of locating or identifying the individual with the intent to physically injure or harm the individual or for the purpose of using the individual's identity for any illegal purpose, subject to exceptions, including sales or displays of such numbers for the purposes of national security, public health or safety, and locating abducted children.
Requires each U.S. agency to: (1) develop, implement, maintain, and enforce a written program for the security of sensitive personal information the agency collects, maintains, sells, transfers, or disposes of; (2) use due diligence to investigate any suspected breach of security affecting sensitive personal information; and (3) notify each affected individual after a breach.
House Republican Conference Summary
The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.
No summary available.
House Democratic Caucus Summary
The House Democratic Caucus does not provide summaries of bills.
So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.
We’ll be looking for a source of summaries from the other side in the meanwhile.