H.R. 3997 (109th): Data Accountability and Trust Act (DATA)

Oct 06, 2005 (109th Congress, 2005–2006)
Died (Reported by Committee) in a previous session of Congress
See Instead:

H.R. 4127 (same title)
Reported by Committee — Mar 29, 2006

This bill was introduced on March 16, 2006, in a previous session of Congress, but was not enacted.

Oct 06, 2005
Reported by Committee
Mar 16, 2006
Steven LaTourette
Representative for Ohio's 14th congressional district
Read Text »
Last Updated
Jun 02, 2006
108 pages
Related Bills
S. 2169 (identical)

Referred to Committee
Last Action: Dec 21, 2005

H.R. 4127 (Related)
Data Accountability and Trust Act (DATA)

Reported by Committee
Last Action: Mar 29, 2006

Full Title

To amend the Fair Credit Reporting Act to provide for secure financial data, and for other purposes.


No summaries available.

24 cosponsors (17R, 7D) (show)

House Energy and Commerce

House Financial Services

The committee chair determines whether a bill will move past the committee stage.

Primary Source

THOMAS.gov (The Library of Congress)

GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here. Data comes via the congress project.


Get a bill status widget for your website »


Click a format for a citation suggestion:


H.R. stands for House of Representatives bill.

A bill must be passed by both the House and Senate in identical form and then be signed by the president to become law.

The bill’s title was written by its sponsor.

GovTrack’s Bill Summary

We don’t have a summary available yet.

Library of Congress Summary

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.

6/2/2006--Reported to House amended, Part II.
Data Accountability and Trust Act (DATA) -
Section2 -
Requires the Federal Trade Commission ( FTC) to promulgate regulations that require each person engaged in interstate commerce that owns or possesses data in electronic form containing personal information to establish policies and procedures regarding security practices for the treatment and protection of such information.
Directs the FTC to study the practicality of requiring a standard method or methods for destroying obsolete paper documents and other nonelectronic data containing personal information. Authorizes the FTC to require such a standard method or methods if the study makes certain findings.
Requires information brokers to submit their security policies to the FTC in conjunction with a notification of a breach of security or upon FTC request. Requires the FTC to conduct or require an audit of security practices when information brokers are required to provide notification of such a breach. Authorizes additional audits for five years following such breach.
Requires each information broker to: (1) establish procedures to verify the accuracy of the certain information it collects or maintains that identifies individuals, other than merely by name or address; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information.
Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information.
Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).
Section3 -
Prescribes procedures for notification to the FTC and affected individuals of breaches of information security. Sets forth special notification requirements for breaches: (1) by third party entities that have been contracted to maintain or process data in electronic form containing personal information; (2) by telecommunications carriers, cable operators, information services, and interactive computer services; and (3) of health information.
Directs the FTC to: (1) establish criteria for determining circumstances under which substitute notification may be provided; and (2) study the practicality and cost-effectiveness of requiring notification in a language in addition to English for those who speak only such other language.
Section4 -
Grants the FTC enforcement powers equivalent to those it exercises with respect to unfair and deceptive acts or practices. Authorizes enforcement by a state attorney general if there is reason to believe that interests of the state's residents have been or are threatened or adversely affected by violators of this Act. Sets forth civil penalties.
Section6 -
Preempts state information security laws.
Section7 -
Authorizes appropriations for FY2006-FY2011.

House Republican Conference Summary

The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.

No summary available.

House Democratic Caucus Summary

The House Democratic Caucus does not provide summaries of bills.

So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.

We’ll be looking for a source of summaries from the other side in the meanwhile.

Use the comment space below for discussion of the merits of H.R. 3997 (109th) with other GovTrack users.
Your comments are not read by Congressional staff.

comments powered by Disqus