skip to main content

H.R. 611 (112th): BEST PRACTICES Act

We don’t have a summary available yet.

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.

2/10/2011--Introduced. Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act or the BEST PRACTICES Act - Defines "covered entity" as a person engaged in interstate commerce that collects or stores data containing covered or sensitive information (information), excluding: (1) governments; or (2) any person that stores covered information from or about fewer than 15,000 individuals, collects covered information from or about fewer than 10,000 individuals during any 12-month period, does not collect or store sensitive information, and does not use covered information to monitor or analyze the behavior of individuals as the person's primary business.

Requires a covered entity to make available to individuals whose information it collects or maintains information about its information privacy practices and an individual's options with regard to such practices, including: (1) the covered entity's identity; (2) a description of, the purposes for, and potential disclosure of such information; and (3) the individual's means to access the information, limit its collection, use, and disclosure, and submit inquiries or complaints regarding the covered entity's practices.

Prohibits a covered entity from: (1) collecting, using, or disclosing information unless it provides the information in concise and easy-to-understand notices in accordance with regulations issued by the Federal Trade Commission (FTC) (excludes trade secrets and in-person transactions from such notice requirements); (2) collecting or using information about an individual without the individual's consent (which may be granted affirmatively or by not declining consent after appropriate notification); and (3) disclosing information about an individual to a third party unless the covered entity has received affirmative consent from the individual prior to the disclosure.

Requires a covered entity to assure information accuracy, including by providing an individual with information access and dispute resolution procedures.

Requires each covered entity and service provider to ensure information security, integrity, and confidentiality.

Exempts a covered entity that participates in one or more FTC-approved self-regulatory programs (Choice Program) from: (1) the requirements for express affirmative consent required for information use pursuant to a Choice Program; (2) the requirement of access to information; and (3) private right of action liability.

Provides and specifies the conditions for FTC, state, and private rights of enforcement.