Data Bills Pile Up in Congress

THE VERDICT ISN’T IN ON whether the wheels of legislation grind finely, but they sure do grind slowly: All the data-related bills covered earlier this year (Direct, April) are languishing in one congressional subcommittee or another, with little hope of significant action before 2006.

But congressfolk have made up for their languor by introducing several new measures between March and September. Here’s an overview of the newer proposals worth following.

1. Notification of Risk to Personal Data Act (S. 751). Requires federal agencies that are engaged in interstate commerce to disclose unauthorized acquisition of an individual’s personal information.

2. Comprehensive Identity Theft Prevention Act (S. 768). Establishes an Office of Identity Theft within the Federal Trade Commission while requiring that the FTC disseminate regulations regarding collection, maintenance, sale or transfer of personal data. It also sets information breach notification standards and prohibits unnecessary solicitation of Social Security numbers.

3. Safeguarding Americans from Exporting Identification Data Act, or the Safe-ID Act (S. 810). Regulates transmission of personally identifiable information to foreign affiliates and subcontractors.

4. Federal Agency Data-Mining Reporting Act of 2005 (S. 1169). Requires reports to Congress on use of data mining by federal agencies.

5. Personal Data Privacy and Security Act of 2005 (S. 1332). Increases punishment for identity theft and other data privacy and security violations. It also provides assistance to state and local authorities investigating crimes involving personally identifiable information. The bill limits disclosure of Social Security numbers for commercial transactions. It additionally mandates the General Services Administration to review commercial data contracts, with an eye toward information security.

6. Financial Privacy Protection Act of 2005 (S. 1594). Says financial service providers must maintain customer information security systems and notify customers of unauthorized access to personal data.

7. Safe-ID Act (H.R. 1653). Prohibits transfer of personal information to anyone outside the United States without notice and consent.

8. Consumer Data Security and Notification Act of 2005 (H.R. 3140). Expands protections for sensitive personal information. Regulates the information collection and sharing practices of unregulated information brokers, while expanding data security guidelines for consumer reporting agencies and information brokers. It also requires that these agencies notify consumers of data security breaches involving sensitive information. Financial services firms must do the same.

9. Consumer Notification and Financial Data Protection Act of 2005 (H.R. 3374. Provides for uniform and timely notice of data breaches for consumers whose sensitive financial personal information has been placed at risk.

10. Financial Data Security Act of 2005 (H.R. 3375). Amends the Fair Credit Reporting Act to include a section on data security safeguards, including notice stipulations.

11. Identity Theft Relief Act of 2005 (H.R. 3804). Amends the Internal Revenue Code to include a 100% deduction for expenses related to identity theft.