Count ’em: There have been 10 pieces of data-related legislation introduced this year, and two promised. Here’s a listing:
1. Social Security Online Privacy Protection Act (H.R. 82). Prevents online services from releasing Social Security numbers or personally identifiable information derived from them.
2. Online Privacy Protection Act of 2005 (H.R. 84). Requires the Federal Trade Commission to generate rules that give individuals not covered by the Children’s Online Privacy Protection Act of 1998 more control over data collected online. Calls for notice and consent mechanisms.
3. Social Security Number Misuse Prevention Act (S. 29). Limits the use of Social Security numbers without the consumer’s consent, and establishes criminal penalties for their misuse.
4. Notification of Risk to Personal Data Act (S. 115). Requires disclosure of unauthorized data acquisition to affected consumers.
5. Privacy Act of 2005 (S. 116). Requires an individual’s consent before the sale of personal data.
6. Notification of Risk to Personal Data Act (H.R. 1069). Mandates that firms disclose unauthorized acquisition of electronic information, and to alert consumers when security has been breached.
7. Social Security Number Protection Act of 2005 (H.R.1078). Strengthens the FTC’s ability to limit the sale of Social Security numbers, except for law enforcement, public health and safety or for research that advances public knowledge.
8. Information Protection and Security Act (H.R. 1080). Gives the FTC authority over data brokers regarding data security. It offers consumers the ability to correct errors and requires sellers to verify buyers.
9. Consumer Privacy Protection Act of 2005 (H.R. 1263). Outlines policies regarding privacy; privacy policy statements; consumer opportunities to limit distribution of their information; security obligations.
10. Information Protection and Security Act (S. 500). The Senate version of H.R. 1080 (above).
11-12. Sens. Charles Schumer (D-NY) and Jon Corzine (D-NJ) plan to submit legislation. The Schumer bill would created an Office of Identity Theft within the FTC. In addition, Web sites would have to warn consumers when personal data is being sold. The bill also requires companies to demonstrate a need before collecting consumer data.
Corzine’s bill, the Identity Theft Prevention and Victim Recovery Act, would force firms to establish data security systems and have a C-level official attest to their efficacy. It would allow the filing of civil suits by consumers and state attorneys general, and would give the FTC jurisdiction over monitoring compliance.
Network
