Specter - Leahy Identity Theft - Privacy Bill
Senator Arlen Specter (Republican - Pennsylvania) and Senator Patrick Leahy (Democrat - Vermont) have jointly introduced an identity theft / privacy bill. (S. 1332).
The bill, titled the “Personal Data Privacy and Security Act of 2005,” is described as designed “to prevent and mitigate identity theft; to ensure privacy; and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
The bill is 91 pages long, and contains a number of provisions.
Among the provisions:
• Intentionally concealing a security breach could result in 5 years in prison.
• Data Brokers must disclose to individuals all records pertaining to that individual.
• Data brokers must correct inaccuracies.
• Data brokers who intentionally violate the law could face fines of $15,000 per day.
• Any business collecting, using, storing or accessing personal information on more than 10,000 people must implement a comprehensive personal data privacy and security program, that administrative, technical and physical safeguards appropriate to its size and complexity.
• The safeguards would have to ensure the privacy, security, and confidentiality of personal electronic records, protect against any anticipated vulnerabilities, and protect against unauthorized access.
• Businesses would have conduct risk assessment and risk management, employee training and vulnerability training.
• Businesses would have to exercise due diligence when working with third parties not subject to the Specter – Leahy law.
• Businesses would have keep up with changes in technology, internal and external threats, its changing business, and make adjustments accordingly.
• Violations of the above could result in fines of $35,000 per day.
• Businesses storing, collecting, using or accessing personal information would have to notify individuals in the event of a security breach involving sensitive personal information, as well as each consumer reporting agency and the federal agencies.
• Businesses would also have to provide to individuals 1 year of monthly access to their credit report and 1 year of credit-monitoring services.
• Failure to follow the above could result in fines of $55,000 per day.
The bill also contains limits of the use of Social Security Numbers and government access to commercial databases.
The bill, titled the “Personal Data Privacy and Security Act of 2005,” is described as designed “to prevent and mitigate identity theft; to ensure privacy; and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
The bill is 91 pages long, and contains a number of provisions.
Among the provisions:
• Intentionally concealing a security breach could result in 5 years in prison.
• Data Brokers must disclose to individuals all records pertaining to that individual.
• Data brokers must correct inaccuracies.
• Data brokers who intentionally violate the law could face fines of $15,000 per day.
• Any business collecting, using, storing or accessing personal information on more than 10,000 people must implement a comprehensive personal data privacy and security program, that administrative, technical and physical safeguards appropriate to its size and complexity.
• The safeguards would have to ensure the privacy, security, and confidentiality of personal electronic records, protect against any anticipated vulnerabilities, and protect against unauthorized access.
• Businesses would have conduct risk assessment and risk management, employee training and vulnerability training.
• Businesses would have to exercise due diligence when working with third parties not subject to the Specter – Leahy law.
• Businesses would have keep up with changes in technology, internal and external threats, its changing business, and make adjustments accordingly.
• Violations of the above could result in fines of $35,000 per day.
• Businesses storing, collecting, using or accessing personal information would have to notify individuals in the event of a security breach involving sensitive personal information, as well as each consumer reporting agency and the federal agencies.
• Businesses would also have to provide to individuals 1 year of monthly access to their credit report and 1 year of credit-monitoring services.
• Failure to follow the above could result in fines of $55,000 per day.
The bill also contains limits of the use of Social Security Numbers and government access to commercial databases.
posted by - at 7:34 AM
0 Comments:
Post a Comment
<< Home