Tuesday, August 02, 2005

Specter - Leahy Identity Theft - Privacy Bill

Senator Arlen Specter (Republican - Pennsylvania) and Senator Patrick Leahy (Democrat - Vermont) have jointly introduced an identity theft / privacy bill. (S. 1332).

The bill, titled the “Personal Data Privacy and Security Act of 2005,” is described as designed “to prevent and mitigate identity theft; to ensure privacy; and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

The bill is 91 pages long, and contains a number of provisions.

Among the provisions:

• Intentionally concealing a security breach could result in 5 years in prison.

• Data Brokers must disclose to individuals all records pertaining to that individual.

• Data brokers must correct inaccuracies.

• Data brokers who intentionally violate the law could face fines of $15,000 per day.

• Any business collecting, using, storing or accessing personal information on more than 10,000 people must implement a comprehensive personal data privacy and security program, that administrative, technical and physical safeguards appropriate to its size and complexity.

• The safeguards would have to ensure the privacy, security, and confidentiality of personal electronic records, protect against any anticipated vulnerabilities, and protect against unauthorized access.

• Businesses would have conduct risk assessment and risk management, employee training and vulnerability training.

• Businesses would have to exercise due diligence when working with third parties not subject to the Specter – Leahy law.

• Businesses would have keep up with changes in technology, internal and external threats, its changing business, and make adjustments accordingly.

• Violations of the above could result in fines of $35,000 per day.

• Businesses storing, collecting, using or accessing personal information would have to notify individuals in the event of a security breach involving sensitive personal information, as well as each consumer reporting agency and the federal agencies.

• Businesses would also have to provide to individuals 1 year of monthly access to their credit report and 1 year of credit-monitoring services.

• Failure to follow the above could result in fines of $55,000 per day.

The bill also contains limits of the use of Social Security Numbers and government access to commercial databases.

1 Comments:

Blogger credit6sec said...

interesting suff!
Visit my site too, relating to credit debt counseling site. It deals with credit debt counseling and other related stuff.

1:05 PM  

Post a Comment

<< Home