S. 1490 would prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
Detailed Summary
Personal Data Privacy and Security Act of 2009 - Amends the federal criminal code to: (1) make fraud in connection with the unauthorized access of sensitive personally identifiable information (in electronic or digital form) a predicate for racketeering charges; and (2) prohibit concealment of security breaches involving such information.
Directs the U.S. Sentencing Commission to review and amend its guidelines relating to fraudulent access to, or misuse of, digitized or electronic personally identifiable information (including identify theft).
Amends the federal bankruptcy code to: (1) define "identify theft" and "identify theft victim" for bankruptcy purposes; and (2) prohibit the dismissal or conversion of a Chapter 7 bankruptcy case if the debtor is an identity theft victim.
Requires a data broker to: (1) disclose to an individual, upon request, personal electronic records pertaining to such individual maintained for disclosure to third parties; (2) disclose adverse actions by third parties against an individual; and (3) maintain procedures for correcting inaccuracies and incompleteness in such records.
Establishes standards for developing and implementing safeguards to protect the security of sensitive personally identifiable information. Imposes upon business entities civil penalties for violations of such standards. Requires such business entities to notify: (1) any individual whose information has been accessed or acquired; (2) all nationwide consumer reporting agencies if an entity is required to notify more than 5,000 such individuals; and (3) the U.S. Secret Service if the number of individuals involved exceeds 10,000.
Authorizes the Attorney General and state attorneys general to bring civil actions against business entities for violations of this Act.
Establishes in the Federal Trade Commission (FTC) an Office of Federal Identity Protection.
Requires the Administrator of the General Services Administration (GSA), in considering contract awards totaling more than $500,000, to evaluate: (1) the data privacy and security program of a data broker; (2) program compliance; (3) the extent to which databases and systems have been compromised by security breaches; and (4) data broker responses to such breaches.
Requires federal agencies to conduct a privacy impact assessment before purchasing personally identifiable information from a data broker. Requires the Department of Justice to designate a department-wide Chief Privacy Officer.
Status of the Legislation
Latest Major Action: 11/5/2009: Senate committee/subcommittee actions. Status: Committee on the Judiciary. Date of scheduled consideration. SD-226. 10:00 a.m.
Points in Favor
(Log in to edit the wiki and be the first to show why the bill should pass!)
Points Against
(Log in to edit the wiki and be the first to show why the bill should not pass!)
Visitor Comments
There are currently no comments for this bill.