S. 495, The Personal Data Privacy and Security Act of 2007

• This item is from the 110th Congress (2007-2008) and is no longer current. Comments, voting, and wiki editing have been disabled, and the cost/savings estimate has been frozen.

Original version created by webmaster

S. 495 would prevent and mitigate identity theft, ensure privacy, provide notice of security breaches, and enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

Detailed Summary

Personal Data Privacy and Security Act of 2007 - Amends the federal criminal code to: (1) make fraud in connection with the unauthorized access of sensitive personally identifiable information (in electronic or digital form) a predicate for racketeering charges; and (2) prohibit concealment of security breaches involving such information.

Directs the U.S. Sentencing Commission to review and amend its guidelines relating to fraudulent access to, or misuse of, digitized or electronic personally identifiable information (including identify theft).

Requires a data broker to: (1) disclose to an individual, upon request, personal electronic records pertaining to such individual maintained for disclosure to third parties; and (2) maintain procedures for correcting the accuracy of such records.

Establishes standards for developing and implementing safeguards to protect the security of sensitive personally identifiable information. Imposes upon business entities civil penalties for violations of such standards. Requires such business entities to notify: (1) any individual whose information has been accessed or acquired; and (2) the U.S. Secret Service if the number of individuals involved exceeds 10,000.

Authorizes the Attorney General and state attorney generals to bring a civil actions against business entities for violations of this Act.

Requires the Administrator of the General Services Administration in considering contract awards totaling more than $500,000, to evaluate: (1) the data privacy and security program of a data broker; (2) program compliance; (3) the extent to which databases and systems have been compromised by security breaches; and (4) data broker responses to such breaches.

Requires federal agencies to conduct a privacy impact assessment before purchasing personally identifiable information from a data broker.

Status of the Legislation

Latest Major Action: 5/23/2007: Placed on Senate Legislative Calendar under General Orders. Calendar No. 168.

Points in Favor

(Log in to edit the wiki and be the first to show why the bill should pass!)

Points Against

(Log in to edit the wiki and be the first to show why the bill should not pass!)

« Return to Revision History.