Detailed Summary

Identity Theft Prevention Act - Requires any commercial entity or charitable, educational, or nonprofit organization that acquires, maintains, or uses sensitive personal information (covered entity) to develop, implement, maintain, and enforce a written program, containing administrative, technical, and physical safeguards, for the security of sensitive personal information it collects, maintains, sells, transfers, or disposes of. Defines "sensitive personal information" as an individual's name, address, or telephone number combined with at least one of the following relating to that individual: (1) the social security number or numbers derived from that number; (2) financial account or credit or debit card numbers combined with codes or passwords that permit account access, subject to exception; or (3) a state driver's license or resident identification number.

Requires a covered entity: (1) to report a security breach to the Federal Trade Commission (FTC); (2) if the entity determines that the breach creates a reasonable risk of identity theft, to notify each affected individual; and (3) if the breach involves at least 1,000 individuals, to notify all consumer reporting agencies specified in the Fair Credit Reporting Act.

Authorizes a consumer to place a security freeze on his or her credit report by making a request to a consumer credit reporting agency. Prohibits a reporting agency, when a freeze is in effect, from releasing the consumer's report for credit review purposes without the consumer's prior express authorization. Sets forth other security freeze requirements.

Requires: (1) the establishment of the Information Security and Consumer Privacy Advisory Committee; (2) a related crime study, including the correlation between methamphetamine use and identity theft crimes.

Treats any violation of this Act as an unfair or deceptive act or practice under the Federal Trade Commission Act. Requires enforcement under other specified laws. Allows enforcement by state attorneys general. Preempts state laws requiring notification of affected individuals of security breaches.

Status of the Legislation

Latest Major Action: 4/25/2007: Senate committee/subcommittee actions. Status: Committee on Commerce, Science, and Transportation. Ordered to be reported with amendments favorably.

Points in Favor

(Log in to edit the wiki and be the first to show why the bill should pass!)

Points Against

(Log in to edit the wiki and be the first to show why the bill should not pass!)