| Spyware |
| Bill Number |
S.
687 |
| Title |
Software Principles Yielding Better Levels of Consumer Knowledge Act
(SPYBLOCK Act) |
| Sponsor |
Senator Conrad Burns (R-MT) |
| Co-Sponsors |
Sen. Ron Wyden (D-OR), Sen. Bill Nelson (D-FL), Sen. Barbara Boxer
(D-CA), Sen. Olympia Snowe (R-ME) |
| Summary |
S. 687 regulates the unauthorized installation of computer software,
to require clear disclosure to computer users of certain computer
software features that may pose a threat to user privacy. CSIA worked
closely with Senator Wyden's staff to include the Good Samaritan
provision, protecting anti-spyware software firms from frivolous
lawsuits. |
| Latest Update |
Introduced on March 20, 2005; referred to Committee on Commerce,
Science, and Transportation; on November 17, 2006, it was voted out of
committee. On June 12, 2006, the bill was reported
favorably out of committee with an amendment in the nature of a
substitute, and was placed on the legislative calendar. |
| |
| Bill Number |
S.
1004 |
| Title |
The Enhanced Consumer Protection Against Spyware Act of 2005 |
| Sponsor |
Senator George Allen (R-VA) |
| Co-Sponsors |
Sen. John Ensign (R-NV), Sen. Gordon Smith (R-OR), Sen. John E.
Sununu (R-NH), Sen, Michael B. Enzi (R-WY), Sen. Jim DeMint (R-SC) |
| Summary |
This bill provides the Federal Trade Commission (FTC) with the
resources necessary to protect users of the Internet from the unfair and
deceptive acts and practices associated with spyware. |
| Latest Update |
S. 1004 was introduced on May 11, 2005 and was referred to the Senate
Committee on Commerce, Science and Transportation. It was defeated in a
hearing on November 17, 2005. |
| |
| Bill Number |
S.
1608 |
| Title |
U.S. SAFE WEB Act of 2005 |
| Sponsor |
Sen. Gordon H. Smith (R-OR) |
| Co-Sponsors |
Sen. Daniel K. Inouye (D-HI), Sen. John McCain (R-AZ), Sen. Bill
Nelson (D-FL) |
| Summary |
S.1608 enhances Federal Trade Commission enforcement against illegal
spam, spyware, and cross-border fraud and deception. Specifically, it
amends the Federal Trade Commission Act to include within the term
"unfair or deceptive acts or practices" those acts or practices involving
foreign commerce that: (1) cause or are likely to cause reasonably
foreseeable injury within the United States; or (2) involve material
conduct occurring within the United States; includes as remedies
restitution to domestic or foreign victims. S.1608 grants the FTC power
to transmit to the Attorney General evidence of a violation of federal
criminal law by any person, partnership, or corporation, either domestic
or foreign; and authorizes the FTC to designate its attorneys to assist
the Attorney General with litigation in foreign courts on particular
matters in which it has an interest. The bill also prescribes procedural
guidelines for sharing by FTC with foreign law enforcement agencies of
information obtained pursuant to compulsory process or investigation.
Voluntary providers of information, including certain financial
institutions, are shielded from liability. |
| Latest Update |
Introduced on 7/29/2005 and referred to the Committee on Commerce,
Science, and Transportation; Scheduled for mark-up on 12/15/2005. Passed
out of committee on that date. On February 16, 2006, S. 1608 passed
out of the Senate without amendment by Unanimous Consent. On March
28th, it was received in the House and referred to the House Energy and
Commerce Committee. On April 19th, S. 1608 was referred to the
Subcommittee on Commerce, Trade and Consumer Protection |
| |
| Bill Number |
H.R.
29 |
| Title |
Securely Protect Yourself Against Cyber Trespass Act (The SPY
ACT) |
| Sponsor |
Rep. Mary Bono (R-CA) |
| Co-Sponsors |
H.R. 29 has 61 Co-Sponsors |
| Summary |
Protects users of the Internet from unknowing transmission of their
personally identifiable information through spyware programs. H.R. 29 is
geared toward the industry by instituting a system of checks and balances
to stop companies from obtaining a user's information via spyware; fines
may be administered for such actions. |
| Latest Update |
Introduced January 4, 2005; and referred to the House Committee on
Energy and Commerce; passed the House Subcommittee on Commerce, Trade and
Consumer Protection on February 4, 2005; on March 9, 2005 the full
committee ordered the bill to be reported by a vote of 43-0; reported out
by the Committee on Energy and Commerce on April 12, 2005; on May 23,
2005 the bill passed the House by a vote of 393-4, and will have to be
merged with H.R. 744, which was also passed on May 23, 2005. On May 24,
2005 H.R. 29 was sent to the Senate and referred to the Committee on
Commerce, Science, and Transportation. |
| |
| Bill Number |
H.R.
744 |
| Title |
Internet Spyware (I-SPY) Prevention Act of 2005 (I-SPY ACT) |
| Sponsor |
Rep. Bob Goodlatte (R-VA) |
| Co-Sponsors |
H.R. 744 has 13 Co-Sponsors |
| Summary |
Identifies specific acts as criminal offenses in an effort to
discourage spyware. This legislation was originally introduced during the
108th Congress and passed the House of Representatives by a vote of
415-0. |
| Latest Update |
Introduced on February 10, 2005 and referred to the House Committee
on the Judiciary. On May 23, 2005 H.R. 744 passed the House by a vote of
395-1, and on May 24, 2005 it was sent to the Senate and referred to the
Committee on the Judiciary. |
| Phishing |
| Bill Number |
S.
472 |
| Title |
Anti-Phishing Act of 2005 |
| Sponsor |
Senator Patrick Leahy (D-VT) |
| Co-sponsor |
Sen. Charles Schumer (D-NY) |
| Summary |
Criminalizes phishing, making it illegal to knowingly carry on any
activity that links to websites with the intention of committing a crime;
penalizes those who falsely represent themselves as being a legitimate
online business and solicit e-mail recipients to provide identification
to the phisher. S. 472 is similar to H.R. 1099. |
| Latest Update |
Introduced on February 28, 2005 and referred to the Senate Judiciary
Committee. |
| |
| Bill Number |
H.R.
1099 |
| Title |
Anti-Phishing Act of 2005 |
| Sponsor |
Rep. Darlene Hooley (D-OR) |
| Co-Sponsors |
Rep. Ed Case (R-HI), Rep. Eliot L. Engel (D-NY), Rep. Carolyn
McCarthy (D-NY) |
| Summary |
H.R. 1099 criminalizes phishing, making it illegal to knowingly carry
on any activity that links to websites with the intention of committing a
crime. The legislation is also intended to penalize those who falsely
represent themselves as being a legitimate online business and solicits
an e-mail recipient to provide identification to the phisher. This
legislation is similar to S. 472. |
| Latest Update |
Rep. Dooley introduced H.R. 1099 on March 3, 2005 when it was then
referred to the House Committee on the Judiciary. On May 10, 2005 it was
then referred to the Subcommittee on Crime, Terrorism, and Homeland
Security. |
| Privacy / Identity Theft
Protection / Data Warehouses |
| Bill Number |
S.
29 |
| Title |
Social Security Number Misuse Prevention Act |
| Sponsor |
Senator Dianne Feinstein (D-CA) |
| Co-Sponsors |
Sen. Patrick Leahy (D-VT), Sen. Judd Gregg (R-NH), Sen. John E.
Sununu (R-NH), Sen. Bill Nelson (D-FL) |
| Summary |
This bill amends the Federal criminal code to prohibit the display,
sale, or purchase of social security numbers without the affirmatively
expressed consent of the individual, except in specified circumstances.
It directs the Attorney General to study and report to Congress on all
the uses of social security numbers permitted, required, authorized, or
excepted under any Federal law, including the impact of such uses on
privacy and data security. S. 29 establishes a public records exception
to the prohibition and directs the Comptroller General to study and
report to Congress on social security numbers in public records. The
Attorney General is granted rulemaking authority to enforce this Act's
prohibition and to implement and clarify the permitted uses occurring as
a result of an interaction between businesses, governments, or business
and government.
S. 29 seeks to limit misuse of Social Security numbers and establishes
criminal penalties for such misuse. |
| Latest Update |
S. 29 was introduced on Jan. 24, 2005 by Senator Feinstein and was
referred to the Committee on the Judiciary. |
| |
| Bill Number |
S.
116 |
| Title |
Privacy Act of 2005 |
| Sponsor |
Senator Dianne Feinstein (D-CA) |
| Summary |
S. 116 prohibits the sale and disclosure of personally identifiable
information by a commercial entity to a non-affiliated third party unless
prescribed procedures for notice and opportunity to restrict such
disclosure have been followed. The bill grants the Federal Trade
Commission (FTC) enforcement authority. S. 166 also amends Federal
criminal law to prohibit the display, sale, or purchase of social
security numbers (SSNs) without the affirmatively expressed consent of
the individual. This legislation prohibits the use of SSNs on checks
issued for payment by governmental agencies and driver's licenses or
motor vehicle registrations. It prohibits a commercial entity from
requiring disclosure of an individual's SSN in order to obtain goods or
services, and it establishes criminal and civil monetary penalties for
misuse of an SSN.
S. 116 requires the consent of an individual prior to the sale and
marketing of an individual's personally identifiable information. |
| Latest Update |
S. 116 was introduced on Jan. 24, 2005 by Senator Feinstein and was
referred to the Committee on the Judiciary. |
| |
| Bill Number |
S.
500 |
| Title |
Information Protection and Security Act |
| Sponsor |
Senator Bill Nelson (D-FL) |
| Co-sponsor |
Sen. Hillary Clinton (D-NY) |
| Summary |
S. 500 regulates information brokers and protects individual rights
with respect to personally identifiable information. Specifically, it
authorizes the Federal Trade Commission (FTC) to promulgate regulations
requiring information brokers to update the information they store and
allow individuals to access their information; upon request by the
individual, the information brokers must disclose what information they
distribute and to whom it was given; the information brokers must also
authenticate users before allowing usage; finally, S. 500 authorizes
enforcement by FTC and allows individuals the right to private action
against the brokers. |
| Latest Update |
Senator Nelson introduced the Information Protection and Security Act
on March 3 and it was then referred to the Committee on Commerce,
Science, and Transportation. S. 500 is identical to H.R. 1080, sponsored
by Rep. Ed Markey (D-MA). |
| |
| Bill Number |
S.
751 |
| Title |
Notification of Risk to Personal Data Act |
| Sponsor |
Senator Dianne Feinstein (D-CA) |
| Co-Sponsors |
Sen. Mark Dayton (D-MN), Sen. John Kyl (R-AZ) |
| Summary |
S. 751 requires a business or government entity to notify an
individual in writing or email when it is believed that personal
information has been compromised, with the exception of situations
relating to criminal investigation or national security purposes.
Examples of personal information include: Social Security number,
driver's license or state identification number, or credit card or bank
account information. The bill covers both electronic and non-electronic
data, as well as encrypted and non-encrypted data. This bill is based on
California law, which is the first and currently the only State law
requiring notification of individuals. |
| Latest Update |
S. 751 was introduced on April 11, 2005 and referred to the Committee
on the Judiciary. |
| |
| Bill Number |
S.
768 |
| Title |
Comprehensive Identity Theft Prevention Act |
| Sponsor |
Senator Charles Schumer (D-NY) |
| Co-Sponsors |
Sen. Bill Nelson (D-FL), Sen. Mark Dayton (D-MN), Sen. Edward Kennedy
(D-MA), Sen. Barbara Boxer (D-CA), Sen. Byron Dorgan (D-ND) |
| Summary |
S. 768 creates a new Federal Trade Commission (FTC) office of
identity theft to help victims restore their identities. This office will
promulgate regulations for data brokers, governing the sale, maintenance,
collection, or transfer of sensitive personal information, including a
requirement that reasonable steps are taken to prevent unauthorized
access to sensitive personal information; penalties have been established
for violators. The bill includes a breach notification provision. S. 768
also establishes an annual identity theft report, will not interfere with
provisions of the Fair Credit Reporting Act, and preempts state law. |
| Latest Update |
S. 768 was introduced on April 12, 2005 and referred to the Committee
on Commerce, Science, and Transportation. |
| |
| Bill Number |
S.
1216 |
| Title |
Financial Privacy Breach Notification Act of 2005 |
| Sponsor |
Senator Jon Corzine (D-NJ) |
| Co-Sponsor |
Sen. Christopher J. Dodd (D-CT) |
| Summary |
This bill amends the Gramm-Leach-Bliley Act to require a financial
institution to promptly notify the following entities whenever a breach
of personal information has occurred at such institution: each customer
affected by such breach; certain consumer reporting agencies; and
appropriate law enforcement agencies. Furthermore, it requires any person
that maintains personal information for or on behalf of a financial
institution to promptly notify the institution of any case in which such
customer information has been breached. Prescribes notification
procedures. Finally, it authorizes a customer injured by a violation of
this Act to institute a civil action to recover damages and authorizes
the Federal Trade Commission to enforce compliance with this Act,
including the assessment of fines for violations. |
| Latest Update |
S. 1216 was introduced on June 9, 2005 and was referred to the Senate
Committee on Banking, Housing, and Urban Affairs. |
| |
| Bill Number |
S.
1326 |
| Title |
Notification of Risk to Personal Data Act |
| Sponsor |
Senator Jeff Sessions (R-AL) |
| Summary |
Defines "breach of security of the system" as compromise of the
security of computerized data that provides a reasonable basis to
conclude that sensitive personal information is at significant risk of
identity theft. S. 1326 requires any entity that owns or licenses
sensitive personal information to implement and maintain "reasonable"
security and notification procedures and practices appropriate to the
nature of the information; preempts any state laws which relate "in any
way to electronic information security standards or notification." |
| Latest Update |
S.1326 was introduced on June 28, 2005 and referred to the Committee
on the Judiciary. The Committee scheduled July 21, 2005 to review and
mark-up the bill, but will meet separately with member of the Senate
Commerce Committee on this and other related legislation. On October 20,
2005 S. 1326 was reported out of Committee and placed on the Senate
Legislative Calendar. |
| |
| Bill Number |
S.
1332 |
| Title |
Personal Data Privacy and Security Act of 2005 |
| Sponsor |
Senator Arlen Specter (R-PA) |
| Co-Sponsors |
Sen. Patrick Leahy (D-VT), Sen. Russell Feingold (D-WI) |
| Summary |
S. 1332 deals with different issues relating to identity theft and
security breaches, specifically providing security measures that require
"business entities" that have info on more than 10,000 US persons to
adopt measures, commensurate with the sensitivity of the data and the
size and complexity of the entities activities. This bill would encourage
the Federal Trade Commission to create a new standard for reasonable
security practices, including creating regulations that require covered
entities to develop, implement, and maintain an effective information
security program that contains administrative, technical, and physical
safeguards for sensitive personal information, taking into account the
use of technological safeguards, including encryption, truncation, and
other safeguards available or being developed for such purposes; require
procedures for verifying the credentials of any third party seeking to
obtain the sensitive personal information of another person; and require
disposal procedures to be followed by covered entities that dispose of
sensitive personal information; or transfer sensitive personal
information to third parties for disposal. It does not require total
federal preemption of any similar state law except to the extent that the
state law is inconsistent with this title. |
| Latest Update |
This bill was introduced on June 29, 2005 and placed on the Senate
Legislative Calendar. On July 1, 2005 it was placed on the Senate
Legislative Calendar under General Orders. |
| |
| Bill Number |
S.
1336 |
| Title |
Consumer Identity Protection and Security Act |
| Sponsor |
Senator Mark Pryor (D-AR) |
| Summary |
This bill establish procedures for the protection of consumers from
misuse of, and unauthorized access to, sensitive personal information
contained in private information files maintained by commercial entities
engaged in, or affecting, interstate commerce. More specifically any
consumer may request a consumer reporting agency to place a "security
freeze" on their private information file if they feel their information
has been compromised. The consumer reporting agency must freeze the
information no later than 2 business days after receiving a written or
telephone request from the consumer or 24 hours after receiving a secure
electronic mail request, and must inform the consumer of the enacted
freeze. The freeze will only be terminated if the consumer requests the
termination or if the consumer reporting agency determines the freeze was
requested due to a material misrepresentation of fact by the
consumer. |
| Latest Update |
S. 1336 was introduced on June 29, 2005 and was referred to the
Senate Committee on Commerce, Science, and Transportation. |
| |
| Bill Number |
S.
1408 |
| Title |
Identity Theft Protection Act |
| Sponsor |
Senator Gordon Smith (R-OR) |
| Co-Sponsors |
Sen. Ben Nelson (D-FL), Sen. Daniel Inouye (D-HI), Sen. John McCain
(R-AZ), Sen. Mark Pryor (D-AR), Sen. Ted Stevens (R- AK), Sen. Hillary
Rodham Clinton (D- NY), Sen. Lisa Murkowski (R-AK) |
| Summary |
S. 1408 strengthens data protection and safeguards, requires data
breach notification, and further prevents identity theft. Specifically,
S. 1408 allows consumers to "freeze" their credit and requires companies
to "develop, implement and maintain an effective information security
program." Any entity, whether commercial or non-profit, could be fined
$11,000 for each person who experiences a security breach; penalties
would be capped at $11 million. Entities with breaches affecting more
than 1,000 individuals must notify the FTC, and the agency must publish
that information on its Web site. Companies must establish procedures to
verify the identities of third parties that want to buy sensitive
consumer information. S. 1408 prohibits the "covered entities" from using
Social Security numbers in transactions unless their business is
dependant on the numbers. Finally, "reasonable" risk of fraud would be
the standard for triggering notice of security breaches to consumers
(rather than the higher standard of "substantial" risk found in S.
751).
Under this bill, the FTC will promulgate regulations that require covered
entities to develop, implement, and maintain an effective information
security program that contains administrative, technical, and physical
safeguards for sensitive personal information, taking into account the
use of technological safeguards, including encryption, truncation, and
other safeguards available or being developed for such purposes; require
procedures for verifying the credentials of any third party seeking to
obtain the sensitive personal information of another person; and require
disposal procedures to be followed by covered entities that dispose of
sensitive personal information; or transfer sensitive personal
information to third parties for disposal.
This bill also requires the Chairman of the FTC to establish an
Information Security Working Group to develop best practices to protect
sensitive personal information stored and transferred. The Working Group
shall be composed of industry participants, consumer groups, and other
interested parties; the group would be required to submit to Congress a
report on their findings with 12 months of the establishment of the
working group. |
| Latest Update |
S. 1408 was introduced on July 14, 2005 and referred to the Committee
on Commerce, Science and Transportation. On July 28, 2005 the Commerce
Committee ordered S. 1408 to be reported with an amendment in the nature
of a substitute. On December 8, the bill was reported out with an
amendment in the nature of a substitute. Placed on the Senate Legislative
Calendar under General Orders. |
| |
| Bill Number |
S.
1461 |
| Title |
Consumer Identity Protection and Security Act |
| Sponsor |
Sen. Richard Shelby (R-AL) |
| Summary |
S. 1461 establishes procedures for the protection of consumers from
misuse of, and unauthorized access to, sensitive personal information
contained in private information files maintained by commercial entities
engaged in, or affecting, interstate commerce, provide for enforcement of
those procedures by the Federal Trade Commission. |
| Latest Update |
S. 1461 was introduced on July 21, 2005 and referred to the Committee
on Banking, Housing and Urban Affairs. |
| |
| Bill Number |
S.
1594 |
| Title |
Financial Privacy Protection Act of 2005 |
| Sponsor |
Sen. Corzine (D-NJ) |
| Summary |
S. 1594 amends the Gramm-Leach-Bliley Act to require each financial
institution to develop and maintain a security system designed to prevent
any breach with respect to its customer information. The bill prescribes
guidelines for: (1) federal functional regulators to issue regulations
governing a customer information security system; and (2) financial
institutions to notify customers of unauthorized access to customer
information.
S. 1594 provides for: (1) civil action for damages by a customer
adversely affected by a violation of this Act; (2) injunctions against a
financial institution in violation or potential violation of this Act;
and (3) civil enforcement actions by state Attorneys General.
Finally, S. 1594 amends the Fair Credit Reporting Act to: (1) require a
consumer reporting agency to trigger a fraud alert in a consumer file
upon notification by a consumer of a data security breach or suspected
breach under this Act; and (2) prohibit the user of a consumer report to
take any adverse action with respect to a consumer based solely on the
inclusion of a fraud alert, extended alert, or active duty alert in the
file of that consumer. |
| Latest Update |
Introduced on July 29, 2005 and referred to the Committee on Banking,
Housing, and Urban Affairs. |
| |
| Bill Number |
S.
1789 |
| Title |
Personal Data Privacy and Security Act of 2005 |
| Sponsor |
Sen. Arlen Specter (R-PA) |
| Co-Sponsors |
Sen. Russell D. Feingold (D-WI), Sen. Dianne Feinstein (D-CA), Sen.
Patrick Leahy (D-VT) |
| Summary |
S. 1789 aims to prevent and mitigate identity theft, ensure privacy,
provide notice of security breaches, and enhance criminal penalties, law
enforcement assistance, and other protections against security breaches,
fraudulent access, and misuse of personally identifiable
information. |
| Latest Update |
Introduced on September 29, 2005 and referred to the Committee on the
Judiciary. On October 20 and October 27, 2005 S. 1789 was considered and
held over for the next meeting. On November 17, 2005 by a 13-5 vote, the
Senate Judiciary Committee approved S. 1789. |
| |
| Bill Number |
S.
2169 |
| Title |
Financial Data Protection Act of 2005 |
| Sponsor |
Sen. Thomas R. Carper (D-DE) |
| Co-Sponsor |
Sen. Mel Martinez (R-FL) |
| Summary |
S.2169 amends the Fair Credit Reporting Act to provide for secure
financial data. Specifically, it requires consumer reporters to implement
and maintain "reasonable policies and procedures" that protect sensitive
financial personal information of consumers. If a breach occurs, the
consumer reporter must promptly notify specific entities, and take
measures to repair the breach and restore the security and
confidentiality of the sensitive financial personal information, and take
reasonable measures to restore the integrity of the affected data
security safeguards. |
| Latest Update |
Introduced on December 12, 2005 and referred to the Senate Committee
on Banking Housing and Urban Affairs. The text of S.2169 is identical to
the bill introduced in the House Financial Services Committee with the
bill number HR 3997. |
| |
| Bill Number |
NEW! S.
3506 |
| Title |
Data Theft Prevention Act of 2006 |
| Sponsor |
Sen. Daniel K. Akaka (D-HI) |
| Co-Sponsors |
There are 11 co-sponsors. |
| Summary |
S. 3506 would establish Federal penalties for anyone,
whether a government employee or government contractor, who knowingly and
without authorization views, uses, downloads, or removes any means of
identification or individually identifiable health information that is in
a Federal database; this legislation would apply to all Federal
departments and agencies. The legislation would also create penalties for
those who would use any such personal information for criminal purposes.
S. 3506 would compliment existing Federal personal information security
policies and emphasize the need for all Federal departments and agencies
to review existing policies and clearly define employees who are and are
not authorized to use, view, or download personal informat.ion |
| Latest Update |
S. 3506 was introduced on June 13, 2006 and referred to the Committee
on the Judiciary. |
| |
| Bill Number |
NEW! S.
3531 |
| Title |
To appropriate $430,000,000 for medical care for veterans and
$70,000,000 to improve the security for personal data of veterans held by
the Department of Veterans Affairs, and for other purposes. |
| Sponsor |
Sen. Patty Murray (D-WA) |
| Summary |
This bill appropriates $70,000,000 to improve the
security for personal data of veterans held by the Department of Veterans
Affairs and to provide remedial assistance to veterans who have had
personal data stolen from the Department of Veterans Affairs. |
| Latest Update |
S. 3531 was introduced on June 16, 2006 and referred to the Senate
Appropriations Committee. |
| |
| Bill Number |
H.R.
82 |
| Title |
Social Security On-line Privacy Protection Act |
| Sponsor |
Rep. Rodney Frelinghuysen (R-NJ) |
| Summary |
H.R. 82 prohibits an interactive computer service from
disclosing to a third party an individual's Social Security number or
related personally identifiable information without the individual's
prior informed written consent. The bill also requires such service to
permit an individual to revoke any consent at any time.
This bill prohibits a second party with possession of an individual's
personal information from disclosing that information to a third party
without the individual's consent. |
| Latest Update |
Rep. Frelinghuysen introduced H.R. 82 on Jan. 4, 2005 and it was
referred to the Subcommittee on Commerce, Trade and Consumer Protection.
On February 4, 2005 it was then referred to the Subcommittee on Commerce,
Trade and Consumer Protection. |
| |
| Bill Number |
H.R.
84 |
| Title |
Online Privacy Protection Act of 2005 |
| Sponsor |
Rep. Rodney Frelinghuysen (R-NJ) |
| Summary |
H.R. 84 requires the Federal Trade Commission to prescribe
regulations to protect the privacy of personal information collected from
and about individuals who are not covered by the Children's Online
Privacy Protection Act of 1998 (age 13 and above) on the Internet. It
makes it unlawful for an operator of a Web site or online service to
collect, use, or disclose personal information concerning an individual
in a manner that is in violation of prescribed regulations, requiring
such operators to protect the confidentiality, security, and integrity of
personal information it collects from such individuals. H.R. 84 also
provides greater individual control over the collection and use of that
information by creating a process for such individuals to consent to or
limit the disclosure of such information. Additionally, H.R. 84 directs
the FTC to provide incentives for efforts of self-regulation by operators
to implement appropriate protections for such information. Finally, it
authorizes the States to enforce such regulations by bringing actions on
behalf of residents, requiring the State attorney general to first notify
the FTC of such action.
This bill requires all websites asking for personal information to
disclose to individuals what information is being collected and how the
information will be utilized. |
| Latest Update |
Rep. Frelinghuysen introduced H.R. 84 on Jan. 4, 2005 and it was
referred to the Subcommittee on Commerce, Trade and Consumer Protection.
On February 4, 2005 it was then referred to the Subcommittee on Commerce,
Trade and Consumer Protection. |
| |
| Bill Number |
H.R.
220 |
| Title |
Identity Theft Prevention Act of 2005 |
| Sponsor |
Rep. Ron Paul (R-TX) |
| Co-Sponsors |
Rep. Roscoe G. Bartlett (R-MD), Rep. Maurice D. Hinchey (D-NY), Rep.
Lynn C. Woolsey (D-CA), Rep. Thaddeus G. McCotter (R-MI), Rep. Eleanor
Holmes Norton (D-DC), Rep. Zach Wamp (R-TN) |
| Summary |
H.R. 220 Amends title II (Old Age, Survivors and Disability
Insurance) of the Social Security Act and the Internal Revenue Code to
prohibit using a Social Security account number except for specified
Social Security and tax purposes. The bill also prohibits the Social
Security Administration from divulging the Social Security account number
of an individual to any Federal, State, or local government agency or
instrumentality, or to any other individual. Conversely, no Federal,
State, or local government agency or instrumentality may request an
individual to disclose his Social Security account number on either a
mandatory or a voluntary basis, among other prohibitions.
This bill requires the Federal government to issue new SS numbers within
five years of the effective date of the bill; the new SS number will be
used solely for social security issues, and the Federal government will
cease using SS numbers to identify people. Individuals will have several
ID numbers, each applicable to specific agencies. |
| Latest Update |
H.R. 220 was introduced on Jan. 4, 2005 by Rep. Paul. It was then
referred to the Committee on Ways and Means and the Committee on
Government Reform. On January 25, 2005 the Committee on Ways and Means
then referred it to the Subcommittee on Social Security. |
| |
| Bill Number |
H.R.
1069 |
| Title |
Notification of Risk to Personal Data Act |
| Sponsor |
Rep. Melissa Bean (D-IL) |
| Co-Sponsors |
There are 18 Co-Sponsors. |
| Summary |
This legislation prescribes notification procedures governing any
agency, or person engaged in interstate commerce that owns or licenses
electronic data containing personal information, following the discovery
of a breach of security of the system containing such data. Furthermore,
it amends the Gramm-Leach-Bliley Act to require a financial institution,
at which a breach of personal information is reasonably believed to have
occurred, to promptly notify each affected customer, each pertinent
consumer reporting agency, the information clearinghouse established by
the Federal Trade Commission (FTC) under this Act, and appropriate law
enforcement agencies in any case in which the financial institution has
reason to believe that the breach or suspected breach affects a large
number of customers. It also requires any person that maintains personal
information for or on behalf of a financial institution to notify
promptly the financial institution of any case in which such customer
information has been, or is reasonably believed to have been,
breached.
In addition, the bill amends the Fair Credit Reporting Act to require a
consumer reporting agency to maintain a fraud alert file with respect to
any consumer upon receiving notice of a breach of personal information
from: (1) an agency or person engaged in interstate commerce pursuant to
this Act; or (2) a financial institution subject to the
Gramm-Leach-Bliley Act. Finally, it authorizes State Attorneys General to
bring civil actions in Federal district court to enforce this Act on
behalf of the residents of the State and directs the FTC to establish and
maintain a clearinghouse to collect and analyze information required
under this Act. |
| Latest Update |
H.R. 1069 was introduced on March 3, 2005 and was referred to the
Energy and Commerce Committee; the Committee on Government Reform; and
the Financial Services Committee. On May 13, 2005 bill was referred to
the Energy and Commerce Subcommittee on Financial Institutions and
Consumer Credit, and the Financial Services Subcommittee on Commerce,
Trade and Consumer Protection. |
| |
| Bill Number |
H.R.
1078 |
| Title |
Social Security Number Protection Act of 2005 |
| Sponsor |
Rep. Ed Markey (D-MA) |
| Co-Sponsors |
There are 19 Co-Sponsors. |
| Summary |
This bill amends title II (Old Age, Survivors and Disability
Insurance) of the Social Security Act (SSA) to establish criminal
penalties for the sale and purchase of the Social Security number and
Social Security account number of any person, except in certain
circumstances such as health, research, law enforcement, or emergency
situations. |
| Latest Update |
H.R. 1078 was introduced on March 3, 2005 and on March 11, 2005 was
referred to the Ways and Means Subcommittee on Social Security. On
March 14, 2005, it was referred to the Energy and Commerce Subcommittee
on Commerce, Trade and Consumer Protection. |
| |
| Bill Number |
H.R.
1080 |
| Title |
Information Protection and Security Act |
| Sponsor |
Rep. Ed Markey (D-MA) |
| Co-Sponsors |
There are 22 Co-Sponsors |
| Summary |
H.R. 1080 regulates information brokers and protects individual
rights with respect to personally identifiable information. Specifically,
it authorizes the Federal Trade Commission (FTC) to promulgate
regulations requiring information brokers to update the information they
store and allow individuals to access their information; upon request by
the individual, the information brokers must disclose what information
they distribute and to whom it was given; the information brokers must
also authenticate users before allowing usage; finally, H.R. 1080
authorizes enforcement by FTC and allows individuals the right to private
action against the brokers. H.R. 1080 is identical to S. 500. |
| Latest Update |
Introduced on March 3, 2005 and referred to the House Committee on
Energy and Commerce; on March 14, 2005 it was then referred to the
Subcommittee on Commerce, Trade and Consumer Protection. |
| |
| Bill Number |
H.R.
1263 |
| Title |
Consumer Privacy Protection Act of 2005 |
| Sponsor |
Rep. Cliff Stearns (R-FL), Rep. Rick Boucher (D-VA) |
| Summary |
This bill protects and enhances consumer privacy by instituting a
number of requirements for data collection organizations, specifically to
provide notification to consumers and to establish a privacy policy with
respect to the collection, sale, disclosure for consideration, or use of
the consumer's information. |
| Latest Update |
H.R. 1263 was introduced on March 10, 2005 and referred to the House
Committee on International Relations and the House Energy and Commerce
Committee. On March 22, 2005, it was then referred to the E&C’s
Subcommittee on Commerce, Trade and Consumer Protection. |
| |
| Bill Number |
H.R.
1745 |
| Title |
Social Security Number Privacy and Identity Theft Prevention Act of
2005 |
| Sponsor |
Rep. E. Clay Shaw, Jr. (R-FL) |
| Co-Sponsors |
There are 44 Co-Sponsors |
| Summary |
H.R. 1745 amends the Social Security Act to enhance Social Security
account number privacy protections, to prevent fraudulent misuse of the
Social Security account number, and to otherwise enhance protection
against identity theft. Specifically, it:
(1) Specifies restrictions on the sale and display to the general public
of Social Security account numbers (SSNs) (or any derivatives) by
Federal, State, and local governments and bankruptcy case trustees.
(2) Prohibits the display of SSNs (or any derivatives) on checks issued
for payment by such governments.
(3) Prohibits the Federal, State, or local government display of SSNs (or
any derivatives) on employee identification cards or tags (IDs).
(4) Prohibits access to the SSNs of other individuals by prisoners
employed by Federal, State, or local governments.
(5) Prohibits the selling, purchasing, or displaying of SSNs (with
certain exceptions), or the obtaining or use of any individual's SSN to
locate or identify such individual with the intent to physically injure
or harm such individual or to use the individual's ID for any illegal
purpose by any person
H.R. 1745 also subjects to the Fair Credit Reporting Act information
regarding a consumer's SSN (and any derivative), and provides that any
person who refuses to do business with an individual for refusing to
disclose his or her SSN shall be considered to have committed an unfair
or deceptive act or practice. Finally, the bill establishes civil and
criminal penalties for violations of this Act, and enhanced penalties in
cases of terrorism, drug trafficking, crimes of violence, or prior
offenses. |
| Latest Update |
H.R. 1745 was introduced on April 20, 2005 and referred to the
Committee on Ways and Means, Financial Services, and Energy and Commerce.
On April 27, 2005, it was referred to the Ways and Means Subcommittee on
Social Security; on May 13, 2005 it was referred to the House Energy and
Commerce Subcommittee on Commerce, Trade and Consumer Protection, and on
May 19, 2005 it was referred to the House Financial Services Subcommittee
on Financial Institutions and Consumer Credit. |
| |
| Bill Number |
H.R.
3140 |
| Title |
Consumer Data Security and Notification Act of 2005 |
| Sponsor |
Rep. Melissa Bean (D-IL) |
| Co-Sponsors |
There are 16 Co-Sponsors. |
| Summary |
This bill expands the protections for sensitive personal information
in Federal law to cover the information collection and sharing practices
of unregulated information brokers. In addition it enhances information
security requirements for consumer reporting agencies and information
brokers; and requires consumer reporting agencies, financial
institutions, and other entities to notify consumers of data security
breaches involving sensitive consumer information. |
| Latest Update |
H.R. 3140 was introduced on June 30, 2005 and was referred to the
House Committee on Financial Services. |
| |
| Bill Number |
H.R.
3375 |
| Title |
Financial Data Security Act of 2005 |
| Sponsor |
Rep. Deborah Pryce (R-OH) |
| Co-Sponsors |
Rep. Michael N. Castle (R-DE), Rep. Dennis Moore (D-KS), Rep.
Christopher Shays (D-CT) |
| Summary |
H.R. 3375 amends the Fair Credit Reporting Act to declare that each
consumer reporting agency, reporting broker, or reporting collector
(consumer reporter) has an obligation to maintain reasonable policies and
procedures to protect the security and confidentiality of a consumer's
sensitive financial account and identity information against any
unauthorized use that is reasonably likely to result in substantial
inconvenience or substantial harm to such consumer. The bill prescribes
data security safeguards that include: (1) investigations to protect
against identity theft and fraudulent transactions; (2) notification
alerts to law enforcement agencies, functional regulatory agencies, and
affected consumers; (3) investigation and notice requirements for third
party agreements; and (4) financial fraud mitigation procedures that
offer free file monitoring service for affected consumers.
Additionally, the bill requires the Secretary of the Treasury
(Secretary), the Board of Governors of the Federal Reserve System
(Board), and the Federal Trade Commission (FTC) jointly to prescribe
regulations that shield a consumer reporter from liability under state
common law for loss or harm to the consumer subsequent to such reporter's
offer of the free file monitoring service. The bill cites conditions
under which persons in compliance with the Gramm-Leach Bliley Act
governing disclosure of nonpublic personal financial information shall be
deemed to be in compliance with this Act. H.R. 3375 preempts state law
with respect to the data security safeguards and financial fraud
mitigation prescribed by this Act. |
| Latest Update |
H.R. 3375 was introduced on July 21, 2005 and referred to the House
Committee on Financial Services. |
| |
| Bill Number |
H.R.
3997 |
| Title |
Financial Data Protection Act of 2005 |
| Sponsor |
Rep. Steve LaTourette (R-OH) |
| Co-Sponsors |
There are 12 Co-Sponsors. |
| Summary |
H.R. 3997 amends the Fair Credit Reporting Act to provide for secure
financial data. Specifically, it requires consumer reporters to implement
and maintain "reasonable policies and procedures" that protect sensitive
financial personal information of consumers. If a breach occurs, the
consumer reporter must promptly notify specific entities, and take
measures to repair the breach and restore the security and
confidentiality of the sensitive financial personal information, and take
reasonable measures to restore the integrity of the affected data
security safeguards. |
| Latest Update |
Introduced on October 6, 2005 and referred to the House Committee on
Financial Services. On November 9, 2005 the Committee held a hearing and
it was clear that there was not bi-partisan consensus on the bill. From
the comments of Rep. Frank and Chairman Bachus certain provisions of H.R.
3140 may be considered prior to subcommittee mark-up of H.R. 3997. On
March 16, 2006 H.R. 3997 was marked up and reported out with amendments.
On May 24, 2006, HR 3997 was
marked up by the Energy and Commerce Committee. Rep. Stearns offered an
amendment in the form of a substitute bill that, following the enacting
language, inserts the language from HR 4127. The Committee approved the
substitute bill 42-0. On June 2, 2006, HR 3997 was reported out of
committee and placed on the Legislative Calendar. |
| |
| Bill Number |
H.R.
4127 |
| Title |
Data Accountability and Trust Act |
| Sponsor |
Rep. Cliff Stearns (R-FL) |
| Co-Sponsors |
Rep. Deborah Pryce (R-OH), Rep. Fred Upton (R-MI), Rep. George
Radanovich (R-CA), Rep. Charles Bass (R-NH), Rep. Mary Bono (R-CA), Rep.
Michael Ferguson (R-NJ), Rep. Marsha Blackburn (R-TN), Rep. Paul E.
Gillmor (R-OH) |
| Summary |
H.R. 4127 would require the implementation of general security
policies and procedures by all who own or possess electronic personal
information. Entities which own or posses personal information must
notify individuals if the entity determines that there is a reasonable
basis to conclude there is a significant risk of identity theft. Use of
encryption technology creates a presumption that there is no reasonable
basis of risk. The FTC is given sole enforcement power of this act and it
preempts all state laws and regulations that concern reasonable security
measures or notification of security breach. |
| Latest Update |
H.R. 4127 introduced October 25, 2005 and was marked-up in the House
Energy and Commerce Committee's subcommittee on Commerce, Trade and
Consumer Protection on November 3. Subcommittee Chairman Stearns offered
a number of manager amendments which were accepted. The bill was passed
out of subcommittee although with no minority support. On March 29, 2006
it was passed out of full committee by a vote of 41-0. On March 29, 2006
it was passed out of full committee by a vote of 41-0. On May 24, 2006, the House Financial Services considered
HR 4127, offered an amendment in the form of a substitute bill, and
inserted the language from 3997. This amended bill was passed out of
committee. |
| |
| Bill Number |
H.R.
5318 |
| Title |
Cyber-Security Enhancement and Consumer Data Protection Act of
2006 |
| Sponsor |
Rep. Jim Sensenbrenner, Jr. (R-WI) |
| Co-Sponsors |
Rep. Steve Chabot (R-OH), Rep. Howard Coble (R-NC), Rep. Tom Feeney
(R-FL), Rep. Deborah Pryce (R-OH), Rep. Adam Schiff (D-CA), Rep. Lamar
Smith (R-TX) |
| Summary |
H.R. 5318 would make it a crime to knowingly fail to report within 14
days major security breaches to the FBI or Secret Service that involve at
least 10,000 consumers, federal databases or any contractor involved in
national security matters or law enforcement. The bill would allow the
FBI and the Secret Service to investigate significant data breaches
before consumers are notified. If law enforcement determines that notice
to consumers would impede or compromise an investigation, it could direct
in writing within seven days that notice to consumers be delayed for up
to 30 days. The attorney general would be authorized to pursue civil
penalties of up to $1 million for knowing failure to report breaches. The
bill would add computer crimes and data theft to the list of crimes that
can be prosecuted under the Racketeer Influenced and Corrupt
Organizations law. It would make it a crime to access certain types of
identification information stored in computers that operate in interstate
commerce. A total of $30 million would be authorized for each fiscal year
through 2011 for the Secret Service, the Justice Department and the FBI
to investigate and prosecute computer crimes. |
| Latest Update |
H.R. 5318 was introduced on May 9, 2006 and referred to the House
Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland
Security. The Subcommittee held a hearing on May 11, 2006 and marked up
the bill on May 18, 2006. It was passed out of
committee and sent to the full Judiciary Committee, where it was
marked-up and passed out of committee on May 25, 2006. |
| |
| Bill Number |
NEW! H.R.
5636 |
| Title |
Social Security Number Privacy and Protection Act |
| Sponsor |
Rep. Key Granger (R-TX) |
| Co-Sponsors |
Rep. Thomas Allen (D-ME), Rep. Michael Burgess (R-TX), Rep. Katherine
Harris (R-FL), Rep. Sherrod Brown (D-OH), Rep. Ken Calvert (R-CA), Rep.
Ron Paul (R-TX) |
| Summary |
This bill directs the Director of Selective Service to alter the form
of the Selective Service reminder mailback card, or the method by which
the card is submitted to the Selective Service System, to reduce the risk
of theft of Social Security account numbers included as part of the
identifying information required from persons presenting themselves for
registration under the Military Selective Service Act. HR 5636 also
amends title XVIII (Medicare) of the Social Security Act (SSA) to
eliminate the Social Security account number from Medicare, Medicaid (SSA
title XIX), and SCHIP (SSA title XXI (State Children's Health Insurance)
identification cards. It also amends federal veterans' benefits law to
eliminate the Social Security account number from veterans’ health care
identification cards issued by the Department of Veterans Affairs.
Finally, this bill expresses the sense of Congress that health insurers
should not use Social Security account numbers on insurance
identification or claims cards issued to beneficiaries, but should
substitute another identification code or number instead. |
| Latest Update |
H.R. 5636 was introduced on June 16, 2006 and referred to the
following committees: Armed Services, Energy and Commerce, Veterans'
Affairs, Ways and Means. |
| Internet |
| Bill Number |
H.R.
214 |
| Title |
Internet Communications Services Act of 2005 |
| Sponsor |
Rep. Cliff Stearns (R-FL) |
| Co-sponsor |
Rep. Rick Boucher (D-VA) |
| Summary |
Promotes deployment of and investment in advanced Internet
communications services; gives the Federal Communications Commission
(FCC) exclusive authority regarding advanced Internet communications
services, allowing the FCC to impose specific requirements or obligations
on providers of advanced Internet communications voice service. |
| Latest Update |
Introduced on January 14, 2005; referred on February 4, 2005 to the
House Subcommittee on Telecommunications and the Internet. |
| Internet Security,
Safety and Ethics |
| Bill Number |
NEW! S.
3499 |
| Title |
Internet Safety (Stop Adults Facilitating the Exploitation of Youth)
Act of 2006 |
| Sponsor |
Sen. John Kyl (R-AZ) |
| Co-sponsor |
Sen. George Allen (R-VA), Sen. Sam Brownback (R-KS), Sen. Conrad
Burns (R-MT), Sen. John Cornyn (R-TX), Sen. Mike DeWine (R-OH), Sen.
Chuck Grassley (R-IA), Sen. Kay Bailey Hutchison (R-TX), Sen. Olympia
Snowe (R-ME) |
| Summary |
S. 3499 makes it a Federal offense to financially facilitate access
to child pornography on the Internet; mandates penalties for Web site
operators who insert words or images into their internet source codes
with the intent to deceive persons into viewing obscene material on the
internet; and requires commercial Web site operators to place warning
marks prescribed by the Federal Trade Commission on Web pages that
contain sexually explicit material. |
| Latest Update |
S. 3499 was introduced on June 13, 2006 and referred to the Committee
on the Judiciary. |
| Bill Number |
NEW! H.R.
5319 |
| Title |
Deleting Online Predators Act of 2006 |
| Sponsor |
Rep. Michael Fitzpatrick (R-PA) |
| Co-sponsor |
There are 28 co-sponsors. |
| Summary |
This bill allows schools to monitor the online activities of minors
and would require both schools and libraries to employ technology to
restrict access to commercial social networking websites and chat rooms
so that minors, without parental consent, will be unable to access such
websites. |
| Latest Update |
HR 5319 was introduced on May 9, 2006 and referred to the House
Committee on Energy and Commerce. On May 15, 2006, it was then referred
to the Subcommittee on Telecommunications and the Internet. |
| Homeland Security |
| Bill Number |
S.
140 |
| Title |
Domestic Defense Fund Act of 2005 |
| Sponsor |
Senator Hillary Clinton (D-NY) |
| Co-sponsor |
Sen. Charles E. Schumer (D-NY) |
| Summary |
S. 140 provides for a domestic defense fund to improve the Nation's
homeland defense by authorizing the Secretary of Homeland Security to
award grants to States, units of local government, and Indian tribes for
homeland security development. The grant awardees are required to develop
a homeland security plan identifying both short- and long-term homeland
security needs, among other items. 70 percent of grant funds are required
to be allocated among metropolitan cities and urban counties based on the
Secretary's calculations of various infrastructure vulnerabilities and
threats such as proximity to international borders, nuclear or other
energy facilities, air, rail or water transportation, and national icons
and Federal buildings. |
| Latest Update |
Senator Hillary Clinton introduced S. 140 on January 24, 2005. It was
referred to the Senate Committee on Homeland Security and Governmental
Affairs, where introductory remarks were made on February 15, 2005. |
| |
| Bill Number |
H.R.
91 |
| Title |
Smarter Funding for All of America's Homeland Security Act of
2005 |
| Sponsor |
Rep. Rodney P. Frelinghuysen (R-NJ) |
| Co-Sponsors |
There are 11 Co-Sponsors |
| Summary |
H.R. 91 modifies the DHS grant program, authorizing the Secretary of
Homeland Security to make grants to first responders. One new criterion
will be "Threats to major communications nodes, including cyber and
telephonic nodes." |
| Latest Update |
Introduced on January 4, 2005 and referred to the Committee on
Homeland Security (Select) and also the Committees on Transportation and
Infrastructure, the Judiciary, and Energy and Commerce; on February 25,
2005 it was then referred to the Subcommittee on Health. Referred to the
Subcommittee on Emergency Preparedness, Science, and Technology on March
9, 2005. |
| Healthcare |
| Bill Number |
S.
1223 |
| Title |
Information Technology for Health Care Quality Act |
| Sponsor |
Senator Christopher Dodd (D-CT) |
| Co-sponsor |
Sen. Jim Jeffords (I-VT) |
| Summary |
Amends the Public Health Service Act to improve the quality and
efficiency of health care delivery through improvements in health care
information technology. It establishes within the executive office of the
President an Office of Health Information Technology, which will be
headed by a Director appointed by the President. The Office will develop
a national strategy for improving the quality and enhancing the
efficiency of health care through the improved use of health information
technology and the creation of a National Health Information
Infrastructure, and serve as the principle advisor to the President
concerning health information technology. |
| Latest Update |
S. 1223 was introduced on June 9, 2005 and referred to the Senate
Committee on Health, Education, Labor, and Pensions. |
| |
| Bill Number |
S.
1262 |
| Title |
Technology to Enhance Quality Act of 2005 (Health TEQ) |
| Sponsor |
Senator Bill Frist (R-TN) |
| Co-Sponsors |
There are 15 Co-Sponsors |
| Summary |
The Health Technology to Enhance Quality Act of 2005 implements
health information technology standards that would guide the design and
operation of interoperable health information systems. The legislation
codifies the Office of National Coordinator for Information Technology
and establishes standards for the electronic exchange of health
information. The bill also authorizes grants to local and regional
consortiums to implement health information technology infrastructure
that is compliant with national standards and establishes measures to
assess the quality of care. Finally, it establishes standard quality
measures to better assess the value of federal programs.
On June 16 Senators Frist and Clinton introduced the "Health Technology
to Enhance Quality Act of 2005" (Health TEQ), which creates an
interoperable health information technology (IT) system through the
adoption of standards that will help reduce costs, enhance efficiency and
improve overall patient care. |
| Latest Update |
Introduced on June 16 and referred to the Committee on Health,
Education, Labor, and Pensions. On July 18, 2005 and July 21, 2005
introductory remarks were made. Elements of S. 1262 and S. 1355 were
rolled into S. 1418, and on November 18, 2005 it was passed in the
Senate. S. 1418 codifies the Office of the National Coordinator of Health
Information Technology. |
| |
| Bill Number |
S.
1418 |
| Title |
Wired for Health Care Quality Act |
| Sponsor |
Senator Michael B. Enzi (R-WY) |
| Co-Sponsors |
There are 38 Co-Sponsors |
| Summary |
Takes elements of S.1262 and S. 1355. Codifies the American Health
Information Collaborative which is tasked with developing and
implementing health information technology standards that will guide the
design and operation of interoperable health information systems; also
codifies the Office of National Coordinator for Information Technology
and establishes standards for the electronic exchange of health
information. The bill also authorizes grants to local and regional
consortiums to implement health information technology infrastructure
that is compliant with national standards and establishes measures to
assess the quality of care. Finally, it establishes standard quality
measures to better assess the value of federal programs. On July 18,
Senator Enzi introduced the Wired for Health Care Quality act and offered
it as a substitute amendment in the Committee on Health Education, Labor
and Pensions. |
| Latest Update |
Introduced on July 27, 2005 it was passed out of the Senate on
November 18 and referred to the House Committee on Energy and Commerce.
Referred to the Subcommittee on Health on December 16, 2005. |
| |
| Bill Number |
H.R.
2234 |
| Title |
The 21st Century Health Information Act of 2005 |
| Sponsor |
Rep. Tim Murphy (R-PA) |
| Co-Sponsors |
There are 40 Co-Sponsors |
| Summary |
HR 2234 authorizes the Secretary of Health and Human Services (HHS)
to create grants that will assist in establishing regional health
information organizations; these organizations will create a network of
integrated health information technology. The bill contains no explicit
security standards, but requires each recipient of an HHS grant to submit
a plan detailing the proposed network and how the network will be
supported and secured. H.R. 2234 places itself squarely within the
confines of HIPAA's privacy and security rules, so there are no new
standards; however it does include language regarding certification the
systems will require prior to being eligible for purchase with government
grant money. Also of note, the bill requires the operators of these
regional health information organizations to report both to the secretary
of HHS and to the individual affected if personally identifiable
information is compromised or if unauthorized access occurs. The operator
must report the conditions of such unauthorized access to the Secretary
but merely notify the individual. |
| Latest Update |
HR 2234 was introduced on May 10, 2005 and then referred to the
Committee on Energy and Commerce and the Committee on Ways and Means. On
May 23, 2005 the Committee on Energy and Commerce referred the bill to
the Subcommittee on Health. On November 4, 2005 introductory remarks were
made. |
| |
| Bill Number |
H.R.
2762 |
| Title |
Demonstration Project: Internet-Based Submission Form |
| Sponsor |
Rep. Rob Andrews (D-NJ) |
| Summary |
Directs the Secretary of Health and Human Services to implement a
three-year demonstration project to provide for the use of the Internet
for the electronic submission of claims by providers of services under
the Medicare program for which the HCFA-1500 claim form is utilized. |
| Latest Update |
On June 7, H.R. 2762 was introduced and referred to the Committee on
Ways and Means, and the Committee on Energy and Commerce. On June 17,
2005 the Committee on Energy and Commerce then referred the bill to the
Subcommittee on Health. |
| |
| Bill Number |
H.R.
4642 |
| Title |
Wired for Health Care Quality Act |
| Sponsor |
Rep. Darrell E. Issa (R-CA) |
| Summary |
Codifies the American Health Information Collaborative which is
tasked with developing and implementing health information technology
standards that will guide the design and operation of interoperable
health information systems; also codifies the Office of National
Coordinator for Information Technology and establishes standards for the
electronic exchange of health information. The bill also authorizes
grants to local and regional consortiums to implement health information
technology infrastructure that is compliant with national standards and
establishes measures to assess the quality of care. Finally, it
establishes standard quality measures to better assess the value of
federal programs. Is the House equivalent of S. 1418. |
| Latest Update |
On 12/18/2005, HR 4642 was introduced and referred to the House
Committee on Energy and Commerce. On 1/3/2006, it was then referred
to the Subcommittee on Health on 1/3/2006. |
| |
| Bill Number |
HR
4157 |
| Title |
Health Information Technology Promotion Act of 2005 |
| Sponsor |
Rep. Nancy Johnson (R-CT) |
| Co-Sponsors |
There are 59 co-sponsors |
| Summary |
Codifies ONCHIT although does not specifically codify AHIC it does
make mention of it as an advisory body and calls for a report from AHIC
within two years of passage of this law as to standards for the HIT
network and plans for a permanent advisory body including the role of the
federal government within that body. Makes the ONCHIT the strategic
planner for interoperable HIT, the coordinator of Federal Govt activities
with regard to HIT. Interestingly enough there is authorization of
appropriations for ONCHIT to undertake its duties but there are no
provisions for federal grants or loans to create a nationwide
interoperable HIT system. The bill contains all the boiler-plate
anti-kickback language that is necessary when dealing with doctors
potentially using larger health-care providers (i.e. hospitals)
facilities. Interestingly enough this bill calls for a study to be done
to determine the need for a National Health security and confidentiality
standard. |
| Latest Update |
HR 4157 was introduced on 10/27/05 and referred to the House Energy
and Commerce and House Ways and Means Committees. On 11/4/2005, the
bill was referred to the Energy and Commerce Committee’s Subcommittee on
Health, where, on June 8, 2006 it was marked up and
passed out of subcommittee. On June 15, 2006, the full committee
marked up and passed the bill of committee. |
| |
| Bill Number |
HR
4832 |
| Title |
Electronic Health Information Technology Act of 2005 |
| Sponsor |
Rep. William Lacy Clay (D-MO) |
| Co-Sponsors |
Rep. Jon Porter (R-NV) |
| Summary |
Creates a new position within HHS – The Chief Health Informatics
Officer of the Health Information Technology which will replace ONCHIT
and may at the Secretary’s discretion be filled by the current ONCHIT.
Allows the CHIO to, among other things, develop HIT standards, create a
plan to establish a national interoperable HIT system, oversee the
administration of that plan and administer grants to facilitate the plan.
Does not specify how the CHIO will develop standards other than through
consultation with public and private stakeholders (presumably under AHIC
or similar organization), although the CHIO shall recognize all of the
standards developed by the Consolidated Health Informatics Council.
Grants will be available for non-federal entities to implement the HIT
standards, and non-compliance with these standards will result in a
cut-off of federal funds to purchase HIT technology in the future. The
bill also provides for federal loans to Health Care providers. |
| Latest Update |
Referred to the House Energy and Commerce and House Ways and Means
Committees on March 1, 2006. On 3/17/2006, it was then referred to the
Energy and Commerce Committee’s Subcommittee on Health. |
| |
| Bill Number |
HR
4859 |
| Title |
Federal Family Health Information Technology Act of 2006 |
| Sponsor |
Rep. Jon Porter (R-NV) |
| Co-Sponsors |
Rep. Dan Burton (R-IN), Rep. Wm. Lacy Clay (D-MO) |
| Summary |
Directs the contracts made with carriers of health insurance for
federal employees and their families require that the carriers make
available to the covered individuals' electronic health records that are
consistent with the standards developed by ONCHIT. The records must be
made available to the individuals who will be able to limit access to
those records. The electronic health records shall be interoperable with
other records provided by other carriers allowing for the transfer of
individual records from one carrier to another. Each contract signed by
OPM and the carrier shall require the carrier to create the records as
well as a mechanism for individual access to those records as well as a
method to transfer those records to another entity as directed by the
individual. The bill also directs for OPM to establish the Federal Family
Health Information Technology Trust Fund for the purpose to receive
donations to be used to award grants to carriers which meet certain
eligibility requirements to provide incentive to establish this system of
standardized electronic health records. |
| Latest Update |
On March 2, 2006 this bill was referred to the House Committee on
Government Reform. |
| |
| IP and Telecom Services |
| Bill Number |
S.
1063 |
| Title |
I.P.-Enabled Voice Communications and Public Safety Act |
| Sponsor |
Senator Bill Nelson (D-FL) |
| Co-Sponsors |
Sen. Hillary Clinton (D-NY), Sen. Conrad Burns (D-MT), Sen. Olympia
Snowe (R-ME), Sen. John Kerry (D-MA) |
| Summary |
S. 1063 requires all Internet telephone providers (VoIP) to connect
emergency 911 calls made by their customers by requiring traditional
telephone companies to give VOIP companies access to their 911 networks.
Additionally, the bill requires VOIP companies to provide enhanced 911
services, allowing emergency personnel to determine physical locations of
a call and other related information. The legislation states that any
VOIP service provider that cannot comply with these requirements must
give customers clear and conspicuous notice that 911 and E911 services
are not available to them. This clear notice must be given when the
customer purchases the service. |
| Latest Update |
On May 18, 2005 Senator Bill Nelson introduced S. 1063, the
I.P.-Enabled Voice Communications and Public Safety Act. The bill was
referred to the Committee on Commerce, Science, and Transportation. Rep.
Bart Gordon of Tennessee introduced a companion bill in the House, H.R.
2418, on May 18, 2005. On November 2, 2005 the Committee on Commerce,
Science, and Transportation ordered the bill to be reported out with an
amendment in the nature of a substitute. On December 20, 2005 it was
placed on the Senate Legislative Calendar. |
| |
| Bill Number |
S.
1504 |
| Title |
Broadband Investment and Consumer Choice Act |
| Sponsor |
Sen. John Ensign (R-NV) |
| Co-Sponsors |
There are 16 Co-Sponsors. |
| Summary |
S. 1504 establishes a market-driven telecommunications marketplace,
to eliminate government managed competition of existing communication
service, and to provide parity between functionally equivalent services.
Specifically, this bill prohibits any state or local government from
regulating direct-to-home satellite services, and directs the Federal
Communications Commission (FCC) to forbear from regulating mobile
services unless determined necessary because of lack of competition or
for the protection of public health and safety. It requires the FCC to
prescribe regulations to promote: (1) competition and diversity in the
multichannel video programming market; and (2) the continuing development
of communications technologies. And S.1054 sets forth requirements for
state- or locally-owned networks seeking to provide communications
service and requires such governments to have an open bidding process
allowing non-governmental entities to compete for the provision of such
service. |
| Latest Update |
This bill was introduced on July 27, 2005 and referred to the
Committee on Commerce, Science, and Transportation. |
| |
| Bill Number |
S.
2113 |
| Title |
Digital Age Communications Act of 2005 |
| Sponsor |
Sen. Jim DeMint (R-SC) |
| Co-Sponsor |
John Ensign (R-NV) |
| Summary |
S.2113 is designed to promote the widespread availability, integrity,
reliability and efficiency of communications services through
deregulation and market driven forces rather than direct government
regulation. It presumes that economic regulation of communication
services is unnecessary absent extraordinary circumstances. There are no
provisions for cyber or network security absent the encouragement of
innovation and competition through market based forces. |
| Latest Update |
This bill was introduced on December 15, 2005 and referred to the
Committee on Commerce, Science and Transportation. |
| |
| Bill Number |
H.R.
214 |
| Title |
Advanced Internet Communications Services Act of 2005 |
| Sponsor |
Rep. Cliff Stearns (R-FL) |
| Co-sponsor |
Rep. Rick Boucher (D-VA) |
| Summary |
The bill aims to promote deployment of and investment in advanced
Internet communications services. It gives the Federal Communications
Commission (FCC) exclusive authority regarding advanced Internet
communications services, allowing the FCC to impose specific requirements
or obligations on providers of advanced Internet communications voice
service. |
| Latest Update |
Rep. Stearns introduced this bill on January 14, 2005 and on February
4, 2005 it was referred to House Subcommittee on Telecommunications and
the Internet. |
| |
| Bill Number |
H.R.
2418 |
| Title |
I.P.-Enabled Voice Communications and Public Safety Act |
| Sponsor |
Rep. Bart Gordon (D-TN) |
| Co-Sponsors |
There are 34 Co-Sponsors. |
| Summary |
H.R. 2418 requires all Internet telephone providers (VoIP) to connect
emergency 911 calls made by their customers by requiring traditional
telephone companies to give VOIP companies access to their 911 networks.
Additionally, the bill requires VOIP companies to provide enhanced 911
services, allowing emergency personnel to determine physical locations of
a call and other related information. The legislation states that any
VOIP service provider that cannot comply with these requirements must
give customers clear and conspicuous notice that 911 and E911 services
are not available to them. This clear notice must be given when the
customer purchases the service. |
| Latest Update |
May 18, 2005 Rep. Bart Gordon introduced HR 2418, the I.P.-Enabled
Voice Communications and Public Safety Act. The bill was introduced in
the House Energy and Commerce Committee, which has jurisdiction over
telecommunications, as well as Internet, issues. On June 3, 2005 it was
then referred to the Subcommittee on Telecommunications and the Internet.
Senator Bill Nelson of Florida introduced a companion bill in the Senate,
S. 1063, on May 19, 2005. |
| |
| Bill Number |
H.R.
4569 |
| Title |
Digital Transition Content Security Act of 2005 |
| Sponsor |
James Sensenbrenner (R-WI) |
| Co-Sponsors |
John Conyers (D-MI), Rep. Howard Coble (R-NC) |
| Summary |
Requires analog conversion devices to preserve digital content
copyright security measures. |
| Latest Update |
Introduced on December 16, 2005 and referred to the House Judiciary
Committee’s Subcommittee on Courts, the Internet, and Intellectual
Property. |
| Control Systems |
| |
| Bill Number |
S.
1995 |
| Title |
Wastewater Treatment Works Security Act of 2005 |
| Sponsor |
Sen. James M. Jeffords (I-VT) |
| Co-Sponsors |
Sen. Frank R. Lautenberg (D-NJ), Sen. Barbara Boxer (D-CA), Sen.
Barack Obama (D-IL) |
| Summary |
S.1995 enhances the security of wastewater treatment works. |
| Latest Update |
S.1995 was introduced on November 10; introductory remarks were made,
and it was referred to the Committee on Environment and Public
Works. |
| |
| Bill Number |
S.
2145 |
| Title |
Chemical Facility Anti-Terrorism Act of 2005 |
| Sponsor |
Sen. Susan Collins (R-ME) |
| Co-Sponsors |
Sen. Norm Coleman (R-MN); Sen. Thomas Carper (D-DE); Sen. Jon Corzine
(D-NJ); Sen. Carl Levin (D-MI) and Sen. Joseph Lieberman (D-CT) |
| Summary |
This legislation would direct the Department of Homeland Security to
establish criteria for evaluating the vulnerability of chemical
facilities to terrorist attack and establish risk-based tiers for
facilities deemed in need of protection. These regulations will require
facilities to conduct vulnerability assessments and to establish
appropriate security and emergency response plans. Includes language that
requires "electronic, computer or otherwise automated systems which are
used by the chemical source" to be included in the vulnerability
assessments. |
| Latest Update |
Introduced December 19, 2005 and referred to the Senate Committee on
Homeland Security and Governmental Affairs. On June
14, 2006, S. 2145 was marked up, and on June 15, 2006, it was reported
out of committee with an amendment in the nature of a substitute
bill. |
| |
| Bill Number |
H.R.
6 Bill passed and signed into law |
| Title |
Energy Policy Act of 2005 |
| Sponsor |
Rep. Joe Barton (R-TX) |
| Summary |
H.R. 6 sets forth an energy research and development program,
including: (1) energy efficiency; (2) renewable energy; (3) oil and gas;
(4) coal; (5) Indian energy; (6) nuclear matters and security; (7)
vehicles and motor fuels, including ethanol; (8) hydrogen; (9)
electricity; and (10) energy tax incentives. Two prevalent cyber
security-related measures in this bill include: a provision for the
President, the Nuclear Regulatory Commission, and other appropriate
Federal, State, and local agencies and private entities, to conduct a
study of nuclear facility threats, including an assessment of physical,
cyber, biochemical, and other terrorist threats; and an amendment
regarding electric reliability standards, which is defined as providing
for reliable operation of bulk-power system facilities, including
cybersecurity protection. In reference to electric reliability standards,
H.R. 6 includes cybersecurity threats when defining “reliable operation”
to mean: “operating the elements of the bulk-power system within
equipment and electric system thermal, voltage, and stability limits so
that instability, uncontrolled separation, or cascading failures of such
system will not occur as a result of a sudden disturbance, including a
cybersecurity incident, or unanticipated failure of system elements.” And
finally, “cybersecurity incident” is defined as “a malicious act or
suspicious event that disrupts, or was an attempt to disrupt, the
operation of those programmable electronic devices and communication
networks including hardware, software and data that are essential to the
reliable operation of the bulk power system.” |
| Latest Update |
On April 18, H.R. 6 was introduced and referred to the following
Committees: Energy and Commerce; Education and the Workforce; Financial
Services; Agriculture; Resources; Science; Ways and Means; and
Transportation and Infrastructure. The House Energy and Commerce
Committee then referred it to the Subcommittee on Energy and Air Quality,
and the House Resources Committee held Committee Consideration and
Mark-up Session on April 13, prior to introduction. On April 19, the
Rules Committee Resolution (H. Res. 219) was reported to the House, which
subsequently passed the House on April 20. On April 20 and 21, the House
debated several amendments, passed by a vote of 249-183, and on April 26,
it was received in the Senate. On June 9, H.R. 6 was placed on the Senate
Legislative Calendar. It appears that the companion bill in the Senate,
S. 10, does not contain any provisions relating to cyber security.
On June 14, 2005 the Senate received the bill, and on June 28, 2005 it
passed by a vote of 85-12. A conference was held in late July to
reconcile H.R. 6 and S. 10 and the bill was signed into law by the
President on August 8, 2005. |
| |
| Bill Number |
H.R.
4602 |
| Title |
Nuclear Security Act of 2005 |
| Sponsor |
Rep. Nita Lowey (D-NY) |
| Co-Sponsor |
Rep. Maurice Hinchey (D-NY) |
| Summary |
Amends the Atomic Energy Act of 1954 and the Energy Reorganization
Act of 1974 to strengthen security at sensitive nuclear facilities. There
are no specific references to cyber security protection, however, the
bill states that the Commission shall establish a nuclear security force
that will, in turn, develop and implement a security plan to ensure the
security of all sensitive nuclear facilities against the design basis
threat. Some protective measures will include: designs of critical
control systems at each sensitive nuclear facility; restricted personnel
access to each sensitive nuclear facility; perimeter site security,
internal site security, and fire protection barriers; and background
security checks for employees and prospective employees. |
| Latest Update |
H.R. 4602 was introduced on December 16, 2005 referred to the
Subcommittee on Energy and Air Quality on January 3 2006. |
| |
