Cyber Security Industry Alliance Newsletter • Volume 2, Number 3 • November 2005

Legislative Update

Click the bill number to view detailed information about the bill from The Library of Congress Thomas Legislative Information site at http://thomas.loc.gov/.

Spyware
Bill Number   S. 687
Title Software Principles Yielding Better Levels of Consumer Knowledge Act (SPYBLOCK Act)
Sponsor Senator Conrad Burns (R-MT)
Co-sponsors Sen. Ron Wyden (D-OR), Sen. Bill Nelson (D-FL), Sen. Barbara Boxer (D-CA)
Summary S. 687 regulates the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy. CSIA worked closely with Senator Wyden's staff to include the Good Samaritan provision, protecting anti-spyware software firms from frivolous lawsuits.
Latest Update Introduced on March 20; referred to Committee on Commerce, Science, and Transportation; on November 17, it was voted out of committee.
 
Bill Number   S. 1004
Title

The Enhanced Consumer Protection Against Spyware Act of 2005
Sponsor

Senator George Allen (R-VA)
Co-sponsors Sen. John Ensign (R-NV), Sen. Gordon Smith (R-OR)
Summary This bill provides the Federal Trade Commission (FTC) with the resources necessary to protect users of the Internet from the unfair and deceptive acts and practices associated with spyware.
Latest Update S. 1004 was introduced on May 11 and was referred to the Senate Committee on Commerce, Science and Transportation.
 
Bill Number   H.R. 29
Title Securely Protect Yourself Against Cyber Trespass Act (The SPY ACT)
Sponsor

Rep. Mary Bono (R-CA)
Co-sponsors H.R. 29 has 61 Co-Sponsors
Summary Protects users of the Internet from unknowing transmission of their personally identifiable information through spyware programs. H.R. 29 is geared toward the industry by instituting a system of checks and balances to stop companies from obtaining a user's information via spyware; fines may be administered for such actions.
Latest Update Introduced January 6; passed the House Subcommittee on Commerce, Trade and Consumer Protection on February 4; on February 9, full committee ordered the bill to be reported by a vote of 43-0; reported out by the Committee on Energy and Commerce on April 12; on May 23, the bill passed the House by a vote of 393-4, and will have to be merged with H.R. 744, which was also passed on May 23. On May 25, H.R. 29 was sent to the Senate and referred to the Committee on Commerce, Science, and Transportation.
 
Bill Number   H.R. 744

Title

Internet Spyware (I-SPY) Prevention Act of 2005 (I-SPY ACT)

Sponsor

Rep. Bob Goodlatte (R-VA)
Co-sponsors H.R. 744 has 13 Co-Sponsors
Summary Identifies specific acts as criminal offenses in an effort to discourage spyware. This legislation was originally introduced during the 108th Congress and passed the House of Representatives by a vote of 415-0.
Latest Update Introduced on February 10 and referred to the House Committee on the Judiciary. On May 23, H.R. 744 passed the House by a vote of 395-1, and on May 24, it was sent to the Senate and referred to the Committee on the Judiciary.
Phishing
Bill Number   S. 472

Title

Anti-Phishing Act of 2005

Sponsor

Senator Patrick Leahy (D-VT)
Co-sponsor Sen. Charles Schumer (D-NY)
Summary Criminalizes phishing, making it illegal to knowingly carry on any activity that links to websites with the intention of committing a crime; penalizes those who falsely represent themselves as being a legitimate online business and solicit e-mail recipients to provide identification to the phisher. S. 472 is similar to H.R. 1099.
Latest Update Introduced on February 28 and referred to the Senate Judiciary Committee.
 
Bill Number   H.R. 1099

Title

Anti-Phishing Act of 2005

Sponsor

Rep. Darlene Hooley (D-OR)
Co-sponsors Rep. Ed Case (R-HI), Rep. Eliot L. Engel (D-NY), Rep. Carolyn McCarthy (D-NY)
Summary H.R. 1099 criminalizes phishing, making it illegal to knowingly carry on any activity that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher. This legislation is similar to S. 472.
Latest Update Rep. Dooley introduced H.R. 1099 on March 3, when it was then referred to the House Committee on the Judiciary. On May 10, it was then referred to the Subcommittee on Crime, Terrorism, and Homeland Security.
Privacy / Identity Theft Protection / Data Warehouses
Bill Number   S. 29

Title

Social Security Number Misuse Prevention Act

Sponsor

Senator Dianne Feinstein (D-CA)
Co-sponsors Sen. Patrick Leahy (D-VT), Sen. Judd Gregg (R-NH), Sen. John E. Sununu (R-NH), Sen. Bill Nelson (D-FL)
Summary This bill amends the Federal criminal code to prohibit the display, sale, or purchase of social security numbers without the affirmatively expressed consent of the individual, except in specified circumstances. It directs the Attorney General to study and report to Congress on all the uses of social security numbers permitted, required, authorized, or excepted under any Federal law, including the impact of such uses on privacy and data security. S. 29 establishes a public records exception to the prohibition and directs the Comptroller General to study and report to Congress on social security numbers in public records. The Attorney General is granted rulemaking authority to enforce this Act's prohibition and to implement and clarify the permitted uses occurring as a result of an interaction between businesses, governments, or business and government.

S. 29 seeks to limit misuse of Social Security numbers and establishes criminal penalties for such misuse.
Latest Update S. 29 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary.
 
Bill Number   S. 116

Title

Privacy Act of 2005

Sponsor

Senator Dianne Feinstein (D-CA)
Summary S. 116 prohibits the sale and disclosure of personally identifiable information by a commercial entity to a non-affiliated third party unless prescribed procedures for notice and opportunity to restrict such disclosure have been followed. The bill grants the Federal Trade Commission (FTC) enforcement authority. S. 166 also amends Federal criminal law to prohibit the display, sale, or purchase of social security numbers (SSNs) without the affirmatively expressed consent of the individual. This legislation prohibits the use of SSNs on checks issued for payment by governmental agencies and driver's licenses or motor vehicle registrations. It prohibits a commercial entity from requiring disclosure of an individual's SSN in order to obtain goods or services, and it establishes criminal and civil monetary penalties for misuse of an SSN.

S. 116 requires the consent of an individual prior to the sale and marketing of an individual's personally identifiable information.
Latest Update S. 116 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary.
 
Bill Number   S. 500

Title

Information Protection and Security Act

Sponsor

Senator Bill Nelson (D-FL)
Co-sponsor Sen. Hillary Clinton (D-NY)
Summary S. 500 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, S. 500 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.
Latest Update Senator Nelson introduced the Information Protection and Security Act on March 3 and it was then referred to the Committee on Commerce, Science, and Transportation. S. 500 is identical to H.R. 1080, sponsored by Rep. Ed Markey (D-MA).
 
Bill Number   S. 751

Title

Notification of Risk to Personal Data Act

Sponsor

Senator Dianne Feinstein (D-CA)
Co-sponsors Sen. Mark Dayton (D-MN), Sen. John Kyl (R-AZ)
Summary S. 751 requires a business or government entity to notify an individual in writing or email when it is believed that personal information has been compromised, with the exception of situations relating to criminal investigation or national security purposes. Examples of personal information include: Social Security number, driver's license or state identification number, or credit card or bank account information. The bill covers both electronic and non-electronic data, as well as encrypted and non-encrypted data. This bill is based on California law, which is the first and currently the only State law requiring notification of individuals.
Latest Update S. 751 was introduced on April 11, 2005 and referred to the Committee on the Judiciary.
 
Bill Number   S. 768

Title

Comprehensive Identity Theft Prevention Act

Sponsor

Senator Charles Schumer (D-NY)

Co-sponsors

Sen. Bill Nelson (D-FL), Sen. Mark Dayton (D-MN), Sen. Edward Kennedy (D-MA), Sen. Barbara Boxer (D-CA), Sen. Byron Dorgan (D-ND)
Summary S. 768 creates a new Federal Trade Commission (FTC) office of identity theft to help victims restore their identities. This office will promulgate regulations for data brokers, governing the sale, maintenance, collection, or transfer of sensitive personal information, including a requirement that reasonable steps are taken to prevent unauthorized access to sensitive personal information; penalties have been established for violators. The bill includes a breach notification provision. S. 768 also establishes an annual identity theft report, will not interfere with provisions of the Fair Credit Reporting Act, and preempts state law.
Latest Update S. 768 was introduced on April 12, 2005, and referred to the Committee on Commerce, Science, and Transportation.
 
Bill Number   S. 1216

Title

Financial Privacy Breach Notification Act of 2005

Sponsor

Senator Jon Corzine (D-NJ)
Summary This bill amends the Gramm-Leach-Bliley Act to require a financial institution to promptly notify the following entities whenever a breach of personal information has occurred at such institution: each customer affected by such breach; certain consumer reporting agencies; and appropriate law enforcement agencies. Furthermore, it requires any person that maintains personal information for or on behalf of a financial institution to promptly notify the institution of any case in which such customer information has been breached. Prescribes notification procedures. Finally, it authorizes a customer injured by a violation of this Act to institute a civil action to recover damages and authorizes the Federal Trade Commission to enforce compliance with this Act, including the assessment of fines for violations.
Latest Update S. 1216 was introduced on June 9 and was referred to the Senate Committee on Banking, Housing, and Urban Affairs.
 
Bill Number   S. 1326

Title

Notification of Risk to Personal Data Act

Sponsor

Senator Jeff Sessions (R-AL)
Summary Defines "breach of security of the system" as compromise of the security of computerized data that provides a reasonable basis to conclude that sensitive personal information is at significant risk of identity theft. S. 1326 requires any entity that owns or licenses sensitive personal information to implement and maintain "reasonable" security and notification procedures and practices appropriate to the nature of the information; preempts any state laws which relate "in any way to electronic information security standards or notification."
Latest Update S.1326 was introduced on June 28 and referred to the Committee on the Judiciary. The Committee scheduled July 21 to review and mark-up the bill, but will meet separately with member of the Senate Commerce Committee on this and other related legislation. On October 20, S. 1326 was reported out of Committee and placed on the Senate Legislative Calendar.
 
Bill Number   S. 1332

Title

Personal Data Privacy and Security Act of 2005

Sponsor

Senator Arlen Specter (R-PA)

Co-sponsors

Sen. Patrick Leahy (D-VT), Sen. Russell Feingold (D-WI)
Summary S. 1332 deals with different issues relating to identity theft and security breaches, specifically providing security measures that require "business entities" that have info on more than 10,000 US persons to adopt measures, commensurate with the sensitivity of the data and the size and complexity of the entities activities. This bill would encourage the Federal Trade Commission to create a new standard for reasonable security practices, including creating regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal. It does not require total federal preemption of any similar state law except to the extent that the state law is inconsistent with this title.
Latest Update This bill was introduced on June 29 and placed on the Senate Legislative Calendar. On July 1, it was placed on the Senate Legislative Calendar under General Orders.
 
Bill Number   S. 1336

Title

Consumer Identity Protection and Security Act

Sponsor

Senator Mark Pryor (D-AR)
Summary This bill establish procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce. More specifically any consumer may request a consumer reporting agency to place a "security freeze" on their private information file if they feel their information has been compromised. The consumer reporting agency must freeze the information no later than 2 business days after receiving a written or telephone request from the consumer or 24 hours after receiving a secure electronic mail request, and must inform the consumer of the enacted freeze. The freeze will only be terminated if the consumer requests the termination or if the consumer reporting agency determines the freeze was requested due to a material misrepresentation of fact by the consumer.
Latest Update S. 1336 was introduced on June 29 and was referred to the Senate Committee on Commerce, Science, and Transportation.
 
Bill Number   S. 1408
Title Identity Theft Protection Act
Sponsor Senator Gordon Smith (R-OR)
Co-sponsors Sen. Ben Nelson (D-FL), Sen. Daniel Inouye (D-HI), Sen. John McCain (R-AZ), Sen. Mark Pryor (D-AR), Sen. Ted Stevens (R- AK)
Summary S. 1408 strengthens data protection and safeguards, requires data breach notification, and further prevents identity theft. Specifically, S. 1408 allows consumers to "freeze" their credit and requires companies to "develop, implement and maintain an effective information security program." Any entity, whether commercial or non-profit, could be fined $11,000 for each person who experiences a security breach; penalties would be capped at $11 million. Entities with breaches affecting more than 1,000 individuals must notify the FTC, and the agency must publish that information on its Web site. Companies must establish procedures to verify the identities of third parties that want to buy sensitive consumer information. S. 1408 prohibits the "covered entities" from using Social Security numbers in transactions unless their business is dependant on the numbers. Finally, "reasonable" risk of fraud would be the standard for triggering notice of security breaches to consumers (rather than the higher standard of "substantial" risk found in S. 751).

Under this bill, the FTC will promulgate regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal.

This bill also requires the Chairman of the FTC to establish an Information Security Working Group to develop best practices to protect sensitive personal information stored and transferred. The Working Group shall be composed of industry participants, consumer groups, and other interested parties; the group would be required to submit to Congress a report on their findings with 12 months of the establishment of the working group.
Latest Update S. 1408 was introduced on July 14 and referred to the Committee on Commerce, Science and Transportation. On July 28, the Commerce Committee ordered S. 1408 to be reported with an amendment in the nature of a substitute.
 
Bill Number   S. 1461
Title Consumer Identity Protection and Security Act
Sponsor Sen. Richard Shelby (R-AL)
Summary S. 1461 establishes procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce, provide for enforcement of those procedures by the Federal Trade Commission.
Latest Update S. 1461 was introduced on July 21 and referred to the Committee on Banking, Housing and Urban Affairs.
 
Bill Number   S. 1594
Title Financial Privacy Protection Act of 2005
Sponsor Sen. Corzine (D-NJ)
Summary S. 1594 amends the Gramm-Leach-Bliley Act to require each financial institution to develop and maintain a security system designed to prevent any breach with respect to its customer information. The bill prescribes guidelines for: (1) federal functional regulators to issue regulations governing a customer information security system; and (2) financial institutions to notify customers of unauthorized access to customer information.

S. 1594 provides for: (1) civil action for damages by a customer adversely affected by a violation of this Act; (2) injunctions against a financial institution in violation or potential violation of this Act; and (3) civil enforcement actions by state Attorneys General.

Finally, S. 1594 amends the Fair Credit Reporting Act to: (1) require a consumer reporting agency to trigger a fraud alert in a consumer file upon notification by a consumer of a data security breach or suspected breach under this Act; and (2) prohibit the user of a consumer report to take any adverse action with respect to a consumer based solely on the inclusion of a fraud alert, extended alert, or active duty alert in the file of that consumer.
Latest Update Introduced on July 29 and referred to the Committee on Banking, Housing, and Urban Affairs.
 
Bill Number   S. 1789
Title Personal Data Privacy and Security Act of 2005
Sponsor Sen. Arlen Specter (R-PA)
Co-Sponsors Sen. Russell D. Feingold (D-WI), Sen. Dianne Feinstein (D-CA), Sen. Patrick Leahy (D-VT)
Summary S. 1789 aims to prevent and mitigate identity theft, ensure privacy, provide notice of security breaches, and enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
Latest Update Introduced on September 29 and referred to the Committee on the Judiciary. On November 17, by a 13-5 vote, the Senate Judiciary Committee approved S. 1789.
 
Bill Number   H.R. 82
Title Social Security On-line Privacy Protection Act
Sponsor Rep. Rodney Frelinghuysen (R-NJ)
Summary H.R. 82 prohibits an interactive computer service from disclosing to a third party an individual's Social Security number or related personally identifiable information without the individual's prior informed written consent. The bill also requires such service to permit an individual to revoke any consent at any time.

This bill prohibits a second party with possession of an individual's personal information from disclosing that information to a third party without the individual's consent.
Latest Update Rep. Frelinghuysen introduced H.R. 82 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 84
Title Online Privacy Protection Act of 2005
Sponsor Rep. Rodney Frelinghuysen (R-NJ)
Summary H.R. 84 requires the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 (age 13 and above) on the Internet. It makes it unlawful for an operator of a Web site or online service to collect, use, or disclose personal information concerning an individual in a manner that is in violation of prescribed regulations, requiring such operators to protect the confidentiality, security, and integrity of personal information it collects from such individuals. H.R. 84 also provides greater individual control over the collection and use of that information by creating a process for such individuals to consent to or limit the disclosure of such information. Additionally, H.R. 84 directs the FTC to provide incentives for efforts of self-regulation by operators to implement appropriate protections for such information. Finally, it authorizes the States to enforce such regulations by bringing actions on behalf of residents, requiring the State attorney general to first notify the FTC of such action.

This bill requires all websites asking for personal information to disclose to individuals what information is being collected and how the information will be utilized.
Latest Update Rep. Frelinghuysen introduced H.R. 84 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 220
Title Identity Theft Prevention Act of 2005
Sponsor Rep. Ron Paul (R-TX)
Co-sponsors Rep. Roscoe G. Bartlett (R-MD), Rep. Maurice D. Hinchey (D-NY), Rep. Lynn C. Woolsey, (D-CA)
Summary H.R. 220 Amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act and the Internal Revenue Code to prohibit using a Social Security account number except for specified Social Security and tax purposes. The bill also prohibits the Social Security Administration from divulging the Social Security account number of an individual to any Federal, State, or local government agency or instrumentality, or to any other individual. Conversely, no Federal, State, or local government agency or instrumentality may request an individual to disclose his Social Security account number on either a mandatory or a voluntary basis, among other prohibitions.

This bill requires the Federal government to issue new SS numbers within five years of the effective date of the bill; the new SS number will be used solely for social security issues, and the Federal government will cease using SS numbers to identify people. Individuals will have several ID numbers, each applicable to specific agencies.
Latest Update H.R. 220 was introduced on Jan. 4 by Rep. Paul. It was then referred to the Committee on Ways and Means and the Committee on Government Reform. On January 25, the Committee on Ways and Means then referred it to the Subcommittee on Social Security.
 
Bill Number   H.R. 1069
Title Notification of Risk to Personal Data Act
Sponsor Rep. Melissa Bean (D-IL)
Summary This legislation prescribes notification procedures governing any agency, or person engaged in interstate commerce that owns or licenses electronic data containing personal information, following the discovery of a breach of security of the system containing such data. Furthermore, it amends the Gramm-Leach-Bliley Act to require a financial institution, at which a breach of personal information is reasonably believed to have occurred, to promptly notify each affected customer, each pertinent consumer reporting agency, the information clearinghouse established by the Federal Trade Commission (FTC) under this Act, and appropriate law enforcement agencies in any case in which the financial institution has reason to believe that the breach or suspected breach affects a large number of customers. It also requires any person that maintains personal information for or on behalf of a financial institution to notify promptly the financial institution of any case in which such customer information has been, or is reasonably believed to have been, breached.

In addition, the bill amends the Fair Credit Reporting Act to require a consumer reporting agency to maintain a fraud alert file with respect to any consumer upon receiving notice of a breach of personal information from: (1) an agency or person engaged in interstate commerce pursuant to this Act; or (2) a financial institution subject to the Gramm-Leach-Bliley Act. Finally, it authorizes State Attorneys General to bring civil actions in Federal district court to enforce this Act on behalf of the residents of the State and directs the FTC to establish and maintain a clearinghouse to collect and analyze information required under this Act.
Latest Update H.R. 1069 was introduced on March 3 and was referred to the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection; the Committee on Government Reform; and the Financial Services Subcommittee on Financial Institutions and Consumer Credit.
 
Bill Number   H.R. 1078
Title Social Security Number Protection Act of 2005
Sponsor Rep. Ed Markey (D-MA)
Summary This bill amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act (SSA) to establish criminal penalties for the sale and purchase of the Social Security number and Social Security account number of any person, except in certain circumstances such as health, research, law enforcement, or emergency situations.
Latest Update H.R. 1078 was introduced on March 3 and was referred to the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection; and the Committee on Ways and Means.
 
Bill Number   H.R. 1080
Title Information Protection and Security Act
Sponsor Rep. Ed Markey (D-MA)
Co-sponsors There are 20 Co-sponsors
Summary H.R. 1080 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers. H.R. 1080 is identical to S. 500.
Latest Update Introduced on 3/3/05 and referred to the House Committee on Energy and Commerce; on 3/14/05, it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 1263
Title Consumer Privacy Protection Act of 2005
Sponsor Rep. Cliff Stearns (R-FL), Rep. Rick Boucher (D-VA)
Summary This bill protects and enhances consumer privacy by instituting a number of requirements for data collection organizations, specifically to provide notification to consumers and to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer's information.
Latest Update H.R. 1263 was introduced on March 10 and referred to the Committee on Energy and Commerce and the Committee on International Relations. On March 22, the Energy and Commerce Committee then referred H.R. 1263 to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 1745
Title Social Security Number Privacy and Identity Theft Prevention Act of 2005
Sponsor Rep. E. Clay Shaw, Jr. (R-FL)
Co-sponsors There are 40 Co-sponsors
Summary H.R. 1745 amends the Social Security Act to enhance Social Security account number privacy protections, to prevent fraudulent misuse of the Social Security account number, and to otherwise enhance protection against identity theft. Specifically, it:

(1) Specifies restrictions on the sale and display to the general public of Social Security account numbers (SSNs) (or any derivatives) by Federal, State, and local governments and bankruptcy case trustees.
(2) Prohibits the display of SSNs (or any derivatives) on checks issued for payment by such governments.
(3) Prohibits the Federal, State, or local government display of SSNs (or any derivatives) on employee identification cards or tags (IDs).
(4) Prohibits access to the SSNs of other individuals by prisoners employed by Federal, State, or local governments.
(5) Prohibits the selling, purchasing, or displaying of SSNs (with certain exceptions), or the obtaining or use of any individual's SSN to locate or identify such individual with the intent to physically injure or harm such individual or to use the individual's ID for any illegal purpose by any person

H.R. 1745 also subjects to the Fair Credit Reporting Act information regarding a consumer's SSN (and any derivative), and provides that any person who refuses to do business with an individual for refusing to disclose his or her SSN shall be considered to have committed an unfair or deceptive act or practice. Finally, the bill establishes civil and criminal penalties for violations of this Act, and enhanced penalties in cases of terrorism, drug trafficking, crimes of violence, or prior offenses.

Latest Update H.R. 1745 was introduced on April 20 and referred to the Committee on Ways and Means, Financial Services, and Energy and Commerce. On May 13, it was referred to the House Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, and on May 19, it was referred to the House Financial Services Subcommittee on Financial Institutions and Consumer Credit.
 
Bill Number   H.R. 3140
Title Consumer Data Security and Notification Act of 2005
Sponsor Rep. Melissa Bean (D-IL)
Summary This bill expands the protections for sensitive personal information in Federal law to cover the information collection and sharing practices of unregulated information brokers. In addition it enhances information security requirements for consumer reporting agencies and information brokers; and requires consumer reporting agencies, financial institutions, and other entities to notify consumers of data security breaches involving sensitive consumer information.
Latest Update H.R. 3140 was introduced on June 30 and was referred to the House Committee on Financial Services.
 
Bill Number   H.R. 3375
Title Financial Data Security Act of 2005
Sponsor Rep. Deborah Pryce (R-OH)
Co-Sponsors Rep. Michael N. Castle (R-DE), Rep. Dennis Moore (D-KS)
Summary H.R. 3375 amends the Fair Credit Reporting Act to declare that each consumer reporting agency, reporting broker, or reporting collector (consumer reporter) has an obligation to maintain reasonable policies and procedures to protect the security and confidentiality of a consumer's sensitive financial account and identity information against any unauthorized use that is reasonably likely to result in substantial inconvenience or substantial harm to such consumer. The bill prescribes data security safeguards that include: (1) investigations to protect against identity theft and fraudulent transactions; (2) notification alerts to law enforcement agencies, functional regulatory agencies, and affected consumers; (3) investigation and notice requirements for third party agreements; and (4) financial fraud mitigation procedures that offer free file monitoring service for affected consumers.

Additionally, the bill requires the Secretary of the Treasury (Secretary), the Board of Governors of the Federal Reserve System (Board), and the Federal Trade Commission (FTC) jointly to prescribe regulations that shield a consumer reporter from liability under state common law for loss or harm to the consumer subsequent to such reporter's offer of the free file monitoring service. The bill cites conditions under which persons in compliance with the Gramm-Leach Bliley Act governing disclosure of nonpublic personal financial information shall be deemed to be in compliance with this Act. H.R. 3375 preempts state law with respect to the data security safeguards and financial fraud mitigation prescribed by this Act.
Latest Update H.R. 3375 was introduced on July 21 and referred to the House Committee on Financial Services.
 
Bill Number   H.R. 3997
Title Financial Data Protection Act of 2005
Sponsor Rep. Steve LaTourette (R-OH)
Co-Sponsors Rep. Michael N. Castle (R-DE), Rep. Darlene Hooley (D-OR), Rep. Dennis Moore (D-KS), Rep. Deborah Pryce (R-OH)
Summary H.R. 3997 amends the Fair Credit Reporting Act to provide for secure financial data. Specifically, it requires consumer reporters to implement and maintain "reasonable policies and procedures" that protect sensitive financial personal information of consumers. If a breach occurs, the consumer reporter must promptly notify specific entities, and take measures to repair the breach and restore the security and confidentiality of the sensitive financial personal information, and take reasonable measures to restore the integrity of the affected data security safeguards.
Latest Update Introduced on October 6 and referred to the House Committee on Financial Services. On November 9, the Committee held a hearing and it was clear that there was not bi-partisan consensus on the bill. From the comments of Rep. Frank and Chairman Bachus certain provisions of H.R. 3140 may be considered prior to subcommittee mark-up of H.R. 3997.
 
Bill Number   New! H.R. 4127
Title Data Accountability and Trust Act
Sponsor Rep. Cliff Stearns (R-FL)
Co-sponsors Rep. Deborah Pryce (R-OH), Rep. Fred Upton (R-MI), Rep. George Radanovich (R-CA), Rep. Charles Bass (R-NH), Rep. Mary Bono (R-CA), Rep. Michael Ferguson (R-NJ), Rep. Marsha Blackburn (R-TN)
Summary H.R. 4127 would require the implementation of general security policies and procedures by all who own or possess electronic personal information. Entities which own or posses personal information must notify individuals if the entity determines that there is a reasonable basis to conclude there is a significant risk of identity theft. Use of encryption technology creates a presumption that there is no reasonable basis of risk. The FTC is given sole enforcement power of this act and it preempts all state laws and regulations that concern reasonable security measures or notification of security breach.
Latest Update H.R. 4127 introduced October 25 and was marked-up in the House Energy and Commerce Committee's subcommittee on Commerce, Trade and Consumer Protection on November 3, 2005. Subcommittee Chairman Stearns offered a number of manager amendments which were accepted. The bill was passed out of subcommittee although with no minority support. Next action will be full committee mark-up which, as of date of publication, is unknown.
Homeland Security
Bill Number   S. 140
Title Domestic Defense Fund Act of 2005
Sponsor Senator Hillary Clinton (D-NY)
Co-sponsor Sen. Charles E. Schumer (D-NY)
Summary S. 140 provides for a domestic defense fund to improve the Nation's homeland defense by authorizing the Secretary of Homeland Security to award grants to States, units of local government, and Indian tribes for homeland security development. The grant awardees are required to develop a homeland security plan identifying both short- and long-term homeland security needs, among other items. 70 percent of grant funds are required to be allocated among metropolitan cities and urban counties based on the Secretary's calculations of various infrastructure vulnerabilities and threats such as proximity to international borders, nuclear or other energy facilities, air, rail or water transportation, and national icons and Federal buildings.
Latest Update Senator Hillary Clinton introduced S. 140 on January 24. It was referred to the Senate Committee on Homeland Security and Governmental Affairs, where introductory remarks were made on February 15.
 
Bill Number   H.R. 91
Title Smarter Funding for All of America's Homeland Security Act of 2005
Sponsor Rep. Rodney P. Frelinghuysen (R-NJ)
Co-sponsors There are 11 Co-sponsors
Summary H.R. 91 modifies the DHS grant program, authorizing the Secretary of Homeland Security to make grants to first responders. One new criterion will be "Threats to major communications nodes, including cyber and telephonic nodes."
Latest Update Rep Rodney Frelinghuysen introduced H.R. 91 on January 4. It was referred to the Committee on Homeland Security (Select), and also referred to the Committees on Transportation and Infrastructure, the Judiciary, and Energy and Commerce for consideration of provisions as they fall within the jurisdiction of the committee concerned. On February 25, it was referred to the Subcommittee on Health, where it currently is waiting for action by the Chairman.
Healthcare
Bill Number   S. 1223
Title Information Technology for Health Care Quality Act
Sponsor Senator Christopher Dodd (D-CT)
Co-sponsor Sen. Jim Jeffords (I-VT)
Summary Amends the Public Health Service Act to improve the quality and efficiency of health care delivery through improvements in health care information technology. It establishes within the executive office of the President an Office of Health Information Technology, which will be headed by a Director appointed by the President. The Office will develop a national strategy for improving the quality and enhancing the efficiency of health care through the improved use of health information technology and the creation of a National Health Information Infrastructure, and serve as the principle advisor to the President concerning health information technology.
Latest Update S. 1223 was introduced on June 9 and referred to the Senate Committee on Health, Education, Labor, and Pensions.
 
Bill Number   S. 1262
Title Technology to Enhance Quality Act of 2005 (Health TEQ)
Sponsor Senator Bill Frist (R-TN)
Co-sponsors There are 12 Co-sponsors
Summary The Health Technology to Enhance Quality Act of 2005 implements health information technology standards that would guide the design and operation of interoperable health information systems. The legislation codifies the Office of National Coordinator for Information Technology and establishes standards for the electronic exchange of health information. The bill also authorizes grants to local and regional consortiums to implement health information technology infrastructure that is compliant with national standards and establishes measures to assess the quality of care. Finally, it establishes standard quality measures to better assess the value of federal programs.
Latest Update Introduced on June 16 and referred to the Committee on Health, Education, Labor, and Pensions. On July 18 and July 21, introductory remarks were made. Elements of S. 1262 and S. 1355 were rolled into S. 1418, and on November 18, it was passed in the Senate. S. 1418 codifies the Office of the National Coordinator of Health Information Technology.
 
Bill Number   H.R. 2234
Title The 21st Century Health Information Act of 2005
Sponsor Rep. Tim Murphy (R-PA)
Co-sponsors There are 18 Co-sponsors
Summary HR 2234 authorizes the Secretary of Health and Human Services (HHS) to create grants that will assist in establishing regional health information organizations; these organizations will create a network of integrated health information technology. The bill contains no explicit security standards, but requires each recipient of an HHS grant to submit a plan detailing the proposed network and how the network will be supported and secured. H.R. 2234 places itself squarely within the confines of HIPAA's privacy and security rules, so there are no new standards; however it does include language regarding certification the systems will require prior to being eligible for purchase with government grant money. Also of note, the bill requires the operators of these regional health information organizations to report both to the secretary of HHS and to the individual affected if personally identifiable information is compromised or if unauthorized access occurs. The operator must report the conditions of such unauthorized access to the Secretary but merely notify the individual.
Latest Update HR 2234 was introduced on May 10 and then referred to the Committee on Energy and Commerce and the Committee on Ways and Means. On May 23, the Committee on Energy and Commerce referred the bill to the Subcommittee on Health. On November 4, introductory remarks were made.
 
Bill Number   H.R. 2762
Title Demonstration Project: Internet-Based Submission Form
Sponsor Rep. Rob Andrews (D-NJ)
Summary Directs the Secretary of Health and Human Services to implement a three-year demonstration project to provide for the use of the Internet for the electronic submission of claims by providers of services under the Medicare program for which the HCFA-1500 claim form is utilized.
Latest Update On June 7, H.R. 2762 was introduced and referred to the Committee on Ways and Means, and the Committee on Energy and Commerce. On June 17, the Committee on Energy and Commerce then referred the bill to the Subcommittee on Health.
IP and Telecom Services
Bill Number   S. 1063
Title I.P.-Enabled Voice Communications and Public Safety Act
Sponsor Senator Bill Nelson (D-FL)
Co-sponsors Sen. Hillary Clinton (D-NY), Sen. Conrad Burns (D-MT), Sen. Olympia Snowe (R-ME)
Summary S. 1063 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service.
Latest Update On May 18, Senator Bill Nelson introduced S. 1063, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was referred to the Committee on Commerce, Science, and Transportation. Rep. Bart Gordon of Tennessee introduced a companion bill in the House, H.R. 2418, on May 18. On November 2, the Committee on Foreign Relations ordered the bill to be reported out with an amendment in the nature of a substitute.
 
Bill Number   New! S. 1504
Title Broadband Investment and Consumer Choice Act
Sponsor Sen. John Ensign (R-NV)
Co-sponsors Sen. John McCain (R-AZ), Sen. Jim DeMint (R-SC), Sen. Trent Lott (R-MS), Sen. Sam Brownback (R-KS), Sen. Lindsey Graham (R-SC), Sen. Larry E. Craig (R-ID)
Summary S. 1504 establishes a market-driven telecommunications marketplace, to eliminate government managed competition of existing communication service, and to provide parity between functionally equivalent services. Specifically, this bill prohibits any state or local government from regulating direct-to-home satellite services, and directs the Federal Communications Commission (FCC) to forbear from regulating mobile services unless determined necessary because of lack of competition or for the protection of public health and safety. It requires the FCC to prescribe regulations to promote: (1) competition and diversity in the multichannel video programming market; and (2) the continuing development of communications technologies. And S.1054 sets forth requirements for state- or locally-owned networks seeking to provide communications service and requires such governments to have an open bidding process allowing non-governmental entities to compete for the provision of such service.
Latest Update This bill was introduced on July 27 and referred to the Committee on Commerce, Science, and Transportation.
 
Bill Number   H.R. 214
Title Advanced Internet Communications Services Act of 2005
Sponsor Rep. Cliff Stearns (R-FL)
Co-sponsor Rep. Rick Boucher (D-VA)
Summary The bill aims to promote deployment of and investment in advanced Internet communications services. It gives the Federal Communications Commission (FCC) exclusive authority regarding advanced Internet communications services, allowing the FCC to impose specific requirements or obligations on providers of advanced Internet communications voice service.
Latest Update Rep. Stearns introduced this bill on January 14 and on February 4, it was referred to House Subcommittee on Telecommunications and the Internet.
 
Bill Number   H.R. 2418
Title I.P.-Enabled Voice Communications and Public Safety Act
Sponsor Rep. Bart Gordon (D-TN)
Summary H.R. 2418 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service.
Latest Update May 18, Rep. Bart Gordon introduced HR 2418, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was introduced in the House Energy and Commerce Committee, which has jurisdiction over telecommunications, as well as Internet, issues. On June 3, it was then referred to the Subcommittee on Telecommunications and the Internet. Senator Bill Nelson of Florida introduced a companion bill in the Senate, S. 1063, on May 19.
Control Systems
Bill Number   H.R. 6  Bill passed and signed into law
Title Energy Policy Act of 2005
Sponsor Rep. Joe Barton (R-TX)
Summary H.R. 6 sets forth an energy research and development program, including: (1) energy efficiency; (2) renewable energy; (3) oil and gas; (4) coal; (5) Indian energy; (6) nuclear matters and security; (7) vehicles and motor fuels, including ethanol; (8) hydrogen; (9) electricity; and (10) energy tax incentives. Two prevalent cyber security-related measures in this bill include: a provision for the President, the Nuclear Regulatory Commission, and other appropriate Federal, State, and local agencies and private entities, to conduct a study of nuclear facility threats, including an assessment of physical, cyber, biochemical, and other terrorist threats; and an amendment regarding electric reliability standards, which is defined as providing for reliable operation of bulk-power system facilities, including cybersecurity protection. In reference to electric reliability standards, H.R. 6 includes cybersecurity threats when defining “reliable operation” to mean: “operating the elements of the bulk-power system within equipment and electric system thermal, voltage, and stability limits so that instability, uncontrolled separation, or cascading failures of such system will not occur as a result of a sudden disturbance, including a cybersecurity incident, or unanticipated failure of system elements.” And finally, “cybersecurity incident” is defined as “a malicious act or suspicious event that disrupts, or was an attempt to disrupt, the operation of those programmable electronic devices and communication networks including hardware, software and data that are essential to the reliable operation of the bulk power system.”
Latest Update On April 18, H.R. 6 was introduced and referred to the following Committees: Energy and Commerce; Education and the Workforce; Financial Services; Agriculture; Resources; Science; Ways and Means; and Transportation and Infrastructure. The House Energy and Commerce Committee then referred it to the Subcommittee on Energy and Air Quality, and the House Resources Committee held Committee Consideration and Mark-up Session on April 13, prior to introduction. On April 19, the Rules Committee Resolution (H. Res. 219) was reported to the House, which subsequently passed the House on April 20. On April 20 and 21, the House debated several amendments, passed by a vote of 249-183, and on April 26, it was received in the Senate. On June 9, H.R. 6 was placed on the Senate Legislative Calendar. It appears that the companion bill in the Senate, S. 10, does not contain any provisions relating to cyber security.

On June 14, the Senate received the bill, and on June 28, it passed by a vote of 85-12. A conference was held in late July to reconcile H.R. 6 and S. 10 and the bill was signed into law by the President on August 8.
 
Bill Number   New! S.1995
Title Wastewater Treatment Works Security Act of 2005
Sponsor Sen. James M. Jeffords (I-VT)
Co-Sponsors Sen. Frank R. Lautenberg (D-NJ), Sen. Barbara Boxer (D-CA), Sen. Barack Obama (D-IL)
Summary S.1995 enhances the security of wastewater treatment works.
Latest Update S.1995 was introduced on November 10; introductory remarks were made, and it was referred to the Committee on Environment and Public Works.