Cyber Security Industry Alliance Newsletter •  Volume 3, Number 12  • November 2007

Legislative Update

Learn more from CSIA:

Cyber Crime
Bill Number S 2168
Identity Theft Enforcement and Restitution Act of 2007
Title A bill to amend title 18, United States Code, to enable increased federal prosecution of identity theft crimes and to allow for restitution to victims of identity theft.
Sponsor Sen Leahy, Patrick J. [VT]
Co–Sponsors Sen Biden, Joseph R., Jr. [DE]
Sen Durbin, Richard [IL]
Sen Feinstein, Dianne [CA]
Sen Grassley, Chuck [IA]
Sen Hatch, Orrin G. [UT]
Sen Inouye, Daniel K. [HI]
Sen Nelson, Bill [FL]
Sen Pryor, Mark L. [AR]
Sen Schumer, Charles E. [NY]
Sen Specter, Arlen [PA]
Sen Stevens, Ted [AK]
Summary ***NONE***
Latest
Update
Nov 15, 2007: Passed Senate with amendments by Unanimous Consent.
 
Bill Number HR 2290
Cyber–Security Enhancement Act of 2007
Title To amend title 18, United States Code, to better assure cyber–security, and for other purposes.
Sponsor Rep Schiff, Adam B. [CA–29]
Co–Sponsors Rep Carson, Julia [IN–7]
Rep Chabot, Steve [OH–1]
Rep Davis, Artur [AL–7]
Rep Delahunt, William D. [MA–10]
Rep Engel, Eliot L. [NY–17]
Rep Eshoo, Anna G. [CA–14]
Rep Gillibrand, Kirsten E. [NY–20]
Rep Goodlatte, Bob [VA–6]
Rep Issa, Darrell E. [CA–49]
Rep Jackson–Lee, Sheila [TX–18]
Rep Kind, Ron [WI–3]
Rep Klein, Ron [FL–22]
Rep Langevin, James R. [RI–2]
Rep Lungren, Daniel E. [CA–3]
Rep McCaul, Michael T. [TX–10]
Rep McCotter, Thaddeus G. [MI–11]
Rep McCrery, Jim [LA–4]
Rep McNerney, Jerry [CA–11]
Rep Sanchez, Linda T. [CA–39]
Rep Thompson, Bennie G. [MS–2]
Rep Wexler, Robert [FL–19]
Summary Cyber–Security Enhancement Act of 2007 – Amends the federal criminal code to: (1) prohibit accessing a protected computer to obtain a unique identification number, address or routing code, or access device; (2) revise the definition of "protected computer" to include computers affecting interstate or foreign commerce or communication; (3) expand the definition of "racketeering" to include computer fraud; (4) redefine the crime of computer–related extortion to include threats to access without authorization (or to exceed authorized access of) a protected computer; (5) impose criminal penalties for conspiracy to commit computer fraud; (6) require forfeiture of property used to commit computer fraud; and (7) impose criminal penalties for damaging 10 or more protected computers during any one–year period.

Directs the U.S. Sentencing Commission to review and amend its guidelines and policy statements to reflect congressional intent to increase criminal penalties for computer fraud.

Authorizes additional appropriations in FY2007–FY2011 to the U.S. Secret Service, the Department of Justice, and the Federal Bureau of Investigation (FBI) to investigate and prosecute criminal activity involving computers.
Latest
Update
6/25/2007: Referred to the Subcommittee on Crime, Terrorism, and Homeland Security.
Data Security & Breach Notification
Bill Number S 1178
Identity Theft Prevention Act Identity Theft Prevention Act
Title A bill to strengthen data protection and safeguards, require data breach notification, and further prevent identity theft.
Sponsor Sen Inouye, Daniel K. [HI]
Co–Sponsors Sen Nelson, Bill [FL]
Sen Pryor, Mark L. [AR]
Sen Smith, Gordon H. [OR]
Sen Stevens, Ted [AK]
Summary Identity Theft Prevention Act – Requires any commercial entity or charitable, educational, or nonprofit organization that acquires, maintains, or uses sensitive personal information (covered entity) to develop, implement, maintain, and enforce a written program, containing administrative, technical, and physical safeguards, for the security of sensitive personal information it collects, maintains, sells, transfers, or disposes of. Defines "sensitive personal information" as an individual's name, address, or telephone number combined with at least one of the following relating to that individual: (1) the social security number or numbers derived from that number; (2) financial account or credit or debit card numbers combined with codes or passwords that permit account access, subject to exception; or (3) a state driver's license or resident identification number.

Requires a covered entity: (1) to report a security breach to the Federal Trade Commission (FTC); (2) if the entity determines that the breach creates a reasonable risk of identity theft, to notify each affected individual; and (3) if the breach involves at least 1,000 individuals, to notify all consumer reporting agencies specified in the Fair Credit Reporting Act.

Authorizes a consumer to place a security freeze on his or her credit report by making a request to a consumer credit reporting agency. Prohibits a reporting agency, when a freeze is in effect, from releasing the consumer's report for credit review purposes without the consumer's prior express authorization. Sets forth other security freeze requirements.

Requires: (1) the establishment of the Information Security and Consumer Privacy Advisory Committee; (2) a related crime study, including the correlation between methamphetamine use and identity theft crimes.

Treats any violation of this Act as an unfair or deceptive act or practice under the Federal Trade Commission Act. Requires enforcement under other specified laws. Allows enforcement by state attorneys general. Preempts state laws requiring notification of affected individuals of security breaches.
Latest
Update
4/25/2007: Committee on Commerce, Science, and Transportation. Ordered to be reported with amendments favorably.
 
Bill Number S 1260
The Data Security Act of 2007
Title A bill to protect information relating to consumers, to require notice of security breaches, and for other purposes.
Sponsor Sen Carper, Thomas R. [DE]
Co–Sponsors Sen Bennett, Robert F. [UT]
Sen Crapo, Mike [ID]
Sen Johnson, Tim [SD]
Summary Data Security Act of 2007 – Prescribes security procedures which an entity that maintains or communicates sensitive account or personal information must implement and enforce in order to protect the information from an unauthorized use likely to result in substantial harm or inconvenience to the consumer.

Grants exclusive enforcement powers to specified federal regulatory agencies with oversight of financial institutions.

Denies a private right of action, including a class action, regarding any act or practice regulated under this Act.

Prohibits any civil or criminal action in state court or under state law relating to any act or practice governed under this Act.

Prescribes data security standards to be implemented by federal agencies.

Preempts state law with respect to the responsibilities of any person to protect against and investigate such data security breaches and mitigate any losses or harm resulting from them.
Latest
Update
5/1/2007:Read twice and referred to the Committee on Banking, Housing, and Urban Affairs.
 
Bill Number S 1558
Federal Agency Data Breach Protection Act
Title A bill to amend title 14, United States Code, to strengthen requirements related to security breaches of data involving the disclosure of sensitive personal information.
Sponsor Sen Coleman, Norm [MN]
Co–Sponsors None
Summary Federal Agency Data Breach Protection Act – Amends federal law governing public printing and documents to instruct the Director of Office of Management and Budget (OMB) to establish policies, procedures, and standards for agencies to follow in the event of a breach of data security involving disclosure of sensitive personal information for which harm to an individual could reasonably be expected to result.

Requires such policies and procedures to include: (1) timely notification to individuals whose sensitive personal information could be compromised as a result of a breach; (2) guidance on determining how to provide timely notice; and (3) guidance regarding whether additional special actions are necessary and appropriate, including data breach analysis, fraud resolution services, identity theft insurance, and credit protection or monitoring services.

Authorizes each agency Chief Information Officer to: (1) enforce data breach policies; and (2) develop an inventory of all personal computers, laptops, or any other hardware containing sensitive personal information.

Requires federal agency information security programs to include data breach notification procedures to alert individuals whose sensitive personal information is compromised.

Makes it the duty of each agency Chief Human Capital Officer to prescribe policies and procedures for employee exit interviews, including a full accounting of all federal personal property assigned to the employee during the course of employment.
Latest
Update
6/6/2007 Referred to Senate committee. Status: Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
 
Bill Number S 238
Social Security Number Misuse Prevention Act
Title A bill to amend title 18, United States Code, to limit the misuse of Social Security numbers, to establish criminal penalties for such misuse, and for other purposes.
Sponsor Sen Feinstein, Dianne [CA]
Co–Sponsors Sen Gregg, Judd [NH]
Sen Leahy, Patrick J. [VT]
Sen Lincoln, Blanche L. [AR]
Sen Nelson, Bill [FL]
Sen Snowe, Olympia J. [ME]
Sen Sununu, John E. [NH]
Summary Social Security Number Misuse Prevention Act – Amends the federal criminal code to prohibit the display, sale, or purchase of Social Security numbers without the affirmatively expressed consent of the individual, except in specified circumstances. Directs the Attorney General to study and report to Congress on all the uses of Social Security numbers permitted, required, authorized, or excepted under any federal law, including the impact of such uses on privacy and data security.

Establishes a public records exception to the prohibition. Directs the Comptroller General to study and report to Congress on Social Security numbers in public records. Grants the Attorney General rulemaking authority to enforce this Act's prohibition and to implement and clarify the permitted uses occurring as a result of an interaction between businesses, governments, or business and government.

Amends title II (Old Age, Survivors, and Disability Insurance) of the Social Security Act (SSA) to prohibit: (1) the use of Social Security numbers on checks issued for payment by governmental agencies; and (2) inmate access to Social Security account numbers.

Prohibits a commercial entity from requiring an individual to provide a Social Security number when purchasing a commercial good or service or denying an individual the good or service for refusing to provide that number, with exceptions. Establishes civil and criminal penalties.

Extends civil monetary penalties for misuse of a Social Security number.

Provides for: (1) criminal penalties under SSA title II for the misuse of a Social Security number; (2) civil actions and civil penalties against persons who violate this Act; and (3) federal injunctive authority with respect to any violation by a public entity.
Latest
Update
3/21/2007 Senate committee/subcommittee actions. Status: Committee on the Judiciary Senate Subcommittee on Terrorism, Technology and Homeland Security. Hearings held.
 
Bill Number S 239
Notification of Risk to Personal Data Act of 2007
Title A bill to require Federal agencies, and persons engaged in interstate commerce, in possession of data containing sensitive personally identifiable information, to disclose any breach of such information.
Sponsor Sen Feinstein, Dianne [CA]
Co–Sponsors None
Summary Notification of Risk to Personal Data Act of 2007 – Requires any federal agency or business entity engaged in interstate commerce that uses, accesses, transmits, stores, disposes of, or collects sensitive, personally identifiable information, following the discovery of a security breach, to notify (as specified): (1) any U.S. resident whose information may have been accessed or acquired; and (2) the owner or licensee of any such information the agency or business does not own or license.

Exempts: (1) agencies from notification requirements for national security and law enforcement purposes and for security breaches that do not have a significant risk of resulting in harm, provided specified certification or notice is given to the U.S. Secret Service; and (2) business entities from notification requirements if the entity utilizes a security program that blocks unauthorized financial transactions and provides notice of a breach to affected individuals.

Requires notifications regarding security breaches under specified circumstances to the Secret Service, the Federal Bureau of Investigation, the United States Postal Inspection Service, and state attorneys general.
Sets forth enforcement provisions.

Authorizes appropriations for costs incurred by the Secret Service to investigate and conduct risk assessments of security breaches.
Latest
Update
5/31/2007: Placed on Senate Legislative Calendar under General Orders. Calendar No. 180.
 
Bill Number S 495
Personal Data Privacy and Security Act of 2007
Title A bill to prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
Sponsor Sen Leahy, Patrick J. [VT]
Co–Sponsors Sen Brown, Sherrod [OH]
Sen Cardin, Benjamin L. [MD]
Sen Feingold, Russell D. [WI]
Sen Sanders, Bernard [VT]
Sen Schumer, Charles E. [NY]
Sen Specter, Arlen [PA]
Summary Personal Data Privacy and Security Act of 2007 – Amends the federal criminal code to: (1) make fraud in connection with the unauthorized access of sensitive personally identifiable information (in electronic or digital form) a predicate for racketeering charges; and (2) prohibit concealment of security breaches involving such information.

Directs the U.S. Sentencing Commission to review and amend its guidelines relating to fraudulent access to, or misuse of, digitized or electronic personally identifiable information (including identify theft).

Requires a data broker to: (1) disclose to an individual, upon request, personal electronic records pertaining to such individual maintained for disclosure to third parties; and (2) maintain procedures for correcting the accuracy of such records.

Establishes standards for developing and implementing safeguards to protect the security of sensitive personally identifiable information. Imposes upon business entities civil penalties for violations of such standards. Requires such business entities to notify: (1) any individual whose information has been accessed or acquired; and (2) the U.S. Secret Service if the number of individuals involved exceeds 10,000.

Authorizes the Attorney General and state attorney generals to bring a civil actions against business entities for violations of this Act.

Requires the Administrator of the General Services Administration in considering contract awards totaling more than $500,000, to evaluate: (1) the data privacy and security program of a data broker; (2) program compliance; (3) the extent to which databases and systems have been compromised by security breaches; and (4) data broker responses to such breaches.

Requires federal agencies to conduct a privacy impact assessment before purchasing personally identifiable information from a data broker.
Latest
Update
5/23/2007: Placed on Senate Legislative Calendar under General Orders. Calendar No. 168.
 
Bill Number HR 2124
Federal Agency Data Breach Protection Act
Title To amend title 44, United States Code, to strengthen requirements related to security breaches of data involving the disclosure of sensitive personal information.
Sponsor Rep Davis, Tom [VA–11]
Co–Sponsors None
Summary Federal Agency Data Breach Protection Act – Amends federal law governing public printing and documents to instruct the Director of Office of Management and Budget (OMB) to establish policies, procedures, and standards for agencies to follow in the event of a breach of data security involving disclosure of sensitive personal information for which harm to an individual could reasonably be expected to result.

Requires such policies and procedures to include: (1) timely notification to individuals whose sensitive personal information could be compromised as a result of a breach; (2) guidance on determining how to provide timely notice; and (3) guidance regarding whether additional special actions are necessary and appropriate, including data breach analysis, fraud resolution services, identity theft insurance, and credit protection or monitoring services.

Authorizes each agency Chief Information Officer to: (1) enforce data breach policies; and (2) develop an inventory of all personal computers, laptops, or any other hardware containing sensitive personal information.

Requires federal agency information security programs to include data breach notification procedures to alert individuals whose sensitive personal information is compromised.

Makes it the duty of each agency Chief Human Capital Officer to prescribe policies and procedures for employee exit interviews, including a full accounting of all federal personal property assigned to the employee during the course of employment.
Latest
Update
5/16/2007 Referred to House subcommittee. Status: Referred to the Subcommittee on Government Management, Organization, and Procurement.
 
Bill Number HR 3046
Social Security Number Privacy and Identity Theft Prevention Act of 2007
Title To amend the Social Security Act to enhance Social Security account number privacy protections, to prevent fraudulent misuse of the Social Security account number, and to otherwise enhance protection against identity theft, and for other purposes.
Sponsor Rep McNulty, Michael R. [NY–21]
Co–Sponsors Rep Becerra, Xavier [CA–31]
Rep Blumenauer, Earl [OR–3]
Rep Bordallo, Madeleine Z. [GU]
Rep Brown, Corrine [FL–3]
Rep Brown–Waite, Ginny [FL–5]
Rep Capps, Lois [CA–23]
Rep Carter, John R. [TX–31]
Rep Davis, Danny K. [IL–7]
Rep DeFazio, Peter A. [OR–4]
Rep Delahunt, William D. [MA–10]
Rep Doggett, Lloyd [TX–25]
Rep Emanuel, Rahm [IL–5]
Rep Farr, Sam [CA–17]
Rep Filner, Bob [CA–51]
Rep Foxx, Virginia [NC–5]
Rep Gohmert, Louie [TX–1]
Rep Hastings, Doc [WA–4]
Rep Higgins, Brian [NY–27]
Rep Hinchey, Maurice D. [NY–22]
Rep Johnson, Sam [TX–3]
Rep Kilpatrick, Carolyn C. [MI–13]
Rep King, Peter T. [NY–3]
Rep Kuhl, John R. "Randy", Jr. [NY–29]
Rep Larson, John B. [CT–1]
Rep Latham, Tom [IA–4]
Rep Levin, Sander M. [MI–12]
Rep Lewis, John [GA–5]
Rep Lewis, Ron [KY–2]
Rep Lowey, Nita M. [NY–18]
Rep Matsui, Doris O. [CA–5]
Rep McCarthy, Carolyn [NY–4]
Rep McCollum, Betty [MN–4]
Rep McCrery, Jim [LA–4]
Rep McHugh, John M. [NY–23]
Rep McMorris Rodgers, Cathy [WA–5]
Rep Meek, Kendrick B. [FL–17]
Rep Miller, George [CA–7]
Rep Miller, Jeff [FL–1]
Rep Obey, David R. [WI–7]
Rep Pascrell, Bill, Jr. [NJ–8]
Rep Pastor, Ed [AZ–4]
Rep Pomeroy, Earl [ND]
Rep Rangel, Charles B. [NY–15]
Rep Rodriguez, Ciro D. [TX–23]
Rep Sanchez, Linda T. [CA–39]
Rep Saxton, Jim [NJ–3]
Rep Schakowsky, Janice D. [IL–9]
Rep Sestak, Joe [PA–7]
Rep Reyes, Silvestre [TX–16]
Rep Stark, Fortney Pete [CA–13]
Rep Sullivan, John [OK–1]
Rep Wolf, Frank R. [VA–10]
Rep Woolsey, Lynn C. [CA–6]
Summary Social Security Number Privacy and Identity Theft Prevention Act of 2007 – (Sec. 2) Amends title II (Old Age, Survivors and Disability Insurance) (OASDI) of the Social Security Act (SSA) to: (1) specify restrictions on the sale and display to the general public of Social Security account numbers (SSNs) by governmental entities; (2) prohibit the display of SSNs (or any derivatives) on checks issued for payment by such entities; (3) prohibit governmental entity display of SSNs (or any derivatives) on employee identification cards or tags (IDs); (4) prohibit access to the SSNs of other individuals by prisoners employed by governmental entities; (5) prohibit the selling, purchasing, or displaying of SSNs (with certain exceptions) to the general public, or the acquisition or use of any individual's SSN to locate or identify such individual with the intent to physically injure or harm him or her, or to use the individual's ID for any illegal purpose by any person; (6) provide for uniform standards for truncation of an SSN; and (7) establish new criminal penalties for the misuse of SSNs.

(Sec. 10) Amends SSA title XI to provide for the imposition of civil monetary penalties for specified offenses involving SSNs or Social Security cards.

(Sec. 11) Imposes: (1) new criminal penalties upon Social Security Administration employees who knowingly and fraudulently issue Social Security cards or SSNs; and (2) enhanced penalties in cases of terrorism, drug trafficking, crimes of violence, or prior offenses.

(Sec. 13) Amends SSA title XI with respect to regulatory and enforcement authority with respect to misuse of SSNs.

(Sec. 14) Directs the Commissioner of Social Security to enter into an arrangement with the National Research Council to study and report to the Commissioner and Congress on: (1) the extent of the use of SSNs as a primary means of authenticating identity or for verification in commercial transactions; and (2) the feasibility of a prohibition on such use. Requires the study also to examine possible alternatives to SSNs for such uses.
Latest
Update
9/24/2007 Reported (Amended) by the Committee on Ways and Means. H. Rept. 110–339.
9/24/2007 Placed on the Union Calendar, Calendar No. 210.
 
Bill Number HR 836
Cyber–Security Enhancement and Consumer Data Protection Act of 2007
Title To amend title 18, United States Code, to better assure cyber–security, and for other purposes.
Sponsor Rep Smith, Lamar [TX–21]
Co–Sponsors Rep Chabot, Steve [OH–1]
Rep Coble, Howard [NC–6]
Rep Forbes, J. Randy [VA–4]
Rep Franks, Trent [AZ–2]
Rep Gallegly, Elton [CA–24]
Rep Goodlatte, Bob [VA–6]
Rep Lungren, Daniel E. [CA–3]
Rep Pence, Mike [IN–6]
Rep Platts, Todd Russell [PA–19]
Summary Cyber–Security Enhancement and Consumer Data Protection Act of 2007 – Amends the federal criminal code to: (1) prohibit accessing or remotely controlling a protected computer to obtain identification information; (2) revise the definition of "protected computer" to include computers affecting interstate or foreign commerce or communication; (3) expand the definition of racketeering to include computer fraud; (4) redefine the crime of computer–related extortion to include threats to access without authorization (or to exceed authorized access of) a protected computer; (5) impose criminal penalties for conspiracy to commit computer fraud; (6) impose a fine and/or five year prison term for failure to notify the U.S. Secret Service or Federal Bureau of Investigation (FBI) of a major security breach (involving a significant risk of identity theft) in a computer system, with the intent to thwart an investigation of such breach; (7) increase to 30 years the maximum term of imprisonment for computer fraud and require forfeiture of property used to commit computer fraud; and (8) impose criminal penalties for damaging 10 or more protected computers during any one–year period.

Directs the U.S. Sentencing Commission to review and amend its guidelines and policy statements to reflect congressional intent to increase criminal penalties for computer fraud.
Authorizes additional appropriations in FY2007–FY2011 to the U.S. Secret Service, the Department of Justice, and the FBI to investigate and prosecute criminal activity involving computers.

Latest
Update
3/1/2007 Referred to House Subcommittee on Crime, Terrorism, and Homeland Security.

 
Bill Number HR 948
Social Security Number Protection Act of 2007
Title To strengthen the authority of the Federal Government to protect individuals from certain acts and practices in the sale and purchase of Social Security numbers and Social Security account numbers, and for other purposes.
Sponsor Rep Markey, Edward J. [MA–7]
Co–Sponsors Rep Baldwin, Tammy [WI–2]
Rep Barton, Joe [TX–6]
Rep Burgess, Michael C. [TX–26]
Rep Butterfield, G. K. [NC–1]
Rep Capps, Lois [CA–23]
Rep Costello, Jerry F. [IL–12]
Rep Cubin, Barbara [WY]
Rep DeGette, Diana [CO–1]
Rep Dingell, John D. [MI–15]
Rep Doyle, Michael F. [PA–14]
Rep Engel, Eliot L. [NY–17]
Rep Eshoo, Anna G. [CA–14]
Rep Filner, Bob [CA–51]
Rep Gonzalez, Charles A. [TX–20]
Rep Gordon, Bart [TN–6]
Rep Green, Gene [TX–29]
Rep Harman, Jane [CA–36]
Rep Hooley, Darlene [OR–5]
Rep Inslee, Jay [WA–1]
Rep Matheson, Jim [UT–2]
Rep McCollum, Betty [MN–4]
Rep Rush, Bobby L. [IL–1]
Rep Schakowsky, Janice D. [IL–9]
Rep Solis, Hilda L. [CA–32]
Rep Stearns, Cliff [FL–6]
Rep Stupak, Bart [MI–1]
Rep Terry, Lee [NE–2]
Rep Upton, Fred [MI–6]
Rep Weiner, Anthony D. [NY–9]
Rep Wilson, Heather [NM–1]
Summary Social Security Number Protection Act of 2007 – Amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act (SSA) to make it unlawful for any person, except in certain circumstances, to: (1) intentionally display the Social Security number of another individual on a website generally accessible to the public or providing an individual with access to another individual's Social Security number through the Internet; (2) require an individual who is a customer of or member associated with such person to use the individual's Social Security number as a password for access to any good or service, including any account or protected access website; or (3) display any individual's Social Security number on any membership or identity card.

Amends SSA title II to make it unlawful for any person to sell or purchase a Social Security number, without an individual's voluntary written consent, in a manner that violates a regulation promulgated by the Federal Trade Commission (FTC), except in certain circumstances related to law enforcement, national security, public health, or emergency safety and health. Prescribes requirements for such a sale or purchase in other circumstances related to consumer credit verification or specified research.

Requires the Commission to study and report to Congress on the feasibility of banning use of the Social Security number as a primary means of authenticating identity or verifying it for commercial transactions. Requires the study also to examine possible alternatives to Social Security numbers for such purposes and uses.

Latest
Update
11/2/2007 House Committee on Ways and Means Granted an extension for further consideration ending not later than Nov. 16, 2007.
 
Bill Number HR 958
Data Accountability and Trust Act
Title To protect consumers by requiring reasonable security policies and procedures to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach.
Sponsor Rep Rush, Bobby L. [IL–1]
Co–Sponsors Rep Baldwin, Tammy [WI–2]
Rep Barton, Joe [TX–6]
Rep Bono, Mary [CA–45]
Rep Burgess, Michael C. [TX–26]
Rep Butterfield, G. K. [NC–1]
Rep Capps, Lois [CA–23]
Rep Cubin, Barbara [WY]
Rep DeGette, Diana [CO–1]
Rep Dingell, John D. [MI–15]
Rep Doyle, Michael F. [PA–14]
Rep Engel, Eliot L. [NY–17]
Rep Eshoo, Anna G. [CA–14]
Rep Gonzalez, Charles A. [TX–20]
Rep Gordon, Bart [TN–6]
Rep Green, Gene [TX–29]
Rep Harman, Jane [CA–36]
Rep Hastert, J. Dennis [IL–14]
Rep Hooley, Darlene [OR–5]
Rep Inslee, Jay [WA–1]
Rep Markey, Edward J. [MA–7]
Rep Schakowsky, Janice D. [IL–9]
Rep Solis, Hilda L. [CA–32]
Rep Stearns, Cliff [FL–6]
Rep Stupak, Bart [MI–1]
Rep Terry, Lee [NE–2]
Rep Upton, Fred [MI–6]
Summary Data Accountability and Trust Act – Requires the Federal Trade Commission ( FTC) to promulgate regulations requiring each person engaged in interstate commerce that owns or possesses electronic data containing personal information to establish security policies and procedures.

Authorizes the FTC to require a standard method or methods for destroying obsolete nonelectronic data.

Requires information brokers to submit their security policies to the FTC in conjunction with a security breach notification or on FTC request. Requires the FTC to conduct or require an audit of security practices when information brokers are required to provide notification of such a breach. Authorizes additional audits after a breach.

Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information.

Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information.

Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).

Prescribes procedures for notification to the FTC and affected individuals of information security breaches. Sets forth special notification requirements for breaches: (1) by contractors who maintain or process electronic data containing personal information; (2) involving telecommunications and computer services; and (3) of health information.

Preempts state information security laws.
Latest
Update
2/9/2007: Referred to the Subcommittee on Commerce, Trade and Consumer Protection.
e–Health
Bill Number S 1693
Wired for Health Care Quality Act
Title A bill to enhance the adoption of a nationwide interoperable health information technology system and to improve the quality and reduce the costs of health care in the United States.
Sponsor Sen Kennedy, Edward M. [MA]
Co–Sponsors Sen Alexander, Lamar [TN]
Sen Burr, Richard [NC]
Sen Clinton, Hillary Rodham [NY]
Sen Enzi, Michael B. [WY]
Sen Gregg, Judd [NH]
Sen Hatch, Orrin G. [UT]
Sen Isakson, Johnny [GA]
Sen Klobuchar, Amy [MN]
Sen Kohl, Herb [WI]
Sen Obama, Barack [IL]
Sen Roberts, Pat [KS]
Sen Sununu, John E. [NH]
Summary Wired for Health Care Quality Act – Amends the Public Health Service Act to establish the Office of the National Coordinator of Health Information Technology.

Establishes a public–private Partnership for Health Care Improvement to recommend specific actions to achieve a nationwide interoperable health information technology infrastructure. Provides for the adoption by the federal government of standards for the electronic exchange of health information.

Establishes the American Health Information Community to provide advice to the Secretary of Health and Human Services and the heads of any relevant federal agencies concerning the policy considerations related to health information technology.

Authorizes the Secretary to award grants for the: (1) purchase of qualified health information technology systems; (2) implementation of regional or local health information plans; and (3) development of academic curricula integrating qualified health information technology systems in the clinical education of health professionals.

Requires the Secretary to provide for the development and use of health care quality measures to measure the quality and efficiency of health care that patients receive.

Extends health information privacy requirements to an operator of a health information electronic database. Gives individuals the right to inspect and obtain a copy of their protected health information stored in electronic format.

Directs the Comptroller General to report on the circumstances in which it is necessary and workable to require that individuals be notified if their individually identifiable health information is wrongly disclosed.

Requires the Secretary, acting through the Director of the Agency for Healthcare Research and Quality, to develop a Health Information Technology Resource Center.
Latest
Update
10/1/2007 By Senator Kennedy from Committee on Health, Education, Labor, and Pensions filed written report. Report No. 110–187.
Internet Safety
Bill Number HR 1008
Safeguarding America's Families by Enhancing and Reorganizing New and Efficient Technologies Act of 2007 SAFER NET Act
Title To improve public awareness in the United States regarding safe use of the Internet through the establishment of an Office of Internet Safety and Public Awareness within the Federal Trade Commission.
Sponsor Rep Bean, Melissa L. [IL–8]
Co–Sponsors Rep Arcuri, Michael A. [NY–24]
Rep Barrow, John [GA–12]
Rep Berkley, Shelley [NV–1]
Rep Berry, Marion [AR–1]
Rep Bordallo, Madeleine Z. [GU]
Rep Boswell, Leonard L. [IA–3]
Rep Boyd, Allen [FL–2]
Rep Butterfield, G. K. [NC–1]
Rep Cardoza, Dennis A. [CA–18]
Rep Chandler, Ben [KY–6]
Rep Cooper, Jim [TN–5]
Rep Costa, Jim [CA–20]
Rep Cramer, Robert E. (Bud), Jr. [AL–5]
Rep Davis, Danny K. [IL–7]
Rep Donnelly, Joe [IN–2]
Rep Doyle, Michael F. [PA–14]
Rep Ellsworth, Brad [IN–8]
Rep Emanuel, Rahm [IL–5]
Rep Grijalva, Raul M. [AZ–7]
Rep Hall, John J. [NY–19]
Rep Hill, Baron P. [IN–9]
Rep Herseth Sandlin, Stephanie [SD]
Rep Hinchey, Maurice D. [NY–22]
Rep Hooley, Darlene [OR–5]
Rep Inslee, Jay [WA–1]
Rep Kind, Ron [WI–3]
Rep Lipinski, Daniel [IL–3]
Rep Lowey, Nita M. [NY–18]
Rep Maloney, Carolyn B. [NY–14]
Rep Marshall, Jim [GA–8]
Rep Matsui, Doris O. [CA–5]
Rep McCarthy, Carolyn [NY–4]
Rep McGovern, James P. [MA–3]
Rep McIntyre, Mike [NC–7]
Rep Meek, Kendrick B. [FL–17]
Rep Melancon, Charlie [LA–3]
Rep Miller, George [CA–7]
Rep Moore, Gwen [WI–4]
Rep Murphy, Patrick J. [PA–8]
Rep Pomeroy, Earl [ND]
Rep Ross, Mike [AR–4]
Rep Schakowsky, Janice D. [IL–9]
Rep Schiff, Adam B. [CA–29]
Rep Schwartz, Allyson Y. [PA–13]
Rep Shuler, Heath [NC–11]
Rep Slaughter, Louise McIntosh [NY–28]
Rep Solis, Hilda L. [CA–32]
Rep Space, Zachary T. [OH–18]
Rep Spratt, John M., Jr. [SC–5]
Rep Tanner, John S. [TN–8]
Rep Wasserman Schultz, Debbie [FL–20]
Rep Wilson, Charles A. [OH–6]
Rep Yarmuth, John A. [KY–3]
Summary Safeguarding America's Families by Enhancing and Reorganizing New and Efficient Technologies Act of 2007 or the SAFER NET Act – Requires the Federal Trade Commission (FTC) to establish an Office of Internet Safety and Public Awareness to be headed by a Director.

Requires the FTC, acting through the Office, to carry out a nationwide program to increase public awareness and education regarding Internet safety, that utilizes existing resources and efforts of all levels of government and other appropriate entities and that includes: (1) evaluating and improving the efficiency of Internet safety efforts provided by such entities; (2) identifying and promoting best practices; (3) establishing and carrying out a national outreach and education campaign; (4) serving as the primary contact in the federal government and as a national clearinghouse for Internet safety information; (5) facilitating access to, and the exchange of, such information; (6) providing expert advice to the FTC; and (7) providing technical, financial, and other appropriate assistance to such entities.
Latest
Update
2/14/2007: Referred to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number HR 3461
Safeguarding America's Families by Enhancing and Reorganizing New and Efficient Technologies Act of 2007
Title To establish a public awareness campaign regarding Internet safety.
Sponsor Rep Bean, Melissa L. [IL–8]
Co–Sponsors Rep Altmire, Jason [PA–4]
Rep Arcuri, Michael A. [NY–24]
Rep Barrow, John [GA–12]
Rep Berkley, Shelley [NV–1]
Rep Blackburn, Marsha [TN–7]
Rep Bono, Mary [CA–45]
Rep Bordallo, Madeleine Z. [GU]
Rep Boswell, Leonard L. [IA–3]
Rep Boyd, Allen [FL–2]
Rep Boyda, Nancy E. [KS–2]
Rep Braley, Bruce L. [IA–1]
Rep Carnahan, Russ [MO–3]
Rep Cooper, Jim [TN–5]
Rep Courtney, Joe [CT–2]
Rep Donnelly, Joe [IN–2]
Rep Doyle, Michael F. [PA–14]
Rep Ellsworth, Brad [IN–8]
Rep Emanuel, Rahm [IL–5]
Rep Gillibrand, Kirsten E. [NY–20]
Rep Grijalva, Raul M. [AZ–7]
Rep Hall, John J. [NY–19]
Rep Herseth Sandlin, Stephanie [SD]
Rep Hill, Baron P. [IN–9]
Rep Holt, Rush D. [NJ–12]
Rep Kind, Ron [WI–3]
Rep Lampson, Nick [TX–22]
Rep Lowey, Nita M. [NY–18]
Rep Matsui, Doris O. [CA–5]
Rep McCarthy, Carolyn [NY–4]
Rep McGovern, James P. [MA–3]
Rep McIntyre, Mike [NC–7]
Rep Moore, Gwen [WI–4]
Rep Murphy, Patrick J. [PA–8]
Rep Pomeroy, Earl [ND]
Rep Ross, Mike [AR–4]
Rep Rothman, Steven R. [NJ–9]
Rep Rush, Bobby L. [IL–1]
Rep Schakowsky, Janice D. [IL–9]
Rep Shimkus, John [IL–19]
Rep Shuler, Heath [NC–11]
Rep Space, Zachary T. [OH–18]
Rep Wasserman Schultz, Debbie [FL–20]
Rep Yarmuth, John A. [KY–3]
Summary Safeguarding America's Families by Enhancing and Reorganizing New and Efficient Technologies Act of 2007 – Requires the Federal Trade Commission (FTC) to carry out a nationwide program to increase public awareness and education regarding Internet safety. Requires that the program use existing resources and efforts of all levels of government and other appropriate entities. Includes in the program activities relating to best practices, a national outreach and education campaign, and information access and exchange.
Latest
Update
11/13/2007 Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by the Yeas and Nays: (2/3 required): 398 – 6 (Roll no. 1085).
 
Bill Number HR 837
Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act (SAFETY) of 2007
Title To amend title 18, United States Code, to protect youth from exploitation by adults using the Internet, and for other purposes.
Sponsor Rep Smith, Lamar [TX–21]
Co–Sponsors Rep Chabot, Steve [OH–1]
Rep Feeney, Tom [FL–24]
Rep Forbes, J. Randy [VA–4]
Rep Franks, Trent [AZ–2]
Rep Gallegly, Elton [CA–24]
Rep Lungren, Daniel E. [CA–3]
Rep McCaul, Michael T. [TX–10]
Rep McCotter, Thaddeus G. [MI–11]
Rep Pence, Mike [IN–6]
Rep Platts, Todd Russell [PA–19]
Summary Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act (SAFETY) of 2007 – Amends the federal criminal code to prohibit: (1) financial transactions in interstate or foreign commerce that facilitate access to, or the possession of, child pornography; and (2) Internet content hosting providers or email service providers from facilitating access to, or the possession of, child pornography.

Amends the Victims of Child Abuse Act of 1990 to: (1) increase monetary penalties for willful failure of electronic communication service providers to report child pornography; and (2) impose new penalties for negligent failure to report.

Requires the Attorney General to issue regulations governing the retention of certain records by Internet Service Providers.

Increases criminal penalties for the sexual exploitation of children and for activities involving the sexual exploitation of children and child pornography.
Requires commercial website operators to place warning marks prescribed by the Federal Trade Commission on web pages that contain sexually explicit materials.
Authorizes appropriations for FY2008–FY2012 for the Innocent Images National Initiative.
Latest
Update
3/1/2007: Referred to House Subcommittee on Crime, Terrorism, and Homeland Security.
Spyware
Bill Number S 1625
Counter Spy Act
Title A bill to protect against the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy, and for other purposes.
Sponsor Sen Pryor, Mark L. [AR]
Co–Sponsors Sen Boxer, Barbara [CA]
Sen Nelson, Bill [FL]
Summary Counter Spy Act – Prohibits a person who is not an authorized user of a protected computer (a computer used in interstate or foreign commerce or communication) from installing software that takes control of the computer, modifies the computer's settings, or prevents the user's efforts to block installation of, disable, or uninstall software.

Prohibits such installation of software that collects sensitive personal information without first providing clear and conspicuous disclosure to the authorized user and obtaining the user's consent.

Allows software that collects information for the provider of an online service or website knowingly used or subscribed to by an authorized user if the information collected is used only to affect the user's experience while using such service or website.

Prohibits such installation on a protected computer of software that causes advertising windows to appear (popularly known as adware) unless: (1) the source is clear and instructions are provided for uninstalling the software; or (2) the advertisements are displayed only when the user uses the software author's or publisher's website or online service.

Sets forth exceptions, including for network or computer security, diagnostics, technical support, and detection or prevention of the unauthorized use of fraudulent software or other illegal activities.

Allows a multichannel video programming distributor to take certain actions if the actions are subject to provisions of the Communications Act of 1934 concerning notice to satellite subscribers.
Latest
Update
6/14/2007 Referred to Senate committee. Status: Read twice and referred to the Committee on Commerce, Science, and Transportation.
 
Bill Number HR 1525
Internet Spyware (I–SPY) Prevention Act of 2007
Title To amend title 18, United States Code, to discourage spyware, and for other purposes.
Sponsor Rep Lofgren, Zoe [CA–16]
Co–Sponsors Rep Forbes, J. Randy [VA–4]
Rep Goodlatte, Bob [VA–6]
Rep Jackson–Lee, Sheila [TX–18]
Rep Sanchez, Linda T. [CA–39]
Rep Smith, Lamar [TX–21]
Summary Internet Spyware (I–SPY) Prevention Act of 2007 – (Sec. 2) Amends the federal criminal code to impose a fine and/or prison term of up to five years for intentionally accessing a protected computer (a computer exclusively for the use of a financial institution or the U.S. government or which is used in or affects interstate or foreign commerce or communication) without authorization, or exceeding authorized access, by causing a computer program or code to be copied onto the protected computer and intentionally using that program or code in furtherance of another federal criminal offense.

Imposes a fine and/or prison term of up to two years if such unauthorized access of a protected computer is for the purpose of: (1) intentionally obtaining or transmitting personal information (including a Social Security number or other government–issued identification number, a bank or credit card number, or an associated password or access code) with intent to defraud or injure a person or cause damage to a protected computer; or (2) intentionally impairing the security protection of a protected computer with the intent to defraud or injure a person or damage such computer.

Prohibits any person from bringing a civil action under state law premised upon the defendant's violating this Act.

Exempts any lawfully authorized investigative, protective, or intelligence activity of the United States, a state, or a local law enforcement agency or of an U.S. intelligence agency from the prohibitions of this Act.

(Sec. 3) Authorizes appropriations for FY2008–FY2011 to the Attorney General for prosecutions needed to discourage the use of spyware and practices commonly called phishing and pharming.

(Sec. 4) Expresses the sense of Congress that the Department of Justice should vigorously prosecute those who use spyware to commit crimes and those that conduct phishing and pharming scams.
Latest
Update
5/23/2007 Referred to Senate committee. Status: Received in the Senate and Read twice and referred to the Committee on the Judiciary.
 
Bill Number HR 964
Securely Protect Yourself Against Cyber Trespass Act
Title To protect users of the Internet from unknowing transmission of their personally identifiable information through spyware programs, and for other purposes.
Sponsor Rep Towns, Edolphus [NY–10]
Co–Sponsors Rep Barton, Joe [TX–6]
Rep Bono, Mary [CA–45]
Rep Boucher, Rick [VA–9]
Rep Burgess, Michael C. [TX–26]
Rep Butterfield, G. K. [NC–1]
Rep Buyer, Steve [IN–4]
Rep Calvert, Ken [CA–44]
Rep Capps, Lois [CA–23]
Rep Cubin, Barbara [WY]
Rep DeGette, Diana [CO–1]
Rep Dingell, John D. [MI–15]
Rep Doyle, Michael F. [PA–14]
Rep Engel, Eliot L. [NY–17]
Rep Eshoo, Anna G. [CA–14]
Rep Farr, Sam [CA–17]
Rep Fossella, Vito [NY–13]
Rep Gonzalez, Charles A. [TX–20]
Rep Gordon, Bart [TN–6]
Rep Green, Gene [TX–29]
Rep Hastert, J. Dennis [IL–14]
Rep Hooley, Darlene [OR–5]
Rep Inslee, Jay [WA–1]
Rep Markey, Edward J. [MA–7]
Rep Matheson, Jim [UT–2]
Rep McCaul, Michael T. [TX–10]
Rep McCotter, Thaddeus G. [MI–11]
Rep McHugh, John M. [NY–23]
Rep McNerney, Jerry [CA–11]
Rep Moore, Dennis [KS–3]
Rep Myrick, Sue Wilkins [NC–9]
Rep Price, David E. [NC–4]
Rep Radanovich, George [CA–19]
Rep Rush, Bobby L. [IL–1]
Rep Schakowsky, Janice D. [IL–9]
Rep Solis, Hilda L. [CA–32]
Rep Stearns, Cliff [FL–6]
Rep Stupak, Bart [MI–1]
Rep Terry, Lee [NE–2]
Rep Upton, Fred [MI–6]
Rep Watson, Diane E. [CA–33]
Rep Weiner, Anthony D. [NY–9]
Summary Securely Protect Yourself Against Cyber Trespass Act or Spy Act – Makes it unlawful for any person who is not the owner or authorized user (user) of a protected computer (a computer exclusively for the use of a financial institution or the U.S. Government, or a computer used in interstate or foreign commerce or communication) to engage in unfair or deceptive acts or practices in connection with specified conduct, including: (1) taking unsolicited control of the computer; (2) modifying computer settings; (3) collecting personally identifiable information; (4) inducing the owner or authorized user to disclose personally identifiable information; (5) inducing the unsolicited installation of computer software; and (6) removing or disabling a security, anti–spyware, or anti–virus technology.

Makes it unlawful for a person to: (1) transmit to a protected computer any information collection program (a program that collects personally identifiable information and uses the information to send advertising), unless such program provides notice required by this Act before execution of any of the program's collection functions; or (2) execute any collection information program installed on a protected computer unless, before execution, the user has consented to such execution under notice requirements of this Act. Provides an exception with respect to Web pages visited within a particular website when the information collected is sent only to the provider of the website accessed.
Latest
Update
6/7/2007: Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation.