Legislative Update
Click the bill number to view detailed information about the bill from The Library of Congress Thomas Legislative Information site at http://thomas.loc.gov/.
| Spyware | |
| Bill Number | S. 687 |
| Title | Software Principles Yielding Better Levels of Consumer Knowledge Act (SPYBLOCK Act) |
| Sponsor | Senator Conrad Burns (R-MT) |
| Co-sponsors | Sen. Ron Wyden (D-OR), Sen. Bill Nelson (D-FL), Sen. Barbara Boxer (D-CA) |
| Summary | S. 687 regulates the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy. CSIA worked closely with Senator Wyden's staff to include the Good Samaritan provision, protecting anti-spyware software firms from frivolous lawsuits. | Latest Update | S. 687 was introduced by Senator Burns on H.R. 1080 on March 20 and was referred to the Committee on Commerce, Science, and Transportation. |
| Bill Number | S. 1004 |
Title |
The Enhanced Consumer Protection Against Spyware Act of 2005 |
Sponsor |
Senator George Allen (R-VA) |
| Co-sponsors | Sen. John Ensign (R-NV), Sen. Gordon Smith (R-OR) |
| Summary | This bill provides the Federal Trade Commission (FTC) with the resources necessary to protect users of the Internet from the unfair and deceptive acts and practices associated with spyware. | Latest Update | S. 1004 was introduced on May 11 and was referred to the Senate Committee on Commerce, Science and Transportation. |
| Bill Number | H.R. 29 |
Title |
The SPY ACT |
Sponsor |
Rep. Mary Bono (R-CA) |
| Co-sponsors | H.R. 29 has 61 Co-Sponsors |
| Summary | This bill would prevent spyware purveyors from hijacking a home page or tracking users’ keystrokes. It requires that spyware programs be easily identifiable and removable, and allows for collection of personal information only after express consent from the user. Additionally, fines are exponentially increased against abusers. As passed, this bill contains an exemption for legitimate security operations. H.R. 29 is geared toward industry by instituting a system of checks and balances to stop companies from obtaining a user's information via spyware; fines may be administered for such actions. | Latest Update | Also known as the “Securely Protect Yourself Against Cyber Trespass Act.” On January 6, Rep. Bono re-introduced her bill from the 108th Congress that aims to protect computer users against internet privacy invasion. On February 4, the bill was marked up, passed the House Energy and Commerce Committee's Subcommittee on Commerce, Trade and Consumer Protection, then forwarded on to the full committee for mark-up. On March 9, the full committee ordered the bill to be reported by a vote of 43-0. On April 12, the bill was reported (Amended) by the Committee on Energy and Commerce (H. Rept. 109-32). It was then placed on the Union Calendar, Calendar No. 15. On May 23, H.R. 29 passed the House by a vote of 393-4, and on May 24, it was sent to the Senate and referred to the Committee on Commerce, Science, and Transportation. In October 2004, the original bill passed overwhelmingly in the House of Representatives, but did not pass the Senate before the 108th Congress came to a close. |
| Bill Number | H.R. 744 |
Title |
The I-SPY Prevention Act of 2005 |
Sponsor |
Rep. Bob Goodlatte (R-VA) |
| Co-sponsors | H.R. 744 has 13 Co-Sponsors |
| Summary | This bill addresses the
most egregious activities that are conducted via
spyware. It would make the following activities criminal offenses:
The legislation includes language to preempt States from creating civil remedies based on violations of this act. This legislation was originally introduced during the 108th Congress and passed the House of Representatives by a vote of 415-0. |
Latest Update | Also known as the “Internet Spyware (I-SPY) Prevention Act of 2005.” On February 10, Representatives Bob Goodlatte, Zoe Lofgren (D-CA-16) and Lamar Smith (R-TX-21) reintroduced the Internet Spyware (I-SPY) Prevention Act of 2005. It was then referred to the House Committee on the Judiciary. On May 23, H.R. 744 passed the House by a vote of 395-1, and on May 24, it was sent to the Senate and referred to the Committee on the Judiciary. |
| Phishing | |
| Bill Number | S. 472 |
Title |
Anti-Phishing Act of 2005 |
Sponsor |
Senator Patrick Leahy (D-VT) |
| Co-sponsor | Sen. Charles Schumer (D-NY) |
| Summary | The Anti-Phishing Act of 2005 criminalizes phishing, making it illegal to knowingly send out spoofed email that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher. This legislation is similar to H.R. 1099. |
| Latest Update | On February 28, Senator Leahy introduced his anti-phishing legislation, which is similar to legislation he introduced during the 108th Congress (S. 2636). S. 472 was referred to the Senate Judiciary Committee, where it is awaiting further action. |
| Bill Number | H.R. 1099 |
Title |
Anti-Phishing Act of 2005 |
Sponsor |
Rep. Darlene Hooley (D-OR) |
| Co-sponsors | Rep. Ed Case (R-HI), Rep. Eliot L. Engel (D-NY), Rep. Carolyn McCarthy (D-NY) |
| Summary | H.R. 1099 criminalizes phishing, making it illegal to knowingly carry on any activity that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher. This legislation is similar to S. 472. |
| Latest Update | Rep. Dooley introduced H.R. 1099 on March 3, when it was then referred to the House Committee on the Judiciary. On May 10, it was then referred to the Subcommittee on Crime, Terrorism, and Homeland Security. |
| Privacy / Identity Theft Protection / Data Warehouses | |
| Bill Number | S. 29 |
Title |
Social Security Number Misuse Prevention Act |
Sponsor |
Senator Dianne Feinstein (D-CA) |
| Co-sponsors | Sen. Patrick Leahy (D-VT), Sen. Judd Gregg (R-NH), Sen. John E. Sununu (R-NH), Sen. Bill Nelson (D-FL) |
| Summary | This bill amends the Federal criminal code to prohibit
the display, sale, or purchase of social security
numbers without the affirmatively expressed consent of the
individual, except in specified circumstances. It directs
the Attorney General to study and report to Congress on
all the uses of social security numbers permitted, required,
authorized, or excepted under any Federal law, including
the impact of such uses on privacy and data security. S.
29 establishes a public records exception to the prohibition
and directs the Comptroller General to study and report
to Congress on social security numbers in public records.
The Attorney General is granted rulemaking authority to
enforce this Act's prohibition and to implement and clarify
the permitted uses occurring as a result of an interaction
between businesses, governments, or business and government. S. 29 seeks to limit misuse of Social Security numbers and establishes criminal penalties for such misuse. |
Latest Update | S. 29 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary. |
| Bill Number | S. 116 |
Title |
Privacy Act of 2005 |
Sponsor |
Senator Dianne Feinstein (D-CA) |
| Summary | S. 116 prohibits the sale and disclosure of personally identifiable information by a commercial entity to a non-affiliated third party unless prescribed procedures for notice and opportunity to restrict such disclosure have been followed. The bill grants the Federal Trade Commission (FTC) enforcement authority. S. 166 also amends Federal criminal law to prohibit the display, sale, or purchase of social security numbers (SSNs) without the affirmatively expressed consent of the individual. This legislation prohibits the use of SSNs on checks issued for payment by governmental agencies and driver's licenses or motor vehicle registrations. It prohibits a commercial entity from requiring disclosure of an individual's SSN in order to obtain goods or services, and it establishes criminal and civil monetary penalties for misuse of an SSN. S. 116 requires the consent of an individual prior to the sale and marketing of an individual's personally identifiable information. |
Latest Update | S. 116 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary. |
| Bill Number | S. 500 |
Title |
Information Protection and Security Act |
Sponsor |
Senator Bill Nelson (D-FL) |
| Co-sponsor | Sen. Hillary Clinton (D-NY) |
| Summary | S. 500 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, S. 500 authorizes enforcement by FTC and allows individuals the right to private action against the brokers. | Latest Update | Senator Nelson introduced the Information Protection and Security Act on March 3 and it was then referred to the Committee on Commerce, Science, and Transportation. S. 500 is identical to H.R. 1080, sponsored by Rep. Ed Markey (D-MA). |
| Bill Number | S. 751 |
Title |
Notification of Risk to Personal Data Act |
Sponsor |
Senator Dianne Feinstein (D-CA) |
| Co-sponsors | Sen. Mark Dayton (D-MN), Sen. John Kyl (R-AZ) |
| Summary | S. 751 requires a business or government entity to notify an individual in writing or email when it is believed that personal information has been compromised, with the exception of situations relating to criminal investigation or national security purposes. Examples of personal information include: Social Security number, driver's license or state identification number, or credit card or bank account information. The bill covers both electronic and non-electronic data, as well as encrypted and non-encrypted data. This bill is based on California law, which is the first and currently the only State law requiring notification of individuals. | Latest Update | S. 751 was introduced on April 11, 2005 and referred to the Committee on the Judiciary. |
| Bill Number | S. 768 |
Title |
Comprehensive Identity Theft Prevention Act |
Sponsor |
Senator Charles Schumer (D-NY) |
Co-sponsors |
Sen. Bill Nelson (D-FL), Sen. Mark Dayton (D-MN), Sen. Edward Kennedy (D-MA), Sen. Barbara Boxer (D-CA), Sen. Byron Dorgan (D-ND) |
| Summary | S. 768 creates a new Federal Trade Commission (FTC) office of identity theft to help victims restore their identities. This office will promulgate regulations for data brokers, governing the sale, maintenance, collection, or transfer of sensitive personal information, including a requirement that reasonable steps are taken to prevent unauthorized access to sensitive personal information; penalties have been established for violators. The bill includes a breach notification provision. S. 768 also establishes an annual identity theft report, will not interfere with provisions of the Fair Credit Reporting Act, and preempts state law. | Latest Update | S. 768 was introduced on April 12, 2005, and referred to the Committee on Commerce, Science, and Transportation. |
| Bill Number | S. 1216 |
Title |
Financial Privacy Breach Notification Act of 2005 |
Sponsor |
Senator Jon Corzine (D-NJ) |
| Summary | This bill amends the Gramm-Leach-Bliley Act to require a financial institution to promptly notify the following entities whenever a breach of personal information has occurred at such institution: each customer affected by such breach; certain consumer reporting agencies; and appropriate law enforcement agencies. Furthermore, it requires any person that maintains personal information for or on behalf of a financial institution to promptly notify the institution of any case in which such customer information has been breached. Prescribes notification procedures. Finally, it authorizes a customer injured by a violation of this Act to institute a civil action to recover damages and authorizes the Federal Trade Commission to enforce compliance with this Act, including the assessment of fines for violations. | Latest Update | S. 1216 was introduced on June 9 and was referred to the Senate Committee on Banking, Housing, and Urban Affairs. |
| Bill Number | S. 1326 |
Title |
Notification of Risk to Personal Data Act |
Sponsor |
Senator Jeff Sessions (R-AL) |
| Summary | Defines "breach of security of the system" as compromise of the security of computerized data that provides a reasonable basis to conclude that sensitive personal information is at significant risk of identity theft. S. 1326 requires any entity that owns or licenses sensitive personal information to implement and maintain "reasonable" security and notification procedures and practices appropriate to the nature of the information; preempts any state laws which relate "in any way to electronic information security standards or notification." | Latest Update | S. 1326 was introduced on June 28 and referred to the Committee on the Judiciary. |
| Bill Number | S. 1332 |
Title |
Personal Data Privacy and Security Act of 2005 |
Sponsor |
Senator Arlen Specter (R-PA) |
Co-sponsors |
Sen. Patrick Leahy (D-VT), Sen. Russell Feingold (D-WI) |
| Summary | S. 1332 deals with different issues relating to identity theft and security breaches, specifically providing security measures that require "business entities" that have info on more than 10,000 US persons to adopt measures, commensurate with the sensitivity of the data and the size and complexity of the entities activities. This bill would encourage the Federal Trade Commission to create a new standard for reasonable security practices, including creating regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal. It does not require total federal preemption of any similar state law except to the extent that the state law is inconsistent with this title. | Latest Update | This bill was introduced on June 29 and placed on the Senate Legislative Calendar. On July 1, it was placed on the Senate Legislative Calendar under General Orders. |
| Bill Number | S. 1336 |
Title |
Consumer Identity Protection and Security Act |
Sponsor |
Senator Mark Pryor (D-AR) |
| Summary | This bill establish procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce. More specifically any consumer may request a consumer reporting agency to place a "security freeze" on their private information file if they feel their information has been compromised. The consumer reporting agency must freeze the information no later than 2 business days after receiving a written or telephone request from the consumer or 24 hours after receiving a secure electronic mail request, and must inform the consumer of the enacted freeze. The freeze will only be terminated if the consumer requests the termination or if the consumer reporting agency determines the freeze was requested due to a material misrepresentation of fact by the consumer. | Latest Update | S. 1336 was introduced on June 29 and was referred to the Senate Committee on Commerce, Science, and Transportation. |
| Bill Number | S. 1408 |
| Title | Identity Theft Protection Act |
| Sponsor | Senator Gordon Smith (R-OR) |
| Co-sponsors | Sen. Ben Nelson (D-FL), Sen. Daniel Inouye (D-HI), Sen. John McCain (R-AZ), Sen. Mark Pryor (D-AR), Sen. Ted Stevens (R- AK) |
| Summary | S. 1408 strengthens data protection and safeguards, requires data breach notification, and further prevents identity theft. Specifically, S. 1408 allows consumers to "freeze" their credit and requires companies to "develop, implement and maintain an effective information security program." Any entity, whether commercial or non-profit, could be fined $11,000 for each person who experiences a security breach; penalties would be capped at $11 million. Entities with breaches affecting more than 1,000 individuals must notify the FTC, and the agency must publish that information on its Web site. Companies must establish procedures to verify the identities of third parties that want to buy sensitive consumer information. S. 1408 prohibits the "covered entities" from using Social Security numbers in transactions unless their business is dependant on the numbers. Finally, "reasonable" risk of fraud would be the standard for triggering notice of security breaches to consumers (rather than the higher standard of "substantial" risk found in S. 751). Under this bill, the FTC will promulgate regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal. This bill also requires the Chairman of the FTC to establish an Information Security Working Group to develop best practices to protect sensitive personal information stored and transferred. The Working Group shall be composed of industry participants, consumer groups, and other interested parties; the group would be required to submit to Congress a report on their findings with 12 months of the establishment of the working group. | Latest Update | S. 1408 was introduced on July 14 and referred to the Committee on Commerce, Science and Transportation. |
| Bill Number | New! S. 1461 |
| Title | Consumer Identity Protection and Security Act |
| Sponsor | Sen. Richard Shelby (R-AL) |
| Summary | S. 1461 establishes procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce, provide for enforcement of those procedures by the Federal Trade Commission. | Latest Update | S. 1461 was introduced on July 21 and referred to the Committee on Banking, Housing and Urban Affairs. |
| Bill Number | H.R. 82 |
| Title | Social Security On-line Privacy Protection Act |
| Sponsor | Rep. Rodney Frelinghuysen (R-NJ) |
| Summary | H.R. 82 prohibits an interactive computer service from
disclosing to a third party an individual's Social
Security number or related personally identifiable information
without the individual's prior informed written consent.
The bill also requires such service to permit an individual
to revoke any consent at any time. This bill prohibits a second party with possession of an individual's personal information from disclosing that information to a third party without the individual's consent. |
Latest Update | Rep. Frelinghuysen introduced H.R. 82 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection. |
| Bill Number | H.R. 84 |
| Title | Online Privacy Protection Act of 2005 |
| Sponsor | Rep. Rodney Frelinghuysen (R-NJ) |
| Summary | H.R. 84 requires the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 (age 13 and above) on the Internet. It makes it unlawful for an operator of a Web site or online service to collect, use, or disclose personal information concerning an individual in a manner that is in violation of prescribed regulations, requiring such operators to protect the confidentiality, security, and integrity of personal information it collects from such individuals. H.R. 84 also provides greater individual control over the collection and use of that information by creating a process for such individuals to consent to or limit the disclosure of such information. Additionally, H.R. 84 directs the FTC to provide incentives for efforts of self-regulation by operators to implement appropriate protections for such information. Finally, it authorizes the States to enforce such regulations by bringing actions on behalf of residents, requiring the State attorney general to first notify the FTC of such action. This bill requires all websites asking for personal information to disclose to individuals what information is being collected and how the information will be utilized. |
Latest Update | Rep. Frelinghuysen introduced H.R. 84 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection. |
| Bill Number | H.R. 220 |
| Title | Identity Theft Prevention Act of 2005 |
| Sponsor | Rep. Ron Paul (R-TX) |
| Co-sponsors | Rep. Roscoe G. Bartlett (R-MD), Rep. Maurice D. Hinchey (D-NY), Rep. Lynn C. Woolsey, (D-CA) |
| Summary | H.R. 220 Amends title II (Old Age, Survivors and Disability Insurance)
of the Social Security Act and the Internal Revenue Code to prohibit
using a Social Security account number except for specified Social
Security and tax purposes. The bill also prohibits the Social
Security Administration from divulging the Social Security account
number of an individual to any Federal, State, or local government
agency or instrumentality, or to any other individual. Conversely,
no Federal, State, or local government agency or instrumentality
may request an individual to disclose his Social Security account
number on either a mandatory or a voluntary basis, among other
prohibitions. This bill requires the Federal government to issue new SS numbers within five years of the effective date of the bill; the new SS number will be used solely for social security issues, and the Federal government will cease using SS numbers to identify people. Individuals will have several ID numbers, each applicable to specific agencies. |
Latest Update | H.R. 220 was introduced on Jan. 4 by Rep. Paul. It was then referred to the Committee on Ways and Means and the Committee on Government Reform. On January 25, the Committee on Ways and Means then referred it to the Subcommittee on Social Security. |
| Bill Number | H.R. 1069 |
| Title | Notification of Risk to Personal Data Act |
| Sponsor | Rep. Melissa Bean (D-IL) |
| Summary | This legislation prescribes notification procedures governing any agency, or person engaged in interstate commerce, that owns or licenses electronic data containing personal information, following the discovery of a breach of security of the system containing such data. Furthermore, it amends the Gramm-Leach-Bliley Act to require a financial institution, at which a breach of personal information is reasonably believed to have occurred, to promptly notify each affected customer, each pertinent consumer reporting agency, the information clearinghouse established by the Federal Trade Commission (FTC) under this Act, and appropriate law enforcement agencies in any case in which the financial institution has reason to believe that the breach or suspected breach affects a large number of customers. It also requires any person that maintains personal information for or on behalf of a financial institution to notify promptly the financial institution of any case in which such customer information has been, or is reasonably believed to have been, breached. In addition, the bill amends the Fair Credit Reporting Act to require a consumer reporting agency to maintain a fraud alert file with respect to any consumer upon receiving notice of a breach of personal information from: (1) an agency or person engaged in interstate commerce pursuant to this Act; or (2) a financial institution subject to the Gramm-Leach-Bliley Act. Finally, it authorizes State Attorneys General to bring civil actions in Federal district court to enforce this Act on behalf of the residents of the State and directs the FTC to establish and maintain a clearinghouse to collect and analyze information required under this Act. | Latest Update | H.R. 1069 was introduced on March 3 and was referred to the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection; the Committee on Government Reform; and the Financial Services Subcommittee on Financial Institutions and Consumer Credit. |
| Bill Number | H.R. 1078 |
| Title | Social Security Number Protection Act of 2005 |
| Sponsor | Rep. Ed Markey (D-MA) |
| Summary | This bill amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act (SSA) to establish criminal penalties for the sale and purchase of the Social Security number and Social Security account number of any person, except in certain circumstances such as health, research, law enforcement, or emergency situations. | Latest Update | H.R. 1078 was introduced on March 3 and was referred to the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection; and the Committee on Ways and Means. |
| Bill Number | H.R. 1080 |
| Title | Information Protection and Security Act |
| Sponsor | Rep. Ed Markey (D-MA) |
| Co-sponsors | There are 20 Co-sponsors |
| Summary | H.R. 1080 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers. H.R. 1080 is identical to S. 500. | Latest Update | H.R. 1080 was introduced on March 3 by Rep. Markey and was referred to the House Committee on Energy and Commerce. |
| Bill Number | H.R. 1263 |
| Title | Consumer Privacy Protection Act of 2005 |
| Sponsor | Rep. Cliff Stearns (R-FL) |
| Summary | This bill protects and enhances consumer privacy by instituting a number of requirements for data collection organizations, specifically to provide notification to consumers and to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer's information. | Latest Update | H.R. 1263 was introduced on March 10 and referred to the Committee on Energy and Commerce and the Committee on International Relations. On March 22, the Energy and Commerce Committee then referred H.R. 1263 to the Subcommittee on Commerce, Trade and Consumer Protection. |
| Bill Number | H.R. 1745 |
| Title | Social Security Number Privacy and Identity Theft Prevention Act of 2005 |
| Sponsor | Rep. E. Clay Shaw, Jr. (R-FL) |
| Co-sponsors | There are 40 Co-sponsors |
| Summary | H.R. 1745 amends the Social
Security Act to enhance Social Security account number
privacy protections, to prevent fraudulent misuse of the
Social Security account number, and to otherwise enhance
protection against identity theft. Specifically, it:
H.R. 1745 also subjects to the Fair Credit Reporting Act information regarding a consumer's SSN (and any derivative), and provides that any person who refuses to do business with an individual for refusing to disclose his or her SSN shall be considered to have committed an unfair or deceptive act or practice. Finally, the bill establishes civil and criminal penalties for violations of this Act, and enhanced penalties in cases of terrorism, drug trafficking, crimes of violence, or prior offenses. |
Latest Update | H.R. 1745 was introduced on April 20 and referred to the Committee on Ways and Means, Financial Services, and Energy and Commerce. On May 13, it was referred to the House Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, and on May 19, it was referred to the House Financial Services Subcommittee on Financial Institutions and Consumer Credit. |
| Bill Number | H.R. 3140 |
| Title | Consumer Data Security and Notification Act of 2005 |
| Sponsor | Rep. Melissa Bean (D-IL) |
| Summary | This bill expands the protections for sensitive personal information in Federal law to cover the information collection and sharing practices of unregulated information brokers. In addition it enhances information security requirements for consumer reporting agencies and information brokers; and requires consumer reporting agencies, financial institutions, and other entities to notify consumers of data security breaches involving sensitive consumer information. | Latest Update | H.R. 3140 was introduced on June 30 and was referred to the House Committee on Financial Services. |
| Internet | |
| Bill Number | H.R. 214 |
| Title | Advanced Internet Communications Services Act of 2005 |
| Sponsor | Rep. Cliff Stearns (R-FL) |
| Co-sponsor | Rep. Rick Boucher (D-VA) |
| Summary | The bill aims to promote deployment of and investment in advanced Internet communications services. It gives the Federal Communications Commission (FCC) exclusive authority regarding advanced Internet communications services, allowing the FCC to impose specific requirements or obligations on providers of advanced Internet communications voice service. | Latest Update | Rep. Stearns introduced this bill on January 14 and on February 4, it was referred to House Subcommittee on Telecommunications and the Internet. |
| Homeland Security | |
| Bill Number | S. 140 |
| Title | Domestic Defense Fund Act of 2005 |
| Sponsor | Senator Hillary Clinton (D-NY) |
| Co-sponsor | Sen. Charles E. Schumer (D-NY) |
| Summary | S. 140 provides for a domestic defense fund to improve the Nation's homeland defense by authorizing the Secretary of Homeland Security to award grants to States, units of local government, and Indian tribes for homeland security development. The grant awardees are required to develop a homeland security plan identifying both short- and long-term homeland security needs, among other items. 70 percent of grant funds are required to be allocated among metropolitan cities and urban counties based on the Secretary's calculations of various infrastructure vulnerabilities and threats such as proximity to international borders, nuclear or other energy facilities, air, rail or water transportation, and national icons and Federal buildings. | Latest Update | Senator Hillary Clinton introduced S. 140 on January 24. It was referred to the Senate Committee on Homeland Security and Governmental Affairs, where introductory remarks were made on February 15. |
| Bill Number | H.R. 91 |
| Title | Smarter Funding for All of America's Homeland Security Act of 2005 |
| Sponsor | Rep. Rodney P. Frelinghuysen (R-NJ) |
| Co-sponsors | There are 11 Co-sponsors |
| Summary | H.R. 91 modifies the DHS grant program, authorizing the Secretary of Homeland Security to make grants to first responders. One new criteria will be "Threats to major communications nodes, including cyber and telephonic nodes." | Latest Update | Rep Rodney Frelinghuysen introduced H.R. 91 on January 4. It was referred to the Committee on Homeland Security (Select), and also referred to the Committees on Transportation and Infrastructure, the Judiciary, and Energy and Commerce for consideration of provisions as they fall within the jurisdiction of the committee concerned. On February 25, it was referred to the Subcommittee on Health, where it currently is waiting for action by the Chairman. |
| Healthcare | |
| Bill Number | S. 1223 |
| Title | Information Technology for Health Care Quality Act |
| Sponsor | Senator Christopher Dodd (D-CT) |
| Co-sponsor | Sen. Jim Jeffords (I-VT) |
| Summary | This bill amends the Public Health Service Act to improve the quality and efficiency of health care delivery through improvements in health care information technology. It establishes within the executive office of the President an Office of Health Information Technology, which will be headed by a Director appointed by the President. The Director is tasked to:
Specifically, the Office will develop a national strategy for improving the quality and enhancing the efficiency of health care through the improved use of health information technology and the creation of a National Health Information Infrastructure, and serve as the principle advisor to the President concerning health information technology. |
Latest Update | S. 1223 was introduced on June 9 and referred to the Senate Committee on Health, Education, Labor, and Pensions. |
| Bill Number | S. 1262 |
| Title | Technology to Enhance Quality Act of 2005 (Health TEQ) |
| Sponsor | Senator Bill Frist (R-TN) |
| Co-sponsors | There are 12 Co-sponsors |
| Summary | The Health Technology to Enhance Quality Act of 2005 implements health information technology standards that would guide the design and operation of interoperable health information systems. The legislation codifies the Office of National Coordinator for Information Technology and establishes standards for the electronic exchange of health information. The bill also authorizes grants to local and regional consortiums to implement health information technology infrastructure that is compliant with national standards and establishes measures to assess the quality of care. Finally, it establishes standard quality measures to better assess the value of federal programs. | Latest Update | On June 16, Senator Frist introduced the “Health Technology to Enhance Quality Act of 2005” (Health TEQ), which creates an interoperable health information technology (IT) system through the adoption of standards that will help reduce costs, enhance efficiency and improve overall patient care. |
| Bill Number | H.R. 2234 |
| Title | The 21st Century Health Information Act of 2005 |
| Sponsor | Rep. Tim Murphy (R-PA) |
| Co-sponsors | There are 18 Co-sponsors |
| Summary | HR 2234 authorizes the Secretary of Health and Human Services (HHS) to create grants that will assist in establishing regional health information organizations; these organizations will create a network of integrated health information technology. The bill contains no explicit security standards, but requires each recipient of an HHS grant to submit a plan detailing the proposed network and how the network will be supported and secured. H.R. 2234 places itself squarely within the confines of HIPAA's privacy and security rules, so there are no new standards; however it does include language regarding certification the systems will require prior to being eligible for purchase with government grant money. Also of note, the bill requires the operators of these regional health information organizations to report both to the secretary of HHS and to the individual affected if personally identifiable information is compromised or if unauthorized access occurs. The operator must report the conditions of such unauthorized access to the Secretary but merely notify the individual. | Latest Update | HR 2234 was introduced on May 10 and then referred to the Committee on Energy and Commerce and the Committee on Ways and Means. On May 23, the Committee on Energy and Commerce referred the bill to the Subcommittee on Health. |
| Bill Number | H.R. 2762 |
| Title | Demonstration Project: Internet-Based Submission Form |
| Sponsor | Rep. Rob Andrews (D-NJ) |
| Summary | HR 2762 directs the Secretary of Health and Human Services to implement a three-year demonstration project to provide for the use of the Internet for the electronic submission of claims by providers of services under the Medicare program for which the HCFA-1500 claim form is utilized. The Secretary may carry out the project directly or through a third-party contractor. Additionally, the Secretary is directed to ensure that a third-party contractor participating under the project shall protect the confidentiality of individually identifiable health information consistent with the standards for the privacy of such information promulgated by the Secretary under the Health Insurance Portability and Accountability Act of 1996, or any subsequent comprehensive and more protective set of confidentiality standards enacted into law or promulgated by the Secretary. Finally, third-party contractors are prohibited from selling any individually identifiable health information collected under the project. The Secretary shall periodically submit reports to the Congress providing:
|
Latest Update | On June 7, H.R. 2762 was introduced and referred to the Committee on Ways and Means, and the Committee on Energy and Commerce. On June 17, the Committee on Energy and Commerce then referred the bill to the Subcommittee on Health. |
| VoIP | |
| Bill Number | S. 1063 |
| Title | I.P.-Enabled Voice Communications and Public Safety Act |
| Sponsor | Senator Bill Nelson (D-FL) |
| Co-sponsors | Sen. Hillary Clinton (D-NY), Sen. Conrad Burns (D-MT), Sen. Olympia Snowe (R-ME) |
| Summary | S. 1063 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service. | Latest Update | On May 18, Senator Bill Nelson introduced S. 1063, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was referred to the Committee on Commerce, Science, and Transportation. Rep. Bart Gordon of Tennessee introduced a companion bill in the House, H.R. 2418, on May 18. |
| Bill Number | H.R. 2418 |
| Title | I.P.-Enabled Voice Communications and Public Safety Act |
| Sponsor | Rep. Bart Gordon (D-TN) |
| Summary | H.R. 2418 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service. | Latest Update | May 18, Rep. Bart Gordon introduced HR 2418, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was introduced in the House Energy and Commerce Committee, which has jurisdiction over telecommunications, as well as Internet, issues. On June 3, it was then referred to the Subcommittee on Telecommunications and the Internet. Senator Bill Nelson of Florida introduced a companion bill in the Senate, S. 1063, on May 19. |
| Energy | |
| Bill Number | H.R. 6 |
| Title | Energy Policy Act of 2005 |
| Sponsor | Rep. Joe Barton (R-TX) |
| Summary | H.R. 6 sets forth an energy research and development program, including: (1) energy efficiency; (2) renewable energy; (3) oil and gas; (4) coal; (5) Indian energy; (6) nuclear matters and security; (7) vehicles and motor fuels, including ethanol; (8) hydrogen; (9) electricity; and (10) energy tax incentives. Two prevalent cyber security-related measures in this bill include: a provision for the President, the Nuclear Regulatory Commission, and other appropriate Federal, State, and local agencies and private entities, to conduct a study of nuclear facility threats, including an assessment of physical, cyber, biochemical, and other terrorist threats; and an amendment regarding electric reliability standards, which is defined as providing for reliable operation of bulk-power system facilities, including cybersecurity protection. In reference to electric reliability standards, H.R. 6 includes cybersecurity threats when defining “reliable operation” to mean: “operating the elements of the bulk-power system within equipment and electric system thermal, voltage, and stability limits so that instability, uncontrolled separation, or cascading failures of such system will not occur as a result of a sudden disturbance, including a cybersecurity incident, or unanticipated failure of system elements.” And finally, “cybersecurity incident” is defined as “a malicious act or suspicious event that disrupts, or was an attempt to disrupt, the operation of those programmable electronic devices and communication networks including hardware, software and data that are essential to the reliable operation of the bulk power system.” | Latest Update | On April 18, H.R. 6 was introduced and referred to the following Committees: Energy and Commerce; Education and the Workforce; Financial Services; Agriculture; Resources; Science; Ways and Means; and Transportation and Infrastructure. The House Energy and Commerce Committee then referred it to the Subcommittee on Energy and Air Quality, and the House Resources Committee held Committee Consideration and Mark-up Session on April 13, prior to introduction. On April 19, the Rules Committee Resolution (H. Res. 219) was reported to the House, which subsequently passed the House on April 20. On April 20 and 21, the House debated several amendments, passed by a vote of 249-183, and on April 26, it was received in the Senate. On June 9, H.R. 6 was placed on the Senate Legislative Calendar. It appears that the companion bill in the Senate, S. 10, does not contain any provisions relating to cyber security. On June 14, the Senate received the bill, and on June 28, it passed by a vote of 85-12. A conference was held in late July to reconcile H.R. 6 and S. 10 and the bill was signed into law on August 8. |