p2pnet.net News:- US senator Pat Leahy wants to restrict the sale or publication of Social Security numbers and prohibit businesses from demanding SSNs, “except in a narrow set of circumstances such as obtaining credit reports and applying for a job or an apartment”.

His Personal Data Privacy and Security Act amounts to “An avalanche of new rules for corporate data security and stiff penalties for information burglars,” says CNET News, going on:

“Leahy, who had hinted at his plans in a speech in March and had his personal information lost by Bank of America, is co-sponsoring the bill with Pennsylvania Sen. Arlen Specter. Because Specter is the Republican chairman of the influential Judiciary Committee, the measure could move swiftly through the normally torpid legislative process.”

CNET says Leahy’s PDPSA would:

• Erect a complex regulatory infrastructure around "data brokers," defined as any company or nonprofit that is "collecting, transmitting, or otherwise providing personally identifiable information" of 5,000 or more people that are not customers or employees. Data brokers are required to follow European-style guidelines, including mandatory disclosure of a record to that individual.

• Rewrite computer crime laws to create new penalties for database intrusions. The punishments: Fines and 10 years in prison for trespassing in a "data broker’s" system, and five years in prison if a company or individual "willfully" conceals certain types of serious security breaches.

• Mandate a "comprehensive personal data privacy and security program" for most businesses and individuals acting as sole proprietors–akin to what the Gramm-Leach-Bliley Act required.

• Order companies and individuals acting as sole proprietors to offer notifications if a computer security breach "impacts more than 10,000 individuals."

• Require review of federal sentencing guidelines for misuses of personally identifiable information, and authorize the Justice Department to hand grants to states to "enhance enforcement" of ID fraud-related crimes.

• Create additional "privacy impact assessments" when a federal agency relies on a commercial database consisting "primarily" of information on U.S. citizens. If the database were worldwide in scope and did not consist "primarily" of U.S. citizen information, the requirement would not apply. Also, individual screening programs by federal agencies would have to be explicitly authorized by Congress.

Something you think we should know? tips[at]p2pnet.net

See:-
CNET News – Senators propose sweeping data-security bill, June 29, 2005

This entry was posted on Friday, July 1st, 2005 at 12:05 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2479 times