Bill summaries are authored by CRS.

Shown Here:
Reported to House amended, Part III (06/02/2006)

Financial Data Protection Act of 2006 - (Sec. 2) Amends the Fair Credit Reporting Act to prescribe guidelines for data security safeguards that require a consumer reporter who becomes aware of information suggesting a breach of data security immediately to investigate and notify authorities and consumers. Defines "consumer reporter" as any entity which regularly engages in assembling or evaluating consumer financial file and consumer reports to furnish consumer reports to third parties or to provide payment for products and services, or for employment purposes.

Declares the policy of Congress concerning the obligations of each consumer reporter to protect the security and confidentiality of sensitive financial personal information.

Prescribes investigation and consumer notification requirements.

Directs the Federal Trade Commission (FTC) to coordinate with specified government entities to create a publicly available list of data security breaches that have triggered a notice to consumers within the last 12 months.

Prohibits charging the related consumers for the cost of the notices and file monitoring regarding data security breaches.

Requires a consumer reporter, upon the request of a consumer who is the focus of a security breach, to make available a free service that: (1) monitors nationwide credit activity about the consumer from a consumer reporting agency; and (2) provides nationwide identity-monitoring.

Prescribes implementation guidelines for imposition of a security freeze, upon the request of a consumer who is a victim of identity theft, that places a notice in the consumer's credit report prohibiting the consumer reporting agency from releasing all or any part of the report without the consumer's express authorization.

Prohibits a consumer reporting agency from imposing a fee for placing or removing a security freeze.

Directs the Secretary of the Treasury, the Board of Governors of the Federal Reserve System, and the FTC to promulgate jointly: (1) uniform data security safeguard regulations; and (2) model notice forms.

Prescribes implementation and administrative enforcement procedures.

Preempts state laws governing consumer reporter data security responsibilities, except any laws governing professional confidentiality or limiting the purposes for which information may be disclosed.

(Sec. 3) Directs: (1) the President to convene a National Summit on Data Security Safeguards for Sensitive Personal Financial Information in the District of Columbia; and (2) the Comptroller General to study and report to Congress on a system that would provide notices of data breaches to consumers in languages other than English, and identify what barriers exist to its implementation.

(Sec. 5) Directs the FTC to compile voluntary information on the race and ethnicity of consumers who are victims of identity theft, account fraud, and other types of financial fraud, in order to improve law enforcement efforts relating to data security breaches and fighting identity theft and account fraud.

(Sec. 6) Amends the Credit Repair Organizations Act (CROA) to exempt from its coverage certain credit monitoring activities, including provision to a consumer of: (1) credit reports, credit monitoring notifications, credit scores and scoring algorithms, and other specified credit score-related tools; (2) any analysis, evaluation, and explanation of such actual or hypothetical credit scores or similar projections, forecasts, analyses, evaluations or explanations; or (3) materials or services to assist a consumer who is a victim of identity theft.

Specifies conditions for application of such exemption. Requires the credit monitoring service to refrain from offering to alter or remove, or assist in the alteration or removal of, accurate, non-obsolete adverse information in a credit report. Requires the service also to present the sonsumer with a specified notice and statement of rights.