S.1408 - Identity Theft Protection Act109th Congress (2005-2006)
|Sponsor:||Sen. Smith, Gordon H. [R-OR] (Introduced 07/14/2005)|
|Committees:||Senate - Commerce, Science, and Transportation|
|Committee Reports:||S. Rept. 109-203|
|Latest Action:||Senate - 12/08/2005 Placed on Senate Legislative Calendar under General Orders. Calendar No. 320. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Summary: S.1408 — 109th Congress (2005-2006)All Information (Except Text)
Reported to Senate with amendment(s) (12/08/2005)
Identity Theft Protection Act - (Sec. 2) Requires any commercial entity or charitable, educational, or nonprofit organization that acquires, maintains, or utilizes sensitive personal information (covered entity) to develop and implement a program for the security of such information that includes administrative, technical, and physical safeguards.
Deems a covered entity that is in full compliance with the requirements of the Federal Trade Commission's (FTC) rules on Standards for Safeguarding Customer Information and Disposal of Consumer Report Information and Records to be in compliance with these requirements.
Directs the FTC to promulgate regulations that require procedures for authenticating the credentials of any third party to which sensitive personal information is to be transferred or sold by a covered entity.
(Sec. 3) Requires a covered entity to use due diligence to investigate any suspected breach affecting sensitive personal information maintained by that entity. Require any such entity: (1) if it discovers a breach that affects fewer than 1,000 individuals and that does not create a reasonable risk of identity theft, to report the breach to the FTC; (2) if it discovers a breach affects 1,000 or more individuals, to report the breach to the FTC, notify all consumer reporting agencies described in the Fair Credit Reporting Act (FCRA), and post a report of the breach on its website without disclosing any sensitive personal information pertaining to the individuals affected; and (3) if it discovers a breach that creates a reasonable risk of identity theft, to provide notice (as prescribed) to each affected individual.
Exempts electronic communication of a third party stored by a cable operator, information service, or telecommunications carrier in its network in the course of transferring or transmitting such communication.
(Sec. 4) Allows a consumer to place a security freeze on his or her credit report by making a request to a consumer credit reporting agency. Requires the agency, upon such a request, to: (1) disclose to the consumer the process and potential consequences of the freeze; and (2) not release the consumer's credit report to a third party without the consumer's authorization.
Prohibits the placement of a freeze from being taken into account in determining the consumer's credit score. Authorizes an agency to remove a freeze only: (1) upon the consumer's request; or (2) if the agency determines that the report was frozen due to a material misrepresentation of fact by the consumer. Authorizes a consumer to have a freeze temporarily suspended by making a request.
Requires the agency, at the consumer's request, to notify all other consumer reporting agencies described in FCRA after placing, removing, or temporarily suspending a freeze. Requires such an agency to place, remove, or temporarily suspend a freeze after receiving proper identification.
Authorizes an agency to charge a reasonable freeze fee, except where the consumer: (1) is a victim of identity theft; (2) requests the freeze in writing; and (3) has filed and provided the agency a copy of an identity theft report.
Prohibits an agency from changing a consumer's name, date of birth, social security number, or address in a frozen credit report without sending confirmation of the change to the consumer.
Exempts certain data aggregators and check, fraud prevention, and deposit account information services companies from requirements of this Act.
(Sec. 5) Sets forth provisions regarding enforcement of this Act and preemption of state law. Requires violations to be treated as unfair or deceptive acts or practices. Prohibits any private right of action or class action from being brought under this Act.
(Sec. 8) Prohibits a covered entity from soliciting a social security number from an individual unless there is a specific use of that number for which no other identifier reasonably can be used, with exceptions for: (1) obtaining a consumer report for any purpose permitted under FCRA; (2) agency solicitation for obtaining appropriate proof of a consumer's identity, as required under FCRA; (3) purposes permitted under the Gramm-Leach-Bliley Act; or (4) identifying or locating missing or abducted children, witnesses, criminals, and fugitives, parties to lawsuits, parents delinquent in child support payments, organ and bone marrow donors, pension fund beneficiaries, and missing heirs.
Prohibits: (1) a covered entity from displaying the social security number of an individual on any card or tag that is commonly provided to employees (or their family members), faculty, staff, or students for identification purposes; and (2) a state from displaying the social security number of an individual on driver's licenses.
Amends the Social Security Act to prohibit any federal, state, or local agency from employing prisoners in any capacity that would allow such prisoners access to the social security account numbers of other individuals.
Prohibits (with exceptions for national security, public health, and other specified purposes): (1) selling or purchasing a social security number or displaying such number to the general public; or (2) obtaining or using any social security number to locate or identify an individual to physically harm such individual or to use the individual's identity for any illegal purpose. Permits consensual sales of social security numbers under specified circumstances.
(Sec. 9) Directs the Chairman of the FTC to establish an Information Security Working Group to advise covered entities on best practices to protect sensitive personal information.
(Sec. 11) Authorizes appropriations to the FTC for FY2006-FY2010 to carry out this Act.
(Sec. 12) Directs the FTC, in conjunction with the Department of Justice and other federal agencies, to undertake a study of the correlation between methamphetamine use and identity theft crimes, the needs of law enforcement to address methamphetamine related identity theft crimes, and the government's role in addressing and deterring identity theft crimes