Summary: S.3713 — 109th Congress (2005-2006)All Information (Except Text)

There is one summary for S.3713. Bill summaries are authored by CRS.

Shown Here:
Introduced in Senate (07/21/2006)

Privacy Rights and OversighT for Electronic and Commercial Transactions Act of 2006 or the PROTECT Act - Prohibits any for profit entity that handles individuals' personal data from: (1) compromising the personal, nonpublic information of those individuals through theft, loss, data breach, or malfeasance; and (2) issuing credit or an account for services to an unauthorized individual or making an inaccurate change to a credit report as a result of identity theft. Exempts small business. Provides for the liability of violators.

Amends the Gramm-Leach-Bliley Act to prohibit a financial institution from disclosing usage data relating to consumers to a nonaffiliated third party without the consumer's written authorization.

Requires the President to designate a Chief Privacy Officer within the Office of Management and Budget.

Requires agencies and entities to provide notice of breaches that result in the unauthorized access or disclosure of personally identifiable information to affected individuals and all major credit reporting services upon an individual's request.

Directs the Federal Trade Commission (FTC) and each of the federal functional regulators to issue rules applicable to financial institutions concerning disclosures.

Requires financial institutions to provide, upon a consumer's written request, a copy of all its information relating to the consumer and to not charge the consumer for one copy a year. Requires nationwide consumer reporting agencies to make free annual disclosures to consumers (currently, disclosure is only required upon request).

Amends the Fair Credit Reporting Act to replace provisions about blocking the reporting of information with provisions concerning placing a security freeze on a consumer credit file.

Prohibits, subject to exemptions, business enterprises from disclosing a U.S. resident's personally identifiable information to foreign parties. Prohibits health care businesses from terminating existing relationships with consumers to avoid the consumer objecting to such disclosure to foreign parties. Provides for the liability of enterprises and civil action. Requires the Secretary of Health and Health Services to revise regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) concerning notice of privacy protection given by covered entities that outsource protected health information outside the United States. Includes additional disclosure requirements concerning financial institutions that outsource information.

Requires the FTC, the Federal Communications Commission (FCC), and the Attorney General to establish a Center for Telecommunications Records Privacy.

Requires the FTC to issue new rules for federal agencies responsible for working with data processors to ensure the security and confidentiality of nonpublic personal information.

Amends the Social Security Act to clarify that the provisions concerning the offense of wrongful disclosure of individually identifiable health information apply to individuals who knowingly use, obtain, or disclose information, regardless of how the information was obtained or the relation of the individual to the entity that maintains the information.

Requires the Secretary to broaden HIPAA's scope. Reinstates provisions concerning consent to use and disclose information for treatment, payment, or health care operations.