H.R.958 - Data Accountability and Trust Act110th Congress (2007-2008)
|Sponsor:||Rep. Rush, Bobby L. [D-IL-1] (Introduced 02/08/2007)|
|Committees:||House - Energy and Commerce|
|Latest Action:||02/09/2007 Referred to the Subcommittee on Commerce, Trade and Consumer Protection. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Subject — Policy Area:
- View subjects
Summary: H.R.958 — 110th Congress (2007-2008)All Bill Information (Except Text)
Introduced in House (02/08/2007)
Data Accountability and Trust Act - Requires the Federal Trade Commission ( FTC) to promulgate regulations requiring each person engaged in interstate commerce that owns or possesses electronic data containing personal information to establish security policies and procedures.
Authorizes the FTC to require a standard method or methods for destroying obsolete nonelectronic data.
Requires information brokers to submit their security policies to the FTC in conjunction with a security breach notification or on FTC request. Requires the FTC to conduct or require an audit of security practices when information brokers are required to provide notification of such a breach. Authorizes additional audits after a breach.
Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information.
Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information.
Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).
Prescribes procedures for notification to the FTC and affected individuals of information security breaches. Sets forth special notification requirements for breaches: (1) by contractors who maintain or process electronic data containing personal information; (2) involving telecommunications and computer services; and (3) of health information.
Preempts state information security laws.