S.1202 - Personal Data Protection Act of 2007110th Congress (2007-2008)
|Sponsor:||Sen. Sessions, Jeff [R-AL] (Introduced 04/24/2007)|
|Committees:||Senate - Judiciary|
|Latest Action:||04/24/2007 Read twice and referred to the Committee on the Judiciary. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
Subject — Policy Area:
- Crime and Law Enforcement
- View subjects
Summary: S.1202 — 110th Congress (2007-2008)All Bill Information (Except Text)
Introduced in Senate (04/24/2007)
Personal Data Protection Act of 2007 - Defines "identity theft" to mean a fraud committed using the sensitive personal information of another individual with the intent to commit or to aid or abet unlawful activity that results in economic loss to that individual.
Requires any agency or person that owns or licenses computerized data containing sensitive personal information to: (1) develop, implement, and maintain reasonable security and notification procedures and practices (appropriate to the size and nature of the agency or person and the nature of the information) to ensure the security and confidentiality of the personal information and to protect sensitive personal information against unauthorized access, destruction, use, modification, or disclosure; and (2) notify any individual whose sensitive personal information was compromised (permits a federal law enforcement agency of domestic or foreign jurisdiction to delay notification if notification would impede a criminal or civil investigation).
Requires any agency or person in possession of computerized data containing sensitive personal information that it does not own or license to notify and cooperate with the owner or licensor upon discovery of a breach of the security of the system of such agency or person as expediently as possible. Authorizes an agency or person in possession of sensitive personal information to enter into an agreement with the owner or licensor of information regarding which person or entity will provide any notice required to an individual whose sensitive personal information was compromised. Requires the agency or person that owns or licenses computerized data containing sensitive personal information to provide any notice required if there is not such an agreement. Sets forth provisions regarding the timeliness of notification, the methods and contents of notice, and the duty to coordinate with consumer reporting agencies.
Establishes civil remedies for failure to provide notice of a security breach. Authorizes enforcement by state Attorneys General on behalf of residents of the state.