All Information (Except Text) for S.1158 - Consumer Privacy Protection Act of 2015114th Congress (2015-2016)
|Sponsor:||Sen. Leahy, Patrick J. [D-VT] (Introduced 04/30/2015)|
|Committees:||Senate - Judiciary|
|Latest Action:||04/30/2015 Read twice and referred to the Committee on the Judiciary. (All Actions)|
This bill has the status Introduced
Here are the steps for Status of Legislation:
There is 1 version of this bill. View text
Click the check-box to add or remove the section, click the text link to scroll to that section.
Titles Actions Overview All Actions Cosponsors Committees Related Bills Subjects Latest Summary All Summaries
Short Titles - Senate
Short Titles as Introduced
Consumer Privacy Protection Act of 2015
Official Titles - Senate
Official Titles as Introduced
A bill to ensure the privacy and security of sensitive personal information, to prevent and mitigate identity theft, to provide notice of security breaches involving sensitive personal information, and to enhance law enforcement assistance and other protections against security breaches, fraudulent access, and misuse of personal information.
Actions Overview (1)
|04/30/2015||Introduced in Senate|
04/30/2015 Introduced in Senate
All Actions (1)
|04/30/2015||Read twice and referred to the Committee on the Judiciary. (Sponsor introductory remarks on measure: CR S2577-2578)|
Action By: Senate
04/30/2015 Read twice and referred to the Committee on the Judiciary. (Sponsor introductory remarks on measure: CR S2577-2578)
|Sen. Franken, Al [D-MN]*||04/30/2015|
|Sen. Warren, Elizabeth [D-MA]*||04/30/2015|
|Sen. Blumenthal, Richard [D-CT]*||04/30/2015|
|Sen. Wyden, Ron [D-OR]*||04/30/2015|
|Sen. Markey, Edward J. [D-MA]*||04/30/2015|
|Committee / Subcommittee||Date||Activity||Reports|
|Senate Judiciary||04/30/2015||Referred to|
Subject — Policy Area:
One Policy Area term, which best describes an entire measure, is assigned to every public bill or resolution.
- Administrative law and regulatory procedures
- Civil actions and liability
- Computer security and identity theft
- Congressional oversight
- Consumer affairs
- Consumer credit
- Criminal investigation, prosecution, interrogation
- Criminal justice information and records
- Federal Trade Commission (FTC)
- Federal preemption
- Fraud offenses and financial crimes
- Right of privacy
- State and local government operations
- Telephone and wireless communication
Latest Summary (1)
Introduced in Senate (04/30/2015)
Consumer Privacy Protection Act of 2015
Establishes a criminal offense for concealment of a security breach of computerized data containing sensitive personally identifiable information that results in economic harm of $1,000 or more to any individual.
Authorizes the Department of Justice (DOJ) to commence a civil action to enjoin unauthorized persons or entities from accessing or transmitting computer commands commonly referred to as botnets that would impair the integrity or availability of 100 or more computers used by financial institutions or the federal government or that affect interstate or foreign commerce or communications during any one-year period, including by denying access to the computers, installing unwanted software, or obtaining information without authorization. Allows DOJ to enjoin the alienation or disposal of, or to seek restraining orders prohibiting the disposal of, property obtained as a result of such a violation.
Expands categories of money laundering offenses to include financial transactions involving the proceeds of unlawful manufacturing, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices.
Requires certain business entities that collect, use, access, transmit, store, or dispose of sensitive personally identifiable information in electronic or digital form of 10,000 or more U.S. persons during any 12-month period to implement a consumer privacy and data security program that complies with safeguards identified by the Federal Trade Commission (FTC).
Requires entities, following discovery of a security breach, to notify U.S. residents whose unencrypted personal information is reasonably believed to have been accessed or acquired. Sets forth special notification procedures for: (1) third party entities that maintain or process data in electronic form on behalf of another entity; and (2) certain providers of electronic data transmission, routing, storage, or network connection services.
Directs entities to notify a federal entity designated by the Department of Homeland Security (DHS) if a security breach involves: (1) the personal information of more than 5,000 individuals, (2) databases containing the personal information of more than 500,000 individuals nationwide, (3) federal databases, or (4) federal employees and contractors involved in national security or law enforcement. Requires the DHS-designated entity to provide the information it receives to: (1) the U.S. Secret Service or the Federal Bureau of Investigation for law enforcement purposes; and (2) other federal agencies for law enforcement, national security, or data security purposes. Establishes a process for DOJ to adjust the thresholds for law enforcement and national security notifications.
Requires notice of certain breaches to be provided to consumer reporting agencies and the FTC.
Exempts certain financial institutions, entities that comply with health record privacy laws, and electronic communication service providers from certain requirements of this Act.
Establishes civil penalties for violations of this Act and provides enforcement authority to the FTC, DOJ, and states.
Supersedes federal and state laws that are less stringent than the data security practices and breach notification standards required by this Act, but permits states to continue to enforce other consumer protection laws and to apply state laws regarding trespasses, contracts, torts, or fraud.