112th Privacy Legislation

| 1 Comment | No TrackBacks
Updated September 27, 2011.
Updated November 8, 2011.
Updated January 31, 2012.
Updated February 7, 2012. Please see changes below.


The post below details the current pieces of draft/for discussion bills proposed by Representatives and Senators of the 112th Congressional Session. This will be a living post as it is expected there will be hearings happening before the July 4th recess.  For your reading pleasure and enjoyment (because what privacy-focused person doesn't love reading policy?) the items detail the sponsors, bill name and number, and provide links to PDF copies of the bill and to Thomas for official bill statuses.  Enjoy.  Sometime soon, expect a post from PrivacyWonk comparing all of these bills (where applicable/appropriate).

9/27/2011: Three Senate bills have moved far ahead of the pack being passed out of the Senate Judiciary Committe. Senators Blumenthal, Leahy, and Feinstein all have bills (see below) that will now appear on the legislative calendar. CDT's Harley Geiger has great write up on them here.

1/31/2012: While SOPA/PIPA dominated much of December 2011 and January 2012, a privacy issue arose around CarrierIQ -- tracking software installed in millions of smart phones on multiple carriers -- in early December. Senator Al Franken demanded answers to questions, CarrierIQ put out a press release, and other Congress members have asked for a formal investigation. Coming out of all this, Representative Edward Markey (D-MA) published a draft cellphone privacy bill. Lastly, two bills have seen an increase in support. H.R. 1895, Do Not Track Kids Online and H.R. 1981, Protecting Children From Internet Pornographers Act of 2011. Details below.

Quick Stats
Pieces of Legislation: 19 introduced, 1 discussion draft
Representatives: 9
Senators: 9

Representative Bobby L. Rush (D-IL) reintroduced his privacy focused legislation from last year on Thursday, February 10th, 2011.  Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (PDF). (H.R. 611).
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade, no cosponsors have signed on.

Representative Jackie Speier (D-CA) introduced two pieces of legislation on Friday, February 11th, 2011, aimed at protecting personal information.  The Do Not Track Me Online Act of 2011 (H.R. 654) would give consumers the ability to prevent the collection and use of data on their online activities.  The Financial Information Privacy Act of 2011 (H.R. 653) would give consumers control of their own financial information.
H.R. 654 Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. 22 cosponsors have signed on.
H.R. 653 Status: Referred to the House Subcommittee on Financial Institutions and Consumer Credit. Seven cosponsors have signed on.

Senators John Kerry (D-MA) and John McCain (R-AZ) introduced the Commercial Privacy Bill of Rights Act of 2011 (PDF) (S. 799) on April 12, 2011. This bill aims to establish a baseline code of conduct for how personally identifiable information and information that can uniquely identify an individual or networked device are used, stored, and distributed.
Status: Referred to Committee on Commerce, Science, and Transportation. Two cosponsors have signed on.

Representative Cliff Stearns (R-FL) introduced the Consumer Privacy Protection Act of 2011 (H.R. 1528) on April 13, 2011, which seeks to "protect and enhance consumer privacy" both online and offline by imposing certain notice and choice requirements with respect to the collection and use of personal information. 
Status
: Referred to the Committee on Commerce, Science, and Transportation. Five cosponsors have signed on.

Representative Bobby L. Rush (D-IL) reintroduced the Data Accountability and Trust Act (PDF) (H.R. 1701) (formerly H.R. 2221 from the 111th) on May 4, 2011, which directs companies to establish policies on the use (collection, storage, sale, disposition, etc) of consumer personal information.  It also has a 60-day breach notification requirement.  Minimal changes to the original, the only substantial update was the definition of service provider.
Status: Referred to the House Committee on Energy and Commerce. Four cosponsors have signed on.

Senator Jay Rockefeller (D-WV), the Chairman of the Senate Committee on Commerce, Science and Transportation, introduced the "Do-Not-Track Online Act of 2011" (S. 913) on May 9, 2011. The bill requires the Federal Trade Commission to prescribe regulations regarding the collection and use of personal information obtained by tracking the online activity of an individual, and for other purposes (Do Not Track).
Status: Referred to the Committee on Commerce, Science, and Transportation. Two cosponsors have signed on.

Representative Cliff Stearns (R-FL) and Representative Jim Matheson (D-UT) introduced the Data Accountability and Trust Act of 2011 (H.R. 1841) on May 11, 2011, which seeks to protect consumers by requiring reasonable security policies and procedures to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach. This bill is built on Representative Bobby Rush's original DATAct from the 111th.
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. One cosponsor has signed on.

Representatives Ed Markey (D-MA) and Joe Barton (R-TX) introduced the Do Not Track Kids Act of 2011 (PDF) (H.R. 1895) on May 13, 2011. The bill amends the historic Children's Online Privacy Protection Act of 1998 (COPPA), will extend, enhance and update the provisions relating to the collection, use and disclosure of children's personal information and establishes new protections for personal information of children and teens.
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. 18 cosponsors have signed on.

Senator Patrick Leahy (D-VT) introduced two Senate Bills to address both consumer privacy and citizen privacy. The first, introduced on May 17, 2011 to modernize and update the Electronic Communications Privacy Act titled Electronic Communications Privacy Act Amendments Act of 2011 (PDF) (S. 1011).  The second bill, introduced on June 6, 2011, titled Personal Data Privacy and Security Act of 2011 (PDF) (S.1151). This is an update and reintroduction of Leahy's 2009 bill of the same title.
S. 1011 Status: Read twice and referred to Committee on the Judiciary, no cosponsors have signed on.
S. 1151 Status: Placed on Senate Legislative Calendar under General Orders. Calendar No. 181. Four cosponsors have signed on. On 11/7/2011, Senator Leahy filed Additional/Minority views in Senate Report 112-091, the DHS Appropriations Bill of 2012.

Sen. Ron Wyden (D-OR) and Rep. Jason Chaffetz (R-Utah) introduced Geolocation Privacy and Surveillance ("GPS") Act (PDF). (S. 1212) and (H.R.2168) on June 15, 2011 that creates a legal framework designed to give government agencies, commercial entities and private citizens clear guidelines for when and how geolocation information can be accessed and used.
S.1212 Status: Referred to the Senate Committee on the Judiciary, one cosponsor has signed onto the bill.
H.R. 2168 Status: Referred to the Subcommittee on Crime, Terrorism, and Homeland Security. 10 cosponsors have signed on.

Senators Mark Pyyor (D-AR) and Senator Jay Rockefeller (D-WV) introduced the Data Security and Breach Notification Act (PDF) (S. 1207) on June 15, 2011.  This is a reintroduction of a bill originally proposed by Senator Pryor in 2010.  The bill aims to require businesses and nonprofit organizations that store consumers' personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the tools they need to protect their credit and finances. 
Status: Referred to the Committee on Commerce, Science, and Transportation. One cosponsor has signed on.
NB: Politico featured a story with S. 1207 as the center piece, describing the Senator's efforts to arrive a consensus and expressing their hopes to hit the December markup.

Senators Al Franken (D-MN) and Richard Blumenthal (D-CT) introduced the Location Privacy Protection Act of 2011 (PDF),  one-page overview (PDF) (S. 1223) on June 16, 2011 that would require companies/app developers to receive express consent from users of mobile devices like smartphones and tablets before sharing information about those users' location with third parties. Will update this post as more information becomes available. Franken gets the best headline out of this: Congress to Device Makers: Don't Track Me, Bro
Status: Read twice and referred to the House Committee on the Judiciary. Six cosponsors has signed on.

Representative Mary Bono Mack (R-CA) introduced the Secure and Fortify (SAFE) Data Act  (PDF) (H.R. 2577) on July 18, 2011.  The bill aims to establish standards of breach notification and would require organizations to notify people affected by a data breach and the Federal Trade Commission (FTC) within 48 hours. This bill was previously discussed during a House Energy and Commerce Committee panel/mark-up session held on June 15, 2011.
Status: Referred to House Commerce Subcommittee on Commerce, Manufacturing and Trade. No cosponsors have signed on.

Senator Dianne Feinstein (D-CA) introduced the Data Breach Notification Act of 2011 (PDF) (S. 1408) on July 22, 2011.  This is the same legislation Senator Feinstein has introduced in the 111th session (see: S. 139). The legislation is focused only on breach notification and does not introduce security requirements. It mandates multiple notifications depending on the severity of the breach (i.e., individual, secret service, FTC, etc) and gives States AGs power to bring civil suits and does not offer any private right of action.
Status: Committee on the Judiciary. Ordered to be reported with an amendment in the nature of a substitute favorably. No cosponsors have signed on. 2/6/2012: Placed on Senate Legislative Calendar under General Orders. Calendar No. 310.

The Congressional Budget Office (CBO) has scored S. 1408. The report, released October 31, 2011, "estimates that implementing S. 1408 would cost about $3 million annually for the FTC and federal law enforcement agencies to specify how the required notification procedures would work. CBO expects that most government agencies would incur negligible costs to implement the legislation."

Representative Lamar Smith (R-TX) introduced the Protecting Children From Internet Pornographers Act of 2011 (PDF) (H.R. 1981) on May 25, 2011. This bill mandates that Internet Service Providers keep incredibly detailed logs, for up to 18 months, on all customers to facilitate the prosecution of child pornography, including internet protocol addresses (i.e. all IP addresses assigned), customer names, addresses, phone records, type and length of service, and credit card numbers, and more.  Status: On July 28, 2011 the House Judiciary Committee conducted a final roll call vote (PDF) and approved the bill, 19-10 to move before the entire House for a vote. 39 cosponsors have signed on. On November 10, 2011 house report 112-281 Part 1 discussing the bill was published. On December 16, 2011 the bill was placed on the Union Calendar, Calendar No. 224.

Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act of 2011 (PDF) (S.1535) on September 8, 2011. The 100-page bill aims to regulate companies that store information for more than 10,000 people. The bill aims to deter preventable breaches, minimize consumer harm, promote a robust security platform, and uses a very big stick for compliance. Individuals found to consistently violating these provisions face a maximum sentence of five years in prison and/or a $1 million fine. This is one the most severe penalties put forward in a privacy focused bill. Further, the bill requests coordination between the FBI and Secret Service to produce reports on enforcement actions, breach trends, and the efficacy of post-breach notifications.
Status: Placed on Senate Legislative Calendar under General Orders. Calendar No. 182. One cosponsor has signed on.

Representative Ed Markey (D-MA) released a discussion draft of Mobile Device Privacy Act (PDF) on January 30, 2012. The bill would require companies to disclose if they are using tracking software (i.e. CarrierIQ), what information the software collects, and whom it shares the information with. Consumers would have to provide express consent to any data collection or transmission, and third parties would have to have documented policies in place to secure the data they collect. Companies that want to transfer data to third parties would have to file applications with the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). Enforcement falls under FTC Unfair and Deceptive trade practices.
Status: Discussion Draft, not officially introduced.


If you would like to voice concern or support for any of the bills, you can easily find you Representative and/or Senator through http://www.opencongress.org/people/representatives.


Special thanks to:
Hunton and Williams privacy blog for providing some quick source material -- http://www.huntonprivacyblog.com/
ThreatLevel -- http://www.wired.com/threatlevel/2011/06/gps-warrant-proposal/
Cecilia Kang -- http://www.washingtonpost.com/blogs/post-tech/post/franken-blumenthal-introduce-mobile-privacy-bill/2011/06/15/AGjZqCWH_blog.html
PrivacyLives for the draft of the Franken bill -- http://www.privacylives.com/senators-introduce-the-location-privacy-protection-act-of-2011/2011/06/15/
Privacy Insider - http://www.insideprivacy.com/united-states/feinstein-introduces-breach-notice-bill-senate-committee-may-consider-breach-notice-proposals-shortl/
CDT/ABC News Opinion: http://abcnews.go.com/Technology/tech-agenda-bills-carry-enormous-implications-technology/story?id=14522085


UPDATE 6/15/2011:
  • House hearing to discuss draft of Rep. Mary Bono Mack's data security bill starting now. Watch livestream at:http://www.ustream.tv/channel-popup/energyandcommerce2322
  • Senator Wyden and Representative Chaffetz dropped their bipartisan geolocation bill
  • Senators Franken and Blumenthal release a one-page overview of their legislation...
  • Senators Pryor and Rockefeller reintroduced data breach legislation
  • Fixed broken Thomas links above
UPDATE 6/16/2011:
  • Received final version of Al Franken's bill that was introduced on June 16, 2011.
UPDATE 6/29/2011:
  • Updated with Rep. Rush and Stearns/Matheson's versions of the Data Accountability and Trust Act of 2011
  • Updated cosponsor stats for all bills
  • Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, John D. Rockefeller, held a full committee hearing on privacy and data security. Archived webcast available: Privacy and Data Security: Protecting Consumers in the Modern World
UPDATE 8/2/2011:
  • Added H.R. 2577, S. 139, and H.R. 1981
UPDATE 9/27/2011:
  • Updated Status and cosponsors for all bills.
  • Added S.1535
UPDATE 11/7/2011:
  • Updated sponsor count on H.R. 654 (19 to 20)
  • Updated sponsor count on H.R. 1528 (4 to 5)
  • Added link to S. 1151, Senator Leahy's additional/minority views on DHS Appropriations bill
  • Updated sponsor count on S.1212 (0 to 1)
  • Updated sponsor count on H.R. 2168 (6 to 8)
  • Added Politico link on S.1207
  • Added CBO Score on S.1408
UPDATE 01/31/2012:
  • Added Rep. Markey's Discussion Draft
  • Updated sponsor count on H.R. 654 (20 to 22)
  • Updated sponsor count on H.R. 1707 (3 to 4)
  • Updated sponsor count on H.R. 1895 (6 to 18)
  • Updated sponsor count on H.R. 2168 (8 to 10)
  • Updated sponsor count on S. 1223 (5 to 6)
  • Updated sponsor count on H.R. 2168 (25 to 39)
UPDATE 02/07/2012:
  • Updated status of S. 1408, placed on Senate Legislative Calendar under General Orders. Calendar No. 310 as of 2/6/2012.

No TrackBacks

TrackBack URL: http://www.privacywonk.net/foia/mt-tb.cgi/93

1 Comment

Hi Tim - thanks so much, this is very helpful!

Leave a comment