Personal Data Privacy and Security Act of 2011

On June 7, 2011 Senator Leahy introduced bill S. 1151 in the Senate called the Personal Data Privacy and Security Act of 2011, which is linked HERE. The stated purpose of the bill is as follows:

To prevent and mitigate identity theft, to ensure privacy,
to provide notice of security breaches, and to enhance
criminal penalties, law enforcement assistance, and other
protections against security breaches, fraudulent access,
and misuse of personally identifiable information.”

The proposed bill would, among other things, amend the RICO Act to include violations of the Computer Fraud and Abuse Act (“CFAA”), thus adding a RICOesque twist to the CFAA which is a dream for any lawyer dealing with these issues. This is a significant piece of legislation that comes in at 70 pages and will require some analysis (did I mention I’m getting married this week?) that I fully intend to do … but I haven’t yet! At any rate, I’ll do this the “cheap way” for the time being and provide the Table of Contents of the bill so you can see what it does in general and whether it’s worth your while to dig any deeper. Or, you can just wait for me to dig into it for you! I am sorry for doing this but it is late and I have lots to do so, at any rate, here goes:

TITLE I—ENHANCING PUNISHMENT FOR IDENTITY THEFT AND
OTHER VIOLATIONS OF DATA PRIVACY AND SECURITY
Sec. 101. Organized criminal activity in connection with unauthorized access to
personally identifiable information.
Sec. 102. Concealment of security breaches involving sensitive personally identifiable
information.
Sec. 103. Penalties for fraud and related activity in connection with computers.

TITLE II—DATA BROKERS
Sec. 201. Transparency and accuracy of data collection.
Sec. 202. Enforcement.
Sec. 203. Relation to State laws.
Sec. 204. Effective date.

TITLE III—PRIVACY AND SECURITY OF PERSONALLY
IDENTIFIABLE INFORMATION
Subtitle A—A Data Privacy and Security Program
Sec. 301. Purpose and applicability of data privacy and security program.
Sec. 302. Requirements for a personal data privacy and security program.
Sec. 303. Enforcement.
Sec. 304. Relation to other laws.
Subtitle B—Security Breach Notification
Sec. 311. Notice to individuals.
Sec. 312. Exemptions.
Sec. 313. Methods of notice.
Sec. 314. Content of notification.
Sec. 315. Coordination of notification with credit reporting agencies.
Sec. 316. Notice to law enforcement.
Sec. 317. Enforcement.
Sec. 318. Enforcement by State attorneys general.
Sec. 319. Effect on Federal and State law.
Sec. 320. Authorization of appropriations.
Sec. 321. Reporting on risk assessment exemptions.
Sec. 322. Effective date.

TITLE IV—GOVERNMENT ACCESS TO AND USE OF COMMERCIAL
DATA
Sec. 401. General services administration review of contracts.
Sec. 402. Requirement to audit information security practices of contractors
and third party business entities.
Sec. 403. Privacy impact assessment of government use of commercial information
services containing personally identifiable information.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s