Thursday, April 21, 2005

~ status of federal legislation affecting private investigators ~

The National Council of Investigation and Security Services (NCISS) is the advocate for private investigators in Washington D.C. If you want to protect your livelihood send them a check today. This is an all volunteer organization. Even if you're not a member you can support our legislative effort: NCISS Legislative Fund, 7501 Sparrows Point Blvd., Baltimore, MD 21219.

Here are some of the bills NCISS is watching. It's a lengthy list but is organized by topic.

Data Warehouses
S. 500 – Information Protection and Security Act – Senator Bill Nelson (D-FL)
Latest Update: Sen. Nelson introduced the Information Protection and Security Act on March 3 and it was then referred to the Committee on Commerce, Science, and Transportation. H.R. 500 is identical to H.R. 1080, sponsored by Rep. Ed Markey (D-MA).

Summary: S. 500 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.

H.R. 1080 – Information Protection and Security Act – Congressman Ed Markey (D-MA)
Latest Update: H.R. 1080 was introduced on March 3 by Rep. Markey and was referred to the House Committee on Energy and Commerce. H.R. 1080 is identical to S. 500, sponsored by Sen. Bill Nelson (D-FL).

Summary: H.R. 1080 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.

Privacy / Identity Theft Protection
New! S. 751 – Notification of Risk to Personal Data Act
– Senator Dianne Feinstein (D-CA)
Latest Update: S. 751 was introduced on April 11, 2005 and referred to the Committee on Commerce, Science, and Transportation. This bill is based on California law, which is the first and currently the only State law requiring notification of individuals.

Summary: S. 751 requires a business or government entity to notify an individual in writing or email when it is believed that personal information has been compromised, with the exception of situations relating to criminal investigation or national security purposes. Examples of personal information include: Social Security number, driver's license or state identification number, or credit card or bank account information. The bill covers both electronic and non-electronic data, as well as encrypted and non-encrypted data.

New! S. 768 – Comprehensive Identity Theft Prevention Act – Senator Charles Schumer (D-NY) and Senator Bill Nelson (D-FL)
Latest Update: Introduced on April 12, 2005, and referred to the Committee on Commerce, Science, and Transportation.

Summary: S. 768 regulates information brokers, cracks down on the sale of Social Security numbers, and notifies Americans when their personal information is compromised. Creates a new Federal Trade Commission (FTC) office to help victims restore their identities. Creates an Assistant Secretary for Cyber Security in the Department of Homeland Security.
New! H.R. 1263 – Consumer Privacy Protection Act of 2005 – Congressman Cliff Stearns (R-FL)

Latest Update: Introduced on March 10 and referred to the House Subcommittee on Commerce, Trade and Consumer Protection on March 22.
Summary: Protects and enhances consumer privacy by instituting a number of requirements for data collection organizations, specifically to provide notification to consumers and to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer's information.

S. 29 – Social Security Number Misuse Prevention Act – Senator Dianne Feinstein (D-CA)
Latest Update: S. 29 was introduced on Jan. 24 by Sen. Feinstein and was referred to the Committee on the Judiciary.

Summary: This bill amends the Federal criminal code to prohibit the display, sale, or purchase of social security numbers without the affirmatively expressed consent of the individual, except in specified circumstances. It directs the Attorney General to study and report to Congress on all the uses of social security numbers permitted, required, authorized, or excepted under any Federal law, including the impact of such uses on privacy and data security. S. 29 establishes a public records exception to the prohibition and directs the Comptroller General to study and report to Congress on social security numbers in public records. The Attorney General is granted rulemaking authority to enforce this Act's prohibition and to implement and clarify the permitted uses occurring as a result of an interaction between businesses, governments, or business and government.

S. 116 – Privacy Act of 2005 – Senator Dianne Feinstein (D-CA
Latest Update: S. 116 was introduced on Jan. 24 by Sen. Feinstein and was referred to the Committee on the Judiciary.

Summary: S. 116 prohibits the sale and disclosure of personally identifiable information by a commercial entity to a non-affiliated third party unless prescribed procedures for notice and opportunity to restrict such disclosure have been followed. The bill grants the Federal Trade Commission (FTC) enforcement authority. S. 166 also amends Federal criminal law to prohibit the display, sale, or purchase of social security numbers (SSNs) without the affirmatively expressed consent of the individual. This legislation prohibits the use of SSNs on checks issued for payment by governmental agencies and driver's licenses or motor vehicle registrations. It prohibits a commercial entity from requiring disclosure of an individual's SSN in order to obtain goods or services, and it establishes criminal and civil monetary penalties for misuse of an SSN.

H.R. 82 – Social Security On-line Privacy Protection Act – Congressman Rodney Frelinghuysen (R-NJ)

Latest Update: Rep. Frelinghuysen introduced H.R. 82 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection of Feb. 4.

Summary: H.R. 82 prohibits an interactive computer service from disclosing to a third party an individual's Social Security number or related personally identifiable information without the individual's prior informed written consent. The bill also requires such service to permit an individual to revoke any consent at any time.

H.R. 84 – Online Privacy Protection Act of 2005 – Congressman Rodney Frelinghuysen (R-NJ)
Latest Update: Rep. Frelinghuysen introduced H.R. 84 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection.

Summary: H.R. 84 requires the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 (age 13 and above) on the Internet. It makes it unlawful for an operator of a Web site or online service to collect, use, or disclose personal information concerning an individual in a manner that is in violation of prescribed regulations, requiring such operators to protect the confidentiality, security, and integrity of personal information it collects from such individuals. H.R. 84 also provides greater individual control over the collection and use of that information by creating a process for such individuals to consent to or limit the disclosure of such information. Additionally, H.R. 84 directs the FTC to provide incentives for efforts of self-regulation by operators to implement appropriate protections for such information. Finally, it authorizes the States to enforce such regulations by bringing actions on behalf of residents, requiring the State attorney general to first notify the FTC of such action.

H.R. 220 – Identity Theft Prevention Act of 2005 – Congressman Ron Paul (R-TX)
Latest Update: H.R. 220 was introduced on Jan. 4 by Rep. Paul. It was then referred to the Committee on Ways and Means and the Committee on Government Reform.

Summary: H.R. 220 Amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act and the Internal Revenue Code to prohibit using a Social Security account number except for specified Social Security and tax purposes. The bill also prohibits the Social Security Administration from divulging the Social Security account number of an individual to any Federal, State, or local government agency or instrumentality, or to any other individual. Conversely, no Federal, State, or local government agency or instrumentality may request an individual to disclose his Social Security account number on either a mandatory or a voluntary basis, among other prohibitions.

Internet
H.R. 214 – Advanced Internet Communications Services Act of 2005
– Congressman Cliff Stearns (R-FL)

Latest Update: Rep. Stearns introduced this bill on January 14 and on Feb. 4, it was referred to House Subcommittee on Telecommunications and the Internet.

Summary: The bill aims to promote deployment of and investment in advanced Internet communications services. It gives the Federal Communications Commission (FCC) exclusive authority regarding advanced Internet communications services, allowing the FCC to impose specific requirements or obligations on providers of advanced Internet communications voice service.

Homeland Security
S. 140 – Domestic Defense Fund Act of 2005 – Senator Hillary Clinton (D-NY)
Latest Update: Sen. Hillary Clinton introduced S. 140 on January 24. It was referred to the Senate Committee on Homeland Security and Governmental Affairs.

Summary: S. 140 provides for a domestic defense fund to improve the Nation's homeland defense by authorizing the Secretary of Homeland Security to award grants to States, units of local government, and Indian tribes for homeland security development. The grant awardees are required to develop a homeland security plan identifying both short- and long-term homeland security needs, among other items. 70 percent of grant funds are required to be allocated among metropolitan cities and urban counties based on the Secretary's calculations of various infrastructure vulnerabilities and threats such as proximity to international borders, nuclear or other energy facilities, air, rail or water transportation, and national icons and Federal buildings.

H.R. 91 – Smarter Funding for All of America's Homeland Security Act of 2005 – Congressman Rodney P. Frelinghuysen (R-NJ)

Latest Update: Rep Rodney Frelinghuysen introduced H.R. 91 on January 4. It was referred to the Committee on Homeland Security (Select), and also referred to the Committees on Transportation and Infrastructure, the Judiciary, and Energy and Commerce for consideration of provisions as they fall within the jurisdiction of the committee concerned. On February 25, it was referred to the Subcommittee on Health, where it currently is waiting for action by the Chairman.

Summary: H.R. 91 modifies the DHS grant program, authorizing the Secretary of Homeland Security to make grants to first responders. One new criteria will be "Threats to major communications nodes, including cyber and telephonic nodes."

H.R. 285 – Department of Homeland Security Cybersecurity Enhancement Act of 2005 – Congressman Mac Thornberry (R-TX) and Congresswoman Zoe Lofgren (D-CA)

Latest Update: Also known as the Department of Homeland Security Cybersecurity Enhancement Act of 2005. On January 6, Congressman Mac Thornberry and Congresswoman Zoe Lofgren reintroduced bipartisan legislation to create an Assistant Secretary for Cybersecurity position within the Department of Homeland Security's Information Analysis and Infrastructures Protection Directorate. The Assistant Secretary position was originally introduced on the 108th Congress in H.R. 10, the 911 Recommendations Implementation Act, where it was approved by the House of Representatives, but ultimately was not included in the final version of the bill.

Summary: The legislation would allow for the Assistant Secretary to have primary authority within the Department for all cyber security-related critical infrastructure protection programs of the Department, including policy formulation and program management. The legislation touts strong support from the technology, education, and financial sectors.