H.R. 2221: Data Accountability and Trust Act
111th Congress, 1st Session
Official Title: To protect consumers by requiring reasonable security policies and procedures to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach.
Sponsor: Rep Rush, Bobby L. [IL-1] (introduced 4/30/2009)
Major Actions:
12/9/2009 Referred to Senate committee: Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation.
12/8/2009 Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.
12/8/2009 Reported (Amended) by the Committee on Energy and Commerce.
6/3/2009 House committee/subcommittee actions. Status: Forwarded by Subcommittee to Full Committee (Amended) by Voice Vote.
4/30/2009 Introduced in House.
4/30/2009--Introduced.
Data Accountability and Trust Act - Requires the Federal Trade Commission ( FTC) to promulgate regulations requiring each person engaged in interstate commerce that owns or possesses electronic data containing personal information to establish security policies and procedures.
Authorizes the FTC to require a standard method or methods for destroying obsolete nonelectronic data.
Requires information brokers to submit their security policies to the FTC in conjunction with a security breach notification or on FTC request. Requires the FTC to conduct or require an audit of security practices when information brokers are required to provide notification of such a breach. Authorizes additional audits after a breach.
Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information.
Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information.
Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).
Prescribes procedures for notification to the FTC and affected individuals of information security breaches. Sets forth special notification requirements for breaches: (1) by contractors who maintain or process electronic data containing personal information; (2) involving telecommunications and computer services; and (3) of health information.
Preempts state information security laws.
Read the
entire bill here
(PDF).
Cosponsors: (4)
Rep Barton, Joe [TX-6]
Rep Radanovich, George [CA-19]
Rep Schakowsky, Janice D. [IL-9]
Rep Stearns, Cliff [FL-6]