Institute for Legal, Legislative and Educational Action
Title: Consumer Privacy Protection Act of 2015
Subject: Administrative law and regulatory procedures: Civil actions and liability: Computer security and identity theft: Congressional oversight: Consumer affairs: Consumer credit: Criminal investigation, prosecution, interrogation: Criminal justice information and records: Federal Trade Commission (FTC): Federal preemption: Fraud offenses and financial crimes: Right of privacy: State and local government operations: Telephone and wireless communication: Crime and law enforcement
Description: Consumer Privacy Protection Act of 2015 Establishes a criminal offense for concealment of a security breach of computerized data containing sensitive personally identifiable information that results in economic harm of $1,000 or more to any individual. Authorizes the Department of Justice (DOJ) to commence a civil action to enjoin unauthorized persons or entities from accessing or transmitting computer commands commonly referred to as botnets that would impair the integrity or availability of 100 or more computers used by financial institutions or the federal government or that affect interstate or foreign commerce or communications during any one-year period, including by denying access to the computers, installing unwanted software, or obtaining information without authorization. Allows DOJ to enjoin the alienation or disposal of, or to seek restraining orders prohibiting the disposal of, property obtained as a result of such a violation. Expands categories of money laundering offenses to include financial transactions involving the proceeds of unlawful manufacturing, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices. Requires certain business entities that collect, use, access, transmit, store, or dispose of sensitive personally identifiable information in electronic or digital form of 10,000 or more U.S. persons during any 12-month period to implement a consumer privacy and data security program that complies with safeguards identified by the Federal Trade Commission (FTC). Requires entities, following discovery of a security breach, to notify U.S. residents whose unencrypted personal information is reasonably believed to have been accessed or acquired. Sets forth special notification procedures for: (1) third party entities that maintain or process data in electronic form on behalf of another entity; and (2) certain providers of electronic data transmission, routing, storage, or network connection services. Directs entities to notify a federal entity designated by the Department of Homeland Security (DHS) if a security breach involves: (1) the personal information of more than 5,000 individuals, (2) databases containing the personal information of more than 500,000 individuals nationwide, (3) federal databases, or (4) federal employees and contractors involved in national security or law enforcement. Requires the DHS-designated entity to provide the information it receives to: (1) the U.S. Secret Service or the Federal Bureau of Investigation for law enforcement purposes; and (2) other federal agencies for law enforcement, national security, or data security purposes. Establishes a process for DOJ to adjust the thresholds for law enforcement and national security notifications. Requires notice of certain breaches to be provided to consumer reporting agencies and the FTC. Exempts certain financial institutions, entities that comply with health record privacy laws, and electronic communication service providers from certain requirements of this Act. Establishes civil penalties for violations of this Act and provides enforcement authority to the FTC, DOJ, and states. Supersedes federal and state laws that are less stringent than the data security practices and breach notification standards required by this Act, but permits states to continue to enforce other consumer protection laws and to apply state laws regarding trespasses, contracts, torts, or fraud.
Session: 114th Congress
Last Action: Read twice and referred to the Committee on the Judiciary. (Sponsor introductory remarks on measure: CR S2577-2578)
Last Action Date: April 30, 2015
Link: https://www.congress.gov/bill/114th-congress/senate-bill/1158/all-info
Companion Bill: HB2977
Note: the first sponsor listed is normally the primary sponsor. If a sponsor's name is a hyperlink you can click on it to 'follow the money'.
6 sponsors: Patrick Leahy (D); Al Franken (D); Elizabeth Warren (D); Richard Blumenthal (D); Ron Wyden (D); Edward Markey (D)
Chamber | Date | Action |
Senate | Apr 30 2015 | Read twice and referred to the Committee on the Judiciary. (Sponsor introductory remarks on measure: CR S2577-2578) |
Type | Date | Federal Link | Text |
Introduced | May 13 2015 | federal bill text | bill text |
Title | Description | Date | State Link | Text | Adopted |
There are no amendments to this bill at this time |
Chamber: S
Committee Name: Judiciary
There have not been any votes on this bill