• PC World
• »Security

Pending Laws: Capitol Hill on the Case

California recently set a new standard for online security with its passage of Senate Bill 1386, which became law on July 1. The law requires any company doing business in California to notify its customers in the state of any attempted security breach into nonencrypted, personally identifiable data. Whether or not Congress passes a similar federal rule, the law will probably have a national impact because a company is likely to streamline its operations by adopting a single information gathering and notification process for all its customers nationwide. Some pending bills aim to close other privacy holes. Visit thomas.loc.gov for updates on each bill's status.

1. Online Privacy Protection Act of 2003/H.R. 69. Sponsored by Representative Rodney P. Frelinghuysen (R-New Jersey), this bill empowers the FTC to regulate and police the collection, use, and disclosure of personal information about individuals on the Net by Web site operators and online services. It also gives people greater control over their data, letting them consent to or limit any disclosures, especially to third parties.
2. Consumer Privacy Protection Act of 2003/H.R. 1636. The bill, sponsored by Representative Cliff Stearns (R-Florida), covers buyers who make interstate purchases--online or offline (via mail-order catalogs and the like). It requires companies that collect personally identifiable data to disclose to customers when the data may be used for marketing or other unrelated purposes, and gives enforcement responsibility to the FTC.
3. Privacy Act of 2003/S.B. 745. Sponsored by Senator Dianne Feinstein (D-California), this bill requires companies to obtain a customer's consent before selling or disclosing that customer's personally identifiable information (such as a driver's license number, and health and financial data).
4. Identity Theft Prevention Act/S.B. 223. Sponsored by Senator Feinstein, this bill requires banks and other financial agencies to make more aggressive efforts to prevent criminal access to sensitive data. For example, it bans companies from printing full credit card numbers on receipts.
5. Social Security Number Misuse Prevention Act/S.B. 228. This bill, also from Senator Feinstein, restricts the sale or display of a person's Social Security number, such as on a government check, without consent. It also bars companies from requiring a Social Security number when consumers make purchases.