About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (January 12, 2007)

handle is hein.crs/crsajec0001 and id is 1 raw text is: Order Code RS22374 Updated January 12, 2007 Data Security: Federal and State Laws Gina Marie Stevens Legislative Attorney American Law Division Summary Security breaches involving electronic personal data have come to light largely as a result of the California Security Breach Notification Act, a California law that went into effect in 2003. In response to frequently occurring breaches of personal data, many states passed laws that would require companies to notify persons affected by such security breaches. By December 2006, 34 states had enacted data security laws. Numerous data breach notice and data security bills were considered in the 109th Congress, but not passed. This report provides a brief discussion of federal and state data breach notice and data security laws. The security of personal information and risks to data are paramount concerns addressed in federal and state law, legislation, and regulations. The public disclosure of breaches of customer databases in 2005 heightened interest in the business and regulation of data brokers.' Data brokers collect personal information from public and private records and sell this information to public and private sector entities for many purposes, from marketing to law enforcement and homeland security purposes.2 Recent data security breaches illustrate (1) the risks associated with collecting and disseminating large amounts of electronic personal information, (2) the increased visibility of data security breaches as a result of consumer notice requirements, and (3) the potential risk of harm or injury to consumers from identity theft crimes (e.g., credit card fraud, check fraud, mortgage fraud, health-care fraud, and the evasion of law enforcement). One result of the highly publicized breaches of personal data security has been a new focus on establishing 1 In particular, two types of businesses exist in this industry: (1) 'individual reference services providers' (IRSPs), which sell 'profiles' and other reports containing confidential personal information about individuals; and (2) 'marketing list brokers,' which sell lists of names, mailing addresses or electronic mail addresses of individuals, grouped by characteristics, conditions, circumstances, traits, preferences or mode of living. Federal Trade Commission, Individual Reference Services: A Federal Trade Commission Report to Congress (Dec. 17, 1997), available at [http://www.ftc.gov/os/1997/12/irs.pdf]. 2 CRS Report RS22137, Data Brokers: Background and Industry Overview.

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most