About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 (February 3, 2006)

handle is hein.crs/crsuntaacjn0001 and id is 1 raw text is: Order Code RS22374 February 3, 2006 CRS Report for Congress Received through the CRS Web Data Security: Federal and State Laws Gina Marie Stevens Legislative Attorney American Law Division Summary Security breaches involving electronic personal data have come to light largely as a result of the California Security Breach Notification Act, a California notification law that went into effect in 2003. In response, the states and some Members have introduced bills that would require companies to notify persons affected by such security breaches. By December 2005, 35 states had introduced data security legislation and 22 states had enacted data security laws. Numerous data security bills have been introduced in the 109h Congress (S. 115, S. 500, S. 751, S. 768, S. 1216, S. 1326, S. 1332, S. 1408, S. 1594, S. 1789, S. 2169, H.R. 1069, H.R. 1080, H.R. 3140, H.R. 3374, H.R. 3375, H.R. 3397, H.R. 4127). S. 1326, S. 1408, and S. 1789 were reported by Senate committees. This report provides a brief discussion of federal and state data security laws. The security of personal information and risks to data are paramount concerns addressed in federal and state law, legislation, and regulations. The public disclosure of breaches of customer databases in 2005 heightened interest in the business and regulation of data brokers. Data brokers collect personal information from public and private records and sell this information to public and private sector entities for many purposes, from marketing to law enforcement and homeland security purposes.2 Recent data security breaches illustrate (1) the risks associated with collecting and disseminating large amounts of electronic personal information, (2) the increased visibility of data security breaches as a result of consumer notice requirements, and (3) the potential risk of harm or injury to consumers from identity theft crimes (e.g., credit card fraud, check fraud, mortgage fraud, health-care fraud, and the evasion of law enforcement). One result of the highly publicized breaches of personal data security has been a new focus on establishing 1 In particular, two types of businesses exist in this industry: (1) 'individual reference services providers' (IRSPs), which sell 'profiles' and other reports containing confidential personal information about individuals; and (2) 'marketing list brokers,' which sell lists of names, mailing addresses or electronic mail addresses of individuals, grouped by characteristics, conditions, circumstances, traits, preferences or mode of living. Federal Trade Commission, Individual Reference Services: A Federal Trade Commission Report to Congress (Dec. 17, 1997), available at [http://www.ftc.gov/os/1997/12/irs.pdf]. 2 CRS Report RS22137, Data Brokers: Background and Industry Overview, by Nathan Brooks. Congressional Research Service 4- The Library of Congress

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most