Sneak Peek of Proposed United States Privacy-Related Bills in 2005
(by Ullas Tharakan)
A sneak peek on the upcoming Encryption market which will domainate information security in the coming years. Number of new legislation is geared up to protect customer privacy will drive the organizations to implemented better and new controls. A snapshot of the new upcoming legislations in the US Market below -

H.R. 82, Social Security On-line Privacy Protection Act—Introduced 1/4/2005 by Rep. Rodney Frelinghuysen (NJ); prohibits an interactive computer service from disclosing to a third party an individual's Social Security number or related personally identifiable information without the individual's prior informed written consent. The bill also requires such service to permit an individual to revoke any consent at any time.

S. 29, Social Security Number Misuse Prevention Act—Introduced 1/24/2005 by Sen. Dianne Feinstein (CA); amends the Federal criminal code to prohibit the display, sale, or purchase of Social Security numbers without the affirmatively expressed consent of the individual, except in specified circumstances.

S. 116, Privacy Act of 2005—Introduced 1/24/2005 by Sen. Dianne Feinstein (CA); to require the consent of an individual prior to the sale and marketing of such individual's personally identifiable information, and for other purposes

S. 751, Notification of Risk to Personal Data Act—Introduced 4/11/2005 by Sen. Dianne Feinstein (CA); requires a business or government entity to notify an individual in writing or
email when it is believed that personal information has been compromised, with the exception of situations relating to criminal investigation or national security purposes.

S. 768, Comprehensive Identity Theft Prevention Act—Introduced 4/12/3005 by Sen. Charles Schumer (NY); creates a new Federal Trade Commission (FTC) office of identity theft to help victims restore their identities.

S. 1216, Financial Privacy Breach Notification Act of 2005—Introduced 6/9/2005 by Sen. Jon Corzine (NJ); amends GLBA to require a financial institution to promptly notify the following entities whenever a breach of personal information has occurred at such institution: each customer affected by such breach; certain consumer reporting agencies; and appropriate law enforcement agencies. Furthermore, it requires any person that maintains personal information for or on behalf of a financial institution to promptly notify the institution of any case in which such customer information has been breached.

S. 1326, Notification of Risk to Personal Data Act—Introduced 6/28/2005 by Sen. Jeff Sessions (AL); requires any entity that owns or licenses sensitive personal information to implement and maintain "reasonable" security and notification procedures and practices appropriate to the nature of the information; preempts any state laws which relate "in any way to electronic information security standards or notification."

S. 1332, Personal Data Privacy and Security Act of 2005—Introduced 6/29/2005 by Sen. Arlen Specter (PA) and Sen. Patrick Leahy (VT); deals with different issues relating to identity theft and security breaches, specifically providing security measures that require "business entities" that have information on more than 10,000 United States persons to adopt measures, commensurate with the sensitivity of the data and the size and complexity of the entities activities.

S. 1336, Consumer Identity Protection and Security Act—Introduced 6/29/2005 by Sen. Mark Pryor (AR); establishes procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce.

S. 1408, Identity Theft Protection Act—Introduced 7/14/2005 by Sen. Gordon Smith (OR) and Sen. Bill Nelson (FL); strengthens data protection and safeguards, requires data breach notification, and further prevents identity theft.