Personal Information Privacy Act of 1997 (Introduced in the Senate)
S 600 IS
IN THE SENATE OF THE UNITED STATES
Mrs. FEINSTEIN (for herself and Mr. GRASSLEY) introduced the following bill; which was read twice and referred to the Committee on Finance
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the `Personal Information Privacy Act of 1997'.
Section 603(d) of the Fair Credit Reporting Act (15 U.S.C. 1681a(d)) is amended by inserting after the first
sentence the following: `The term also includes any other identifying information of the consumer, except the name, address, and telephone number of the consumer if listed in a residential telephone directory available in the locality of the consumer.'.
(a) IN GENERAL- Part A of title XI of the Social Security Act (42 U.S.C. 1301 et seq.) is amended by adding at the end the following:
`SEC. 1146. (a) PROHIBITION OF COMMERCIAL ACQUISITION OR DISTRIBUTION- No person may buy, sell, offer for sale, take or give in exchange, or pledge or give in pledge any information for the purpose, in whole or in part, of conveying by means of such information any individual's social security account number, or any derivative of such number, without the written consent of such individual.
`(b) PROHIBITION OF USE AS PERSONAL IDENTIFICATION NUMBER- No person may utilize any individual's social security account number, or any derivative of such number, for purposes of identification of such individual without the written consent of such individual.
`(c) PREREQUISITES FOR CONSENT- In order for consent to exist under subsection (a) or (b), the person engaged in, or seeking to engage in, an activity described in such subsection shall--
`(1) inform the individual of all the purposes for which the number will be utilized and the persons to whom the number will be known; and
`(2) obtain affirmatively expressed consent in writing.
`(d) EXCEPTIONS- Nothing in this section shall be construed to prohibit any use of social security account numbers permitted or required under section 205(c)(2) of this Act, section 7(a)(2) of the Privacy Act of 1974 (5 U.S.C. 552a note; 88 Stat. 1909), or section 6109(d) of the Internal Revenue Code of 1986.
`(e) CIVIL ACTION IN UNITED STATES DISTRICT COURT; DAMAGES; ATTORNEYS FEES AND COSTS; NONEXCLUSIVE NATURE OF REMEDY-
`(1) IN GENERAL- Any individual aggrieved by any act of any person in violation of this section may bring a civil action in a United States district court to recover--
`(A) such preliminary and equitable relief as the court determines to be appropriate; and
`(B) the greater of--
`(i) actual damages; and
`(ii) liquidated damages of $25,000 or, in the case of a violation that was willful and resulted in profit or monetary gain, $50,000.
`(2) ATTORNEY'S FEES AND COSTS- In the case of a civil action brought under paragraph (1) in which the aggrieved individual has substantially prevailed, the court may assess against the respondent a reasonable attorney's fee and other litigation costs and expenses (including expert fees) reasonably incurred.
`(3) STATUTE OF LIMITATIONS- No action may be commenced under this subsection more than 3 years after the date on which the violation was or should reasonably have been discovered by the aggrieved individual.
`(4) NONEXCLUSIVE REMEDY- The remedy provided under this subsection shall be in addition to any other lawful remedy available to the individual.
`(f) CIVIL MONEY PENALTIES-
`(1) IN GENERAL- Any person who the Commissioner of Social Security determines has violated this section shall be subject, in addition to any other penalties that may be prescribed by law, to--
`(A) a civil money penalty of not more than $25,000 for each such violation, and
`(B) a civil money penalty of not more than $500,000, if violations have occurred with such frequency as to constitute a general business practice.
`(2) DETERMINATION OF VIOLATIONS- Any violation committed contemporaneously with respect to the social security account numbers of 2 or more individuals by means of mail, telecommunication, or otherwise shall be treated as a separate violation with respect to each such individual.
`(3) ENFORCEMENT PROCEDURES- The provisions of section 1128A (other than subsections (a), (b), (f), (h), (i), (j), and (m), and the first sentence of subsection (c)) and the provisions of subsections (d) and (e) of section 205 shall apply to civil money penalties under this subsection in the same manner as such provisions apply to a penalty or proceeding under section 1128A(a), except that, for purposes of this paragraph, any reference in section 1128A to the Secretary shall be deemed a reference to the Commissioner of Social Security.
`(g) REGULATION BY STATES- Nothing in this section shall be construed to prohibit any State authority from enacting or enforcing laws consistent with this section for the protection of privacy.'.
(b) EFFECTIVE DATE- The amendment made by this section applies with respect to violations occurring on and after the date which is 2 years after the date of enactment of this Act.
(a) RESTRICTION ON GOVERNMENTAL USE- Section 2721(b)(1) of title 18, United States Code, is amended by striking `its functions.' and inserting `its functions, but in the case of social security numbers, only to the extent permitted or required under section 205(c)(2) of the Social Security Act (42 U.S.C. 405(c)(2)), section 7(a)(2) of the Privacy Act of 1974 (5 U.S.C. 552a note, 88 Stat. 1909), section 6109(d) of the Internal Revenue Code of 1986, or any other provision of law specifically identifying such use.'.
(b) PROHIBITION OF USE BY MARKETING COMPANIES- Section 2721(b)(12) of title 18, United States Code, is amended by striking `For' and inserting `Except in the case of social security numbers, for'.