[Congressional Bills 103th Congress]
[From the U.S. Government Publishing Office]
[S. 1735 Reference Change Senate (RCS)]

103d CONGRESS
  1st Session
                                S. 1735

 To establish a Privacy Protection Commission, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

            November 20 (legislative day, November 2), 1993

   Mr. Simon introduced the following bill; which was read twice and 
               referred to the Committee on the Judiciary

            November 24 (legislative day, November 23), 1993

Committee discharged; ordered referred to the Committee on Governmental 
                                Affairs

_______________________________________________________________________

                                 A BILL


 
 To establish a Privacy Protection Commission, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Privacy Protection Act of 1993''.

SEC. 2. FINDINGS AND PURPOSE.

    The Congress finds that--
            (1) we live in an age of ever-increasing dependence on 
        electronic data storage, communications, and usage;
            (2) vast quantities of data are stored electronically and 
        may be instantly transferred electronically from one party to 
        another for business or for other purposes;
            (3) the nature of such data allows for the increasing 
        possibility that an individual's privacy rights may be 
        violated;
            (4) the technology is growing so rapidly that broader 
        societal consequences may not have been reviewed or studied nor 
        is it clear how the use of such technology will affect existing 
        data systems and their use; and
            (5) a United States Privacy Protection Commission should be 
        established to--
                    (A) ensure that privacy rights of United States 
                citizens in regard to electronic data and fair 
                information practices and principles are not abused or 
                violated;
                    (B) provide advisory guidance to the public and 
                private sector on matters related to electronic data 
                storage, communication, and usage;
                    (C) provide the public with a central agency for 
                information and guidance on privacy protections and 
                fair information practices and principles;
                    (D) oversee Federal agencies' implementation of 
                section 552a of title 5, United States Code; and
                    (E) promote and encourage the adoption of fair 
                information practices and principles in the public and 
                private sector, which should include--
                            (i) the principle of openness, which 
                        provides that the existence of recordkeeping 
                        systems and databanks containing information 
                        about individuals be publicly known, along with 
                        a description of main purpose and uses of the 
                        data;
                            (ii) the principle of individual 
                        participation, which provides that each 
                        individual should have the right to see any 
                        data about him or herself and to correct any 
                        data that is not timely, accurate, or complete;
                            (iii) the principle of data quality, which 
                        provides that personal data should be relevant 
                        to the purposes for which they are to be used, 
                        and data should be timely, accurate, and 
                        complete;
                            (iv) the principle of collection 
                        limitation, which provides that there should be 
                        limits to the collection of personal data, that 
                        data should be collected by lawful and fair 
                        means, and that data should be collected, where 
                        appropriate, with the knowledge and consent of 
                        the subject;
                            (v) the principle of use limitation, which 
                        provides that there are limits to the use of 
                        personal data and that data should be used only 
                        for purposes specified at the time of 
                        collection;
                            (vi) the principle of disclosure 
                        limitation, which provides that personal data 
                        should not be communicated externally without 
                        the consent of the data subject or other legal 
                        authority;
                            (vii) the principle of security, which 
                        provides that personal data should be protected 
                        by reasonable security safeguards against such 
                        risks as loss, unauthorized access, 
                        destruction, use, modification or disclosure; 
                        and
                            (viii) the principle of accountability, 
                        which provides that recordkeepers should be 
                        accountable for complying with fair information 
                        practices and principles.

SEC. 3. ESTABLISHMENT OF A PRIVACY PROTECTION COMMISSION.

    There is established the Privacy Protection Commission (hereinafter 
referred to as the ``Commission'').

SEC. 4. PRIVACY PROTECTION COMMISSION.

    (a) Membership.--(1) The Commission shall be composed of 5 members 
who shall be appointed by the President, by and with the consent of the 
Senate, from among members of the public at large who are well 
qualified for service on the Commission by their knowledge and 
expertise in--
            (A) civil rights and liberties;
            (B) law;
            (C) social sciences;
            (D) computer technology;
            (E) business; or
            (F) State and local government.
    (2) No more than 3 members of the Commission shall be members of 
the same political party.
    (3) One of the members shall be designated Chairperson of the 
Commission by the President.
    (b) Meetings.--The Chairperson shall preside at all meetings of the 
Commission, but the Chairperson may designate another member as an 
acting Chairperson who may preside in the absence of the Chairperson. A 
quorum for the transaction of business shall consist of at least 3 
members present, except that 1 member may conduct hearings and take 
testimony if authorized by the Commission. Each member of the 
Commission, including the Chairperson, shall have equal responsibility 
and authority in all decisions and actions of the Commission, shall 
have full access to all information relating to performance of the 
duties or responsibilities of the Commission, and shall have 1 vote. 
Action of the Commission shall be determined by a majority vote of the 
members. The Chairperson or acting Chairperson shall see to the 
faithful execution of the policies and decisions of the Commission and 
shall report thereon to the Commission from time to time or as the 
Commission may direct.
    (c) Terms.--(1) A member of the Commission shall serve for a term 
of 7 years, except of members first appointed to the Commission--
            (A) the member designated as Chairperson by the President 
        shall be appointed for a term of 7 years;
            (B) 2 members shall be appointed for a term of 5 years;
            (C) 2 members shall be appointed for a term of 3 years; and
            (D) all such terms shall begin on--
                    (i) January 1 next following the date of the 
                enactment of this Act; or
                    (ii) such date as designated by the President.
    (2) A member may continue to serve until a successor is confirmed.
    (3) Members shall be eligible for reappointment for a single 
additional term.
    (d) Vacancies.--(1) Vacancies in the membership of the Commission 
shall be filled in the same manner in which the original appointment 
was made.
    (2) If there are 2 or more Commission members in office, vacancies 
in the membership of the Commission shall not impair the power of the 
Commission to execute functions and powers of the Commission.
    (e) Compensation and Restriction on Other Employment.--(1) The 
members of the Commission may not engage in any other employment during 
their tenure as members of the Commission.
    (2) Section 5315 of title 5, United States Code, is amended by 
adding at the end thereof the following new item:
            ``Members of Privacy Protection Commission (5).''.
    (f) Requests and Recommendations.--(1) Whenever the Commission 
submits any budget estimate or request to the President or the Office 
of Management and Budget, it shall concurrently transmit a copy of that 
request to Congress.
    (2) Whenever the Commission submits any legislative 
recommendations, or testimony, or comments on legislation to the 
President or Office of Management and Budget, it shall concurrently 
transmit a copy thereof to the Congress. No officer or agency of the 
United States shall have any authority to require the Commission to 
submit its legislative recommendations, or testimony, or comments on 
legislation, to any officer or agency of the United States for 
approval, comments, or review, prior to the submission of such 
recommendations, testimony, or comments to the Congress.
    (g) Seal.--The Commission shall have an official seal which shall 
be judicially noted.

SEC. 5. PERSONNEL OF THE COMMISSION.

    (a) Executive Director and General Counsel.--The Commission shall 
appoint an Executive Director and a General Counsel who shall perform 
such duties as the Commission may determine. Such appointment may be 
made without regard to the provisions of title 5, United States Code. 
The Executive Director and the General Counsel shall be compensated at 
a rate not in excess of the rate payable for a position under level V 
of the Executive Schedule under section 5316 of title 5, United States 
Code.
    (b) Limitation on Employees.--The Commission is authorized to 
appoint and fix the compensation of not more than 50 officers and 
employees (or the full-time equivalent thereof), and to prescribe their 
functions and duties.
    (c) Consultants.--The Commission may obtain the services of experts 
and consultants in accordance with the provisions of section 3109 of 
title 5, United States Code.
    (d) Detail of Government Employees.--Any Federal Government 
employee may be detailed to the Commission without reimbursement, and 
such detail shall be without interruption or loss of civil service 
status or privilege.

SEC. 6. FUNCTIONS OF THE COMMISSION.

    (a) In General.--The Commission shall--
            (1) provide leadership and coordination to the efforts of 
        all Federal departments and agencies to enforce all Federal 
        statutes, Executive orders, regulations and policies which 
        involve privacy or data protection;
            (2) maximize effort, promote efficiency, and eliminate 
        conflict, competition, duplication, and inconsistency among the 
        operations, functions, and jurisdictions of Federal departments 
        and agencies responsible for privacy or data protection, data 
        protection rights and standards, and fair information practices 
        and principles;
            (3) develop model standards, guidelines, regulations, 
        policies, and routine uses for and by Federal, State, and local 
        agencies in implementing the provisions of section 552a of 
        title 5, United States Code;
            (4) publish on a regular basis a guide to sections 552 and 
        552a of title 5, United States Code, and other laws relating to 
        data protection, for use by record subjects;
            (5) publish a compilation of agency system of records 
        notices, including an index and other finding aids;
            (6) no later than December 1, 1996, make recommendations to 
        Congress to amend section 552a of title 5, United States Code, 
        and for improving the coordination between such section and 
        section 552 of such title;
            (7) provide active leadership, guidance, education, and 
        appropriate assistance to private sector businesses, and 
        organizations, groups, institutions, and individuals regarding 
        privacy, data protection rights and standards, and fair 
        information practices and principles;
            (8) develop model privacy, data protection, and fair 
        information practices, principles, standards, guidelines, 
        policies, and routine uses for use by the private sector; and
            (9) upon written request, provide appropriate assistance to 
        the private sector in implementing privacy, data protection, 
        and fair information practices, principles, standards, 
        guidelines, policies, or routine uses of privacy and data 
        protection, and fair information.
    (b) Discretionary Functions.--The Commission may--
            (1) issue advisory opinions relating to section 552a of 
        title 5, United States Code, or privacy and data protection 
        practices, principles, standards, guidelines, policies, or 
        routine uses of data at the request of a Federal agency, a data 
        integrity Commission of an agency or business, a court, the 
        Congress, a business or any person;
            (2) investigate compliance with section 552a of title 5, 
        United States Code, and report on any violation of any 
        provision thereof or any regulation promulgated under such 
        section to an agency, the President, the Attorney General, and 
        the Congress;
            (3) file comments with the Office of Management and Budget 
        and with any agency on any proposal to--
                    (A) amend section 552a of title 5, United States 
                Code, or any regulation promulgated under such section;
                    (B) create or modify a system of records; or
                    (C) establish or alter routine uses of such a 
                system;
            (4) request an agency to stay--
                    (A) the establishment or revision of a system of 
                records;
                    (B) a routine use;
                    (C) an exemption; or
                    (D) any other regulation promulgated under section 
                552a of title 5, United States Code;
            (5) review Federal, State, and local laws, Executive 
        orders, regulations, directives, and judicial decisions and 
        report on the extent to which they are consistent with privacy 
        and data protection rights, and fair information practices and 
        principles;
            (6) at the request of a Federal, State, or local government 
        agency, a private business, or any person, provide assistance 
        on matters relating to privacy or data protection;
            (7) comment on the implications for privacy or data 
        protection of proposed Federal, State, or local statutes, 
        regulations, or procedures;
            (8) propose legislation on privacy or data protection;
            (9) accept and investigate complaints about violation of 
        privacy or data protection rights, and fair information 
        practices and principles;
            (10) participate in any formal or informal Federal 
        administrative proceeding or process where, in the judgment of 
        the Commission, the action being considered would have a 
        material effect on privacy or data protection, either as a 
        result of direct Government action or as the result of direct 
        Government regulation of others;
            (11) petition a Federal agency to take action on a matter 
        affecting privacy or data protection;
            (12) conduct, assist, or support research, studies, and 
        investigations on the collection, maintenance, use or 
        dissemination of personal information; the implications for 
        privacy or data protection of computer, communications, and 
        other technologies, and any other matter relating to privacy or 
        data protection;
            (13) assist in the development or implementation of 
        policies designed to provide for the protection of personal 
        information maintained by private sector recordkeepers;
            (14) assist United States companies doing business abroad 
        to respond to foreign privacy or data protection laws and 
        agencies;
            (15) assist in the coordination of the United States 
        privacy and data protection policies with the privacy and data 
        protection policies of foreign countries; and
            (16) cooperate and consult with privacy or data protection 
        commissions, boards, or agencies of foreign governments.

SEC. 7. CONFIDENTIALITY OF INFORMATION.

    (a) In General.--Each department, agency, and instrumentality of 
the executive branch of the Government, including each independent 
agency, shall furnish to the Commission upon request made by the 
Chairperson, such data, reports, and other information as the 
Commission determines necessary to carry out its functions under this 
Act.
    (b) Confidentiality.--In carrying out its functions and exercising 
its powers under this Act, the Commission may accept from any Federal 
agency or other person, any identifiable personal data if such data is 
necessary to carry out such powers and functions. In any case in which 
the Commission accepts any such information, it shall provide all 
appropriate safeguards to ensure that the confidentiality of such 
information is maintained and that under completion of the specific 
purpose for which such information is required, the information is 
destroyed or returned to the agency or person from which it was 
obtained.

SEC. 8. POWERS OF THE COMMISSION.

    (a) In General.--The Commission may, in carrying out its functions 
under this Act--
            (1) conduct inspections;
            (2) sit and act at such times and places;
            (3) hold hearings;
            (4) take testimony;
            (5) require by subpoena the attendance of such witnesses 
        and the production of books, records, papers, correspondence, 
        documents, film, and electronic information;
            (6) administer such oaths; and
            (7) make appropriate and necessary expenditures.
    (b) Subpoenas.--(1) Subpoenas shall be issued only upon an 
affirmative vote of a majority of all members of the Commission. 
Subpoenas shall be issued under the signature of the Chairperson or any 
member of the Commission designated by the Chairperson. Any member of 
the Commission may administer oaths or affirmations to witnesses 
appearing before the Commission.
    (2) In the case of a disobedience to a subpoena issued under this 
Act, the Commission may invoke the aid of any district court of the 
United States in requiring compliance with such subpoena. Any district 
court of the United States within the jurisdiction where such person is 
found or transacts business may, in the case of contumacy or refusal to 
obey a subpoena issued by the Commission, issue an order requiring such 
person to appear and testify, to produce such books, records, papers, 
correspondence, documents, films, and electronic information any 
failure to obey the order of the court shall be punished by the court 
as a contempt thereof.
    (c) Appearances.--Appearances by the Commission in judicial and 
administrative proceedings shall be in its own name.
    (d) Delegation.--The Commission may delegate any of its functions 
to such officers and employees of the Commission as the Commission may 
designate and may authorize such successive redelegations of such 
functions as it may determine desirable.
    (e) Administrative Powers.--In order to carry out provisions of 
this Act, the Commission may--
            (1) enter into contracts or other arrangements with any 
        State or local government, any agency or department of the 
        United States, or with any person, firm, association, or 
        corporation; and
            (2) establish advisory committees in accordance with the 
        Federal Advisory Committee Act (5 U.S.C. App.).

SEC. 9. REPORTS AND INFORMATION.

    In an annual report to the President and Congress, the Commission 
shall report on its activities in carrying out the provisions of this 
Act. The Commission shall undertake whatever efforts it may determine 
to be necessary or appropriate to inform and educate the public of data 
protection, privacy, and fair information rights and responsibilities.

SEC. 10. AUTHORIZATION OF APPROPRIATIONS.

    There are authorized to be appropriated such sums as may be 
necessary to carry out this Act.

                                 <all>

S 1735 RCS----2