[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[S. 3040 Introduced in Senate (IS)]







106th CONGRESS
  2d Session
                                S. 3040

  To establish the Commission for the Comprehensive Study of Privacy 
                  Protection, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                           September 13, 2000

 Mr. Thompson (for himself, Mr. Kohl, Mr. Abraham, Mr. Torricelli, Mr. 
   Voinovich, Mrs. Lincoln, Mr. Roth, Mr. Gregg, Mr. Hutchinson, Ms. 
    Collins, Mr. DeWine, Mr. Levin, Ms. Landrieu, and Mr. Stevens) 
introduced the following bill; which was read twice and referred to the 
                   Committee on Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
  To establish the Commission for the Comprehensive Study of Privacy 
                  Protection, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Privacy Commission Act''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) Americans are increasingly concerned about their civil 
        liberties and the security and use of their personal 
        information, including medical records, educational records, 
        library records, magazine subscription records, records of 
        purchases of goods and other payments, and driver's license 
        numbers.
            (2) The shift from an industry-focused economy to an 
        information-focused economy calls for a reassessment of the 
        most effective way to balance personal privacy and information 
        use, keeping in mind the potential for unintended effects on 
        technology development, innovation, the marketplace, and 
        privacy needs.
            (3) This Act shall not be construed to prohibit the 
        enactment of legislation on privacy issues by Congress during 
        the existence of the Commission. It is the responsibility of 
        Congress to act to protect the privacy of individuals, 
        including individuals' medical and financial information. 
        Various committees of Congress are currently reviewing 
        legislation in the area of medical and financial privacy. 
        Further study by the Commission established by this Act should 
        not be considered a prerequisite for further consideration or 
        enactment of financial or medical privacy legislation by 
        Congress.

SEC. 3. ESTABLISHMENT.

    There is established a commission to be known as the ``Commission 
for the Comprehensive Study of Privacy Protection'' (in this Act 
referred to as the ``Commission'').

SEC. 4. DUTIES OF COMMISSION.

    (a) Study.--The Commission shall conduct a study of issues relating 
to protection of individual privacy and the appropriate balance to be 
achieved between protecting individual privacy and allowing appropriate 
uses of information, including the following:
            (1) The monitoring, collection, and distribution of 
        personal information by Federal, State, and local governments.
            (2) Current efforts to address the monitoring, collection, 
        and distribution of personal information by Federal and State 
        governments, individuals, or entities, including--
                    (A) existing statutes and regulations relating to 
                the protection of individual privacy, such as section 
                552a of title 5, United States Code (commonly referred 
                to as the Privacy Act of 1974) and section 552 of title 
                5, United States Code (commonly referred to as the 
                Freedom of Information Act);
                    (B) legislation pending before the Congress;
                    (C) privacy protection efforts undertaken by the 
                Federal Government, State governments, foreign 
                governments, and international governing bodies;
                    (D) privacy protection efforts undertaken by the 
                private sector; and
                    (E) self-regulatory efforts initiated by the 
                private sector to respond to privacy issues.
            (3) The monitoring, collection, and distribution of 
        personal information by individuals or entities, including 
        access to and use of medical records, financial records 
        (including credit cards, automated teller machine cards, bank 
        accounts, and Internet transactions), personal information 
        provided to on-line sites accessible through the Internet, 
        Social Security numbers, insurance records, education records, 
        and driver's license numbers.
            (4) Employer practices and policies with respect to the 
        financial and health information of employees, including--
                    (A) whether employers use or disclose employee 
                financial or health information for marketing, 
                employment, or insurance underwriting purposes;
                    (B) what restrictions employers place on disclosure 
                or use of employee financial or health information;
                    (C) employee rights to access, copy, and amend 
                their own health records and financial information;
                    (D) what type of notice employers provide to 
                employees regarding employer practices with respect to 
                employee financial and health information; and
                    (E) practices of employer medical departments with 
                respect to disclosing employee health information to 
                administrative or other personnel of the employer.
            (5) The extent to which individuals in the United States 
        can obtain redress for privacy violations.
            (6) The extent to which older individuals and disabled 
        individuals are subject to exploitation involving the 
        disclosure or use of their financial information.
    (b) Field Hearings.--The Commission shall conduct at least 3 field 
hearings in different geographical regions of the United States.
    (c) Report.--
            (1) In general.--Not later than December 31, 2001--
                    (A) a majority of the members of the Commission 
                shall approve a report; and
                    (B) the Commission shall submit the approved report 
                to the Congress and the President.
            (2) Contents.--The report shall include a detailed 
        statement of findings, conclusions, and recommendations, 
        including the following:
                    (A) Findings on potential threats posed to 
                individual privacy.
                    (B) Analysis of purposes for which sharing of 
                information is appropriate and beneficial to consumers.
                    (C) Analysis of the effectiveness of existing 
                statutes, regulations, private sector self-regulatory 
                efforts, technology advances, and market forces in 
                protecting individual privacy.
                    (D) Recommendations on whether additional 
                legislation is necessary, and if so, specific 
                suggestions on proposals to reform or augment current 
                laws and regulations relating to individual privacy.
                    (E) Analysis of purposes for which additional 
                regulations may impose undue costs or burdens, or cause 
                unintended consequences in other policy areas, such as 
                security, law enforcement, medical research, employee 
                benefits, or critical infrastructure protection.
                    (F) Cost analysis of legislative or regulatory 
                changes proposed in the report.
                    (G) Recommendations on non-legislative solutions to 
                individual privacy concerns, including education, 
                market-based measures, industry best practices, and new 
                technology.
                    (H) Review of the effectiveness and utility of 
                third-party verification, including specifically with 
                respect to existing private sector self-regulatory 
                efforts.
    (d) Additional Report.--Together with the report under subsection 
(c), the Commission shall submit to the Congress and the President any 
additional report of dissenting opinions or minority views by a member 
of the Commission.
    (e) Interim Report.--The Commission may submit to the Congress and 
the President an interim report approved by a majority of the members 
of the Commission.

SEC. 5. MEMBERSHIP.

    (a) Number and Appointment.--The Commission shall be composed of 17 
members appointed as follows:
            (1) 4 members appointed by the President.
            (2) 4 members appointed by the majority leader of the 
        Senate.
            (3) 2 members appointed by the minority leader of the 
        Senate.
            (4) 4 members appointed by the Speaker of the House of 
        Representatives.
            (5) 2 members appointed by the minority leader of the House 
        of Representatives.
            (6) 1 member, who shall serve as Chairperson of the 
        Commission, appointed jointly by the President, the majority 
        leader of the Senate, and the Speaker of the House of 
        Representatives.
    (b) Diversity of Views.--The appointing authorities under 
subsection (a) shall seek to ensure that the membership of the 
Commission has a diversity of views and experiences on the issues to be 
studied by the Commission, such as views and experiences of Federal, 
State, and local governments, the media, the academic community, 
consumer groups, public policy groups and other advocacy organizations, 
business and industry (including small business), the medical 
community, the health care industry, civil liberties experts, and the 
financial services industry.
    (c) Date of Appointment.--The appointment of the members of the 
Commission shall be made not later than 30 days after the date of the 
enactment of this Act.
    (d) Terms.--Each member of the Commission shall be appointed for 
the life of the Commission.
    (e) Vacancies.--A vacancy in the Commission shall be filled in the 
same manner in which the original appointment was made.
    (f) Compensation; Travel Expenses.--Members of the Commission shall 
serve without pay, but shall receive travel expenses, including per 
diem in lieu of subsistence, in accordance with sections 5702 and 5703 
of title 5, United States Code.
    (g) Quorum.--A majority of the members of the Commission shall 
constitute a quorum, but a lesser number may hold hearings.
    (h) Meetings.--
            (1) In general.--The Commission shall meet at the call of 
        the Chairperson or a majority of its members.
            (2) Initial meeting.--Not later than 45 days after the date 
        of the enactment of this Act, the Commission shall hold its 
        initial meeting.

SEC. 6. DIRECTOR; STAFF; EXPERTS AND CONSULTANTS.

    (a) Director.--
            (1) In general.--Not later than 40 days after the date of 
        enactment of this Act, the Chairperson of the Commission shall 
        appoint a Director without regard to the provisions of title 5, 
        United States Code, governing appointments to the competitive 
        service.
            (2) Pay.--The Director shall be paid at the rate payable 
        for level III of the Executive Schedule established under 
        section 5314 of such title.
    (b) Staff.--The Director may appoint staff as the Director 
determines appropriate.
    (c) Applicability of Certain Civil Service Laws.--
            (1) In general.--The staff of the Commission shall be 
        appointed without regard to the provisions of title 5, United 
        States Code, governing appointments in the competitive service.
            (2) Pay.--The staff of the Commission shall be paid in 
        accordance with the provisions of chapter 51 and subchapter III 
        of chapter 53 of that title relating to classification and 
        General Schedule pay rates, but at rates not in excess of the 
        maximum rate for grade GS-15 of the General Schedule under 
        section 5332 of that title.
    (d) Experts and Consultants.--The Director may procure temporary 
and intermittent services under section 3109(b) of title 5, United 
States Code.
    (e) Staff of Federal Agencies.--
            (1) In general.--Upon request of the Director, the head of 
        any Federal department or agency may detail, on a reimbursable 
        basis, any of the personnel of that department or agency to the 
        Commission to assist it in carrying out this Act.
            (2) Notification.--Before making a request under this 
        subsection, the Director shall give notice of the request to 
        each member of the Commission.

SEC. 7. POWERS OF COMMISSION.

    (a) Hearings and Sessions.--The Commission may, for the purpose of 
carrying out this Act, hold hearings, sit and act at times and places, 
take testimony, and receive evidence as the Commission considers 
appropriate. The Commission may administer oaths or affirmations to 
witnesses appearing before it.
    (b) Powers of Members and Agents.--Any member or agent of the 
Commission may, if authorized by the Commission, take any action which 
the Commission is authorized to take by this section.
    (c) Obtaining Official Information.--
            (1) In general.--Except as provided in paragraph (2), if 
        the Chairperson of the Commission submits a request to a 
        Federal department or agency for information necessary to 
        enable the Commission to carry out this Act, the head of that 
        department or agency shall furnish that information to the 
        Commission.
            (2) Exception for national security.--If the head of that 
        department or agency determines that it is necessary to guard 
        that information from disclosure to protect the national 
        security interests of the United States, the head shall not 
        furnish that information to the Commission.
    (d) Website.--The Commission shall establish a website to 
facilitate public participation and the submission of public comments.
    (e) Mails.--The Commission may use the United States mails in the 
same manner and under the same conditions as other departments and 
agencies of the United States.
    (f) Administrative Support Services.--Upon the request of the 
Director, the Administrator of General Services shall provide to the 
Commission, on a reimbursable basis, the administrative support 
services necessary for the Commission to carry out this Act.
    (g) Gifts and Donations.--The Commission may accept, use, and 
dispose of gifts or donations of services or property to carry out this 
Act, but only to the extent or in the amounts provided in advance in 
appropriation Acts.
    (h) Contracts.--The Commission may contract with and compensate 
persons and government agencies for supplies and services, without 
regard to section 3709 of the Revised Statutes (41 U.S.C. 5).
    (i) Subpoena Power.--
            (1) In general.--The Commission may issue subpoenas 
        requiring the attendance and testimony of witnesses and the 
        production of any evidence relating to any matter that the 
        Commission is empowered to investigate by section 4. The 
        attendance of witnesses and the production of evidence may be 
        required by such subpoena from any place within the United 
        States and at any specified place of hearing within the United 
        States.
            (2) Failure to obey a subpoena.--If a person refuses to 
        obey a subpoena issued under paragraph (1), the Commission may 
        apply to a United States district court for an order requiring 
        that person to appear before the Commission to give testimony, 
        produce evidence, or both, relating to the matter under 
        investigation. The application may be made within the judicial 
        district where the hearing is conducted or where that person is 
        found, resides, or transacts business. Any failure to obey the 
        order of the court may be punished by the court as civil 
        contempt.
            (3) Service of subpoenas.--The subpoenas of the Commission 
        shall be served in the manner provided for subpoenas issued by 
        a United States district court under the Federal Rules of Civil 
        Procedure for the United States district courts.
            (4) Service of process.--All process of any court to which 
        application is made under paragraph (2) may be served in the 
        judicial district in which the person required to be served 
        resides or may be found.

SEC. 8. PRIVACY PROTECTIONS.

    (a) Destruction or Return of Information Required.--Upon the 
conclusion of the matter or need for which individually identifiable 
information was disclosed to the Commission, the Commission shall 
either destroy the individually identifiable information or return it 
to the person or entity from which it was obtained, unless the 
individual that is the subject of the individually identifiable 
information has authorized its disclosure.
    (b) Disclosure of Information Prohibited.--The Commission--
            (1) shall protect individually identifiable information 
        from improper use; and
            (2) may not disclose such information to any person, 
        including the Congress or the President, unless the individual 
        that is the subject of the information has authorized such a 
        disclosure.
    (c) Proprietary Business Information and Financial Information.--
The Commission shall protect from improper use, and may not disclose to 
any person, proprietary business information and proprietary financial 
information that may be viewed or obtained by the Commission in the 
course of carrying out its duties under this Act.
    (d) Individually Identifiable Information Defined.--For the 
purposes of this Act, the term ``individually identifiable 
information'' means any information, whether oral or recorded in any 
form or medium, that identifies an individual, or with respect to which 
there is a reasonable basis to believe that the information can be used 
to identify an individual.

SEC. 9. BUDGET ACT COMPLIANCE.

    Any new contract authority authorized by this Act shall be 
effective only to the extent or in the amounts provided in advance in 
appropriation Acts.

SEC. 10. TERMINATION.

    The Commission shall terminate 30 days after submitting a report 
under section 4(c).

SEC. 11. AUTHORIZATION OF APPROPRIATIONS.

    (a) In General.--There are authorized to be appropriated to the 
Commission $5,000,000 to carry out this Act.
    (b) Availability.--Any sums appropriated pursuant to the 
authorization in subsection (a) shall remain available until expended.
                                 <all>