[Congressional Bills 108th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4414 Introduced in House (IH)]






108th CONGRESS
  2d Session
                                H. R. 4414

   To require designation of a senior official within the Office of 
   Management and Budget as the Chief Privacy Officer, and for other 
                               purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 20, 2004

Mr. Meek of Florida (for himself, Mr. Turner of Texas, Mr. Thompson of 
Mississippi, Ms. Loretta Sanchez of California, Mr. Markey, Mr. Dicks, 
 Mr. Frank of Massachusetts, Mr. Andrews, Ms. Norton, Ms. Lofgren, Ms. 
 McCarthy of Missouri, Ms. Jackson-Lee of Texas, Mrs. Christensen, Mr. 
    Langevin, Mr. Sandlin, Mr. Matsui, Mr. Skelton, Mr. Hastings of 
Florida, Mr. Green of Texas, Mrs. Capps, Mr. Nadler, Ms. Roybal-Allard, 
  Ms. Eddie Bernice Johnson of Texas, Mrs. Maloney, Mr. Wynn, and Ms. 
 Kilpatrick) introduced the following bill; which was referred to the 
                     Committee on Government Reform

_______________________________________________________________________

                                 A BILL


 
   To require designation of a senior official within the Office of 
   Management and Budget as the Chief Privacy Officer, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening Homeland Innovation to 
Emphasize Liberty, Democracy, and Privacy Act'' or the ``SHIELD Privacy 
Act''.

SEC. 2. FINDINGS.

    The Congress finds the following:
            (1) The protection of our Nation's civil liberties and 
        privacy is fundamental to the American way of life.
            (2) Strengthening our homeland security ensures that our 
        way of life and the rights protected by the Constitution remain 
        intact.
            (3) In developing homeland security initiatives, our 
        Government must take care to protect fundamental constitutional 
        rights and strive to minimize unnecessary impositions on the 
        freedoms and privileges enjoyed in the United States.
            (4) As governments develop and employ new technologies and 
        gather information from the private sector for homeland 
        security efforts, they must ensure that our society's 
        constitutional guarantees relating to privacy, due process, and 
        civil liberties are protected.

SEC. 3. CHIEF PRIVACY OFFICER.

    (a) Designation.--The President shall designate a senior official 
within the Office of Management and Budget as the Chief Privacy 
Officer, who shall have primary responsibility for privacy policy 
throughout the Federal Government.
    (b) Specific Responsibilities.--The responsibilities of the Chief 
Privacy Officer shall include the following:
            (1) Assuring that the technologies procured and use of 
        technologies by the Federal Government sustain, and do not 
        erode, privacy protections relating to the use, collection, and 
        disclosure of personally identifiable information.
            (2) Assuring that personally identifiable information 
        contained in systems of records (as that term is defined in 
        section 552a of title 5, United States Code, popularly known as 
        the ``Privacy Act of 1974'') is handled in full compliance with 
        fair information practices required under that section.
            (3) Evaluating legislative and regulatory proposals 
        involving collection, use, and disclosure of personally 
        identifiable information by the Federal Government.
            (4) Exercising responsibility currently vested in the 
        Director of the Office of Management and Budget with respect to 
        privacy impact assessment rules, regulations, and oversight 
        under section 208 of the E-Gov Act of 2002 (44 U.S.C. 3501 
        note).
            (5) Preparing an annual report to the Congress containing 
        an agency-by-agency analysis of Federal activities that affect 
        privacy, including complaints of privacy violations, 
        implementation of section 552a of title 5, United States Code, 
        internal controls, and other matters.
    (c) Agency Information.--The head of each Federal agency shall 
provide to the Chief Privacy Officer such information as the Chief 
Privacy Officer considers necessary for the completion of the annual 
reports under subsection (b)(5).
    (d) Report by Secretary of Homeland Security.--Section 222(5) of 
the Homeland Security Act of 2002 (6 U.S.C. 142(5)) is amended by 
striking ``Congress'' and inserting ``the chief Privacy Officer of the 
Office of Management and Budget''.

SEC. 4. PRIVACY POLICY OF DEPARTMENTS AND INDEPENDENT AGENCIES.

    (a) Officials Responsible for Privacy Policy.--The head of each 
department and each independent agency in the executive branch shall 
appoint a senior official of the department or independent agency, 
respectively, to assure primary responsibility for privacy policy, 
including the following:
            (1) Assuring that technologies procured and use of 
        technologies sustain, and do not erode, privacy protections 
        relating to the use, collection, and disclosure of personally 
        identifiable information.
            (2) Assuring that personally identifiable information 
        contained in systems of records (as that term is defined in 
        section 552a of title 5, United States Code, popularly known as 
        the ``Privacy Act of 1974'') is handled in full compliance with 
        fair information practices required under that section.
            (3) Evaluating legislative and regulatory proposals 
        involving collection, use, and disclosure of personally 
        identifiable information by the Federal Government.
            (4) Conducting privacy impact assessments under subsection 
        (b).
            (5) Ensuring that the department or agency protects 
        personally identifiable information and information systems 
        from unauthorized access, use, disclosure, disruption, 
        modification, or destruction in order to provide--
                    (A) integrity, by--
                            (i) guarding against improper information 
                        modification or destruction; and
                            (ii) ensuring information nonrepudiation 
                        and authenticity;
                    (B) confidentiality, by preserving authorized 
                restrictions on access and disclosure, including means 
                for protecting personal privacy and proprietary 
                information;
                    (C) availability, by ensuring timely and reliable 
                access to and use of that information; and
                    (D) authentication, by utilizing digital 
                credentials to assure the identity of users and 
                validate their access.
            (6) Submitting an annual report to the Director of the 
        Office of Management and Budget on activities of their agencies 
        that affect privacy, including complaints of privacy 
        violations, implementation of section 552a of title 5, United 
        States Code, internal controls, and other matters.
    (b) Privacy Impact Assessments.--
            (1) Requirement.--The official appointed under subsection 
        (a) for a department or independent agency shall--
                    (A) assess the impact on privacy of each proposed 
                action of the Department or agency that will require 
                collecting, using, or accessing personally identifiable 
                information from 10 or more persons; and
                    (B) make the results of such assessments publicly 
                available through the World Wide Web site of the 
                Department.
            (2) Matters considered.--Each assessment under this 
        subsection regarding a proposed action shall consider the 
        following:
                    (A) The type of any personally identifiable 
                information to be collected, used, or accessed by the 
                Department.
                    (B) Why such information will be collected, used, 
                or accessed.
                    (C) The intended use of such information.
                    (D) The persons with whom such information will be 
                shared.
                    (E) What notice or consent will be provided to 
                individuals regarding such information to be collected 
                or accessed, and how that information will be shared.
                    (F) How such information will be secured.
                    (G) Whether a system of records will be created for 
                purposes of section 552a of title 5, United States 
                Code.
                    (H) The method by which, extent to which, and rate 
                at which such collected information will be destroyed 
                or returned.

SEC. 5. COMMISSION ON PRIVACY, FREEDOM, AND HOMELAND SECURITY.

    (a) Establishment.--There is established a commission to be known 
as the ``Commission on Privacy, Freedom, and Homeland Security''.
    (b) Duties of Commission.--
            (1) In general.--The Commission shall conduct a 
        comprehensive legal and factual study relating to United States 
        efforts to further homeland security in a manner that protects 
        privacy, civil liberties, and individual freedoms.
            (2) Matters to be studied.--The matters studied by the 
        Commission under paragraph (1) shall at a minimum include the 
        following:
                    (A) A review of whether Federal agencies are 
                properly assessing the privacy implications of new 
                homeland security technologies before implementing and 
                deploying such technologies.
                    (B) The impact of existing Federal and State 
                privacy statutes and regulations, legislation pending 
                before the Congress, and privacy protection efforts 
                undertaken by the Federal Government, State 
                governments, foreign governments, and international 
                governing bodies on homeland security.
                    (C) The impact of Federal legislation enacted since 
                September 11, 2001, or pending before the Congress, on 
                civil liberties.
                    (D) The likely effectiveness of existing 
                technologies for analyzing public and private sources 
                of data and information to identify terrorists and 
                prevent terrorist acts.
    (c) Field Hearings.--
            (1) In general.--The Commission shall conduct at least 2 
        field hearings in each of the 5 geographical regions of the 
        United States.
            (2) Determination of regions.--For purposes of this 
        subsection, the Commission may determine the boundaries of the 
        5 geographical regions of the United States.
    (d) Report.--
            (1) In general.--No later than 24 months after the date on 
        which the Commission first meets, the Commission shall submit 
        to the President and the Congress a comprehensive report of the 
        Commission's findings, recommendations, and conclusions. Such 
        report shall include a summary of the report submitted to the 
        Commission by the National Research Council under subsection 
        (g)(9), and a summary of any other material relied on by the 
        Commission in the preparation of its report.
            (2) Recommendations.--The report under paragraph (1) shall 
        include recommendations regarding the following:
                    (A) Steps Federal agencies should take when 
                considering new homeland security technologies to 
                ensure that privacy implications are adequately 
                considered before such technologies are implemented.
                    (B) Whether additional legislation is necessary to 
                reform or augment current laws and regulations relating 
                to privacy and homeland security, including specific 
                reform proposals and an analysis of the financial costs 
                of any proposed changes.
                    (C) Safeguards and protection that should be in 
                place when the Federal Government uses an individual's 
                personally identifiable information obtained from a 
                commercial database or a list for counterterrorism and 
                homeland security purposes.
            (3) Additional report.--The Commission shall submit to the 
        Congress and the President, with the report under paragraph 
        (1), any additional report of dissenting opinions or minority 
        views by any member of the Commission.
            (4) Interim report.--The Commission may submit to the 
        Congress and the President interim reports approved by a 
        majority of the members of the Commission.
    (e) Structure of Commission.--
            (1) Member and appointment.--The Commission shall be 
        composed of 10 members appointed as follows:
                    (A) 1 member appointed by the President, who shall 
                be the chairperson of the Commission.
                    (B) 1 member appointed jointly by the minority 
                leader of the House of Representatives and the minority 
                leader of the Senate, who shall be the vice chairperson 
                of the Commission.
                    (C) 2 members appointed by the majority leader of 
                the House of Representatives.
                    (D) 2 members appointed by the minority leader of 
                the House of Representatives.
                    (E) 2 members appointed by the majority leader of 
                the Senate.
                    (F) 2 members appointed by the minority leader of 
                the Senate.
            (2) Qualifications of members.--The appointing authorities 
        under subsection (1) shall seek to ensure that the membership 
        of the Commission has a diversity of views and experiences on 
        the matters to be studied by the Commission, including views 
        and knowledge of law, civil rights and liberties, privacy 
        matters, homeland security, information technology, security, 
        database integration, and law enforcement.
            (3) Date of appointment.--The appointment of the members of 
        the Commission shall be made not later than 30 days after the 
        date of the enactment of this Act.
            (4) Terms.--Each member of the Commission shall be 
        appointed for the life of the Commission.
            (5) Vacancies.--Any vacancy in the Commission shall be 
        filled in the same manner in which the original appointment was 
        made.
            (6) Compensation; travel expenses.--Members of the 
        Commission shall serve without pay, but shall receive travel 
        expenses, including per diem in lieu of subsistence, in 
        accordance with sections 5702 and 5703 of title 5, United 
        States Code.
            (7) Quorum.--A majority of the members of the Commission 
        shall constitute a quorum for purposes of conducting business, 
        except that 2 members of the Commission shall constitute a 
        quorum for purposes of conducting a hearing.
            (8) Meetings.--
                    (A) In general.--The Commission shall meet at the 
                call of the Chairperson or a majority of its members.
                    (B) Initial meeting.--Not later than 45 days after 
                the date of the enactment of this Act, the Commission 
                shall hold its initial meeting.
    (f) Director; Staff; Experts and Consultants.--
            (1) Director.--
                    (A) Appointment.--Not later than 60 days after the 
                date of the enactment of this Act, the Commission shall 
                appoint a Director, without regard to the provisions of 
                title 5, United States Code, governing appointments to 
                the competitive service.
                    (B) Pay.--The Director shall be paid at the rate 
                payable for level III of the Executive Schedule 
                established under section 5314 of such title.
            (2) Staff.--
                    (A) Appointment.--The Director may appoint such 
                staff as the Director determines appropriate, without 
                regard to the provisions of title 5, United States 
                Code, governing appointments in the competitive 
                service.
                    (B) Pay.--The staff of the Commission shall be paid 
                in accordance with the provisions of chapter 51 and 
                subchapter III of chapter 53 of title 5, United States 
                Code, relating to classification and General Schedule 
                pay rates, but at rates not in excess of the maximum 
                rate for grade GS-15 of the General Schedule under 
                section 5332 of that title.
            (3) Experts and consultants.--The Director may procure 
        temporary and intermittent services under section 3109(b) of 
        title 5, United States Code.
            (4) Detailees.--
                    (A) In general.--Upon request of the Director, the 
                head of any Federal department or agency may detail, on 
                a reimbursable basis, any of the personnel of that 
                department or agency to the Commission to assist it in 
                carrying out this Act.
                    (B) Notice.--Before making a request under this 
                paragraph, the Director shall give notice of the 
                request to each member of the Commission.
    (g) Powers of Commission.--
            (1) Hearings and sessions.--The Commission may, for the 
        purpose of carrying out this Act, hold hearings, sit and act at 
        times and places, take testimony, and receive evidence to carry 
        out its duties under subsection (b). The Commission may 
        administer oaths or affirmations to witnesses appearing before 
        it.
            (2) Powers of members and agents.--Any member or agent of 
        the Commission may, if authorized by the Commission, take any 
        action which the Commission is authorized to take by this 
        section.
            (3) Obtaining official information.--
                    (A) Requirement to furnish.--Except as provided in 
                subparagraph (B), if the Commission submits a request 
                to a Federal department or agency for information 
                necessary to enable the Commission to carry out this 
                Act, the head of that department or agency shall 
                furnish that information to the Commission.
                    (B) Exception for national security.--If the head 
                of a Federal department or agency determines that it is 
                necessary to withhold requested information from 
                disclosure to protect the national security interests 
                of the United States, the department or agency head 
                shall not furnish that information to the Commission.
            (4) Mails.--The Commission may use the United States mails 
        in the same manner and under the same conditions as other 
        departments and agencies of the United States.
            (5) Administrative support services.--Upon the request of 
        the Director, the Administrator of General Services shall 
        provide to the Commission, on a reimbursable basis, the 
        administrative support services necessary for the Commission to 
        carry out this section.
            (6) Gifts and donations.--The Commission may accept, use, 
        and dispose of gifts or donations of services or property to 
        carry out this Act, but only to the extent or in the amounts 
        provided in advance in appropriation Acts.
            (7) Contracts.--The Commission may contract with and 
        compensate persons and government agencies for supplies and 
        services, without regard to section 3709 of the Revised 
        Statutes (41 U.S.C. 5).
            (8) Subpoena power.--
                    (A) In general.--If a Federal department or agency 
                or any other person fails to supply information 
                requested by the Commission, the Commission may require 
                by subpoena the production of the information. The 
                Commission shall transmit to the Attorney General a 
                written notice at least 10 days in advance of the 
                issuance of any such subpoena. A subpoena under this 
                paragraph may require the production of materials from 
                any place within the United States.
                    (B) Interrogatories.--The Commission may, with 
                respect only to information necessary to understand any 
                materials obtained through a subpoena under paragraph 
                (A), issue a subpoena requiring the person producing 
                such materials to answer, either through a sworn 
                deposition or through written answers provided under 
                oath (at the election of the person upon whom the 
                subpoena is served), interrogatories from the 
                Commission regarding such information. A complete 
                recording or transcription shall be made of any 
                deposition made under this paragraph.
                    (C) Certification.--Each person who submits 
                materials or information to the Commission pursuant to 
                a subpoena issued under subparagraph (A) or (B) shall 
                certify to the Commission the authenticity and 
                completeness of all materials or information submitted.
                    (D) Treatment of subpoenas.--Any subpoena issued by 
                the Commission under subparagraph (A) or (B) shall 
                comply with requirements for subpoenas issued by a 
                United States district court under the Federal Rules of 
                Civil Procedure.
                    (E) Failure to obey a subpoena.--If a person 
                refuses to obey a subpoena issued by the Commission 
                under subparagraph (A) or (B), the Commission may apply 
                to a United States district court for an order 
                requiring that person to comply with such subpoena. The 
                application may be made within the judicial district in 
                which that person is found, resides, or transacts 
                business. Any failure to obey the order of the court 
                may be punished by the court as civil contempt.
            (9) Arrangements with national research council.--
                    (A) In general.--In carrying out its duties under 
                subsection (b), the Commission shall arrange with the 
                National Research Council of the National Academy of 
                Sciences for assistance in conducting the studies 
                required by the Commission under subsection (b)(2), 
                including performance of the analysis required under 
                subsection (b)(2)(C).
                    (B) Report.--The arrangements entered into under 
                (A) shall require that the National Research Council 
                submit a report to the Commission detailing the results 
                of its efforts no later than 15 months after the date 
                on which the Commission first meets.
                    (C) Use of funds.--Of amounts appropriated to carry 
                out this section, up to $750,000 shall be available to 
                the Commission to carry out this paragraph.
    (h) Budget Act Compliance.--Any new contract authority authorized 
by this section shall be effective only to the extent or in the amounts 
provided in advance in appropriation Acts.
    (i) Privacy Protections.--
            (1) Destruction or return of information required.--Upon 
        the conclusion of the matter or need for which individually 
        identifiable information was disclosed to the Commission, the 
        Commission shall either destroy the individually identifiable 
        information or return it to the person or entity from which it 
        was obtained, unless the individual that is the subject of the 
        individually identifiable information has authorized its 
        disclosure.
            (2) Disclosure of information prohibited.--Any individual 
        employed by an individual, entity, or organization under 
        contract to the Commission shall be considered an employee of 
        the Commission for the purposes of section 1905 of title 18, 
        United States Code.
            (3) Proprietary business information and financial 
        information.--The Commission shall protect from improper use, 
        and may not disclose to any person, proprietary business 
        information and proprietary financial information that may be 
        viewed or obtained by the Commission in the course of carrying 
        out its duties under this section.
            (4) Individually identifiable information defined.--For the 
        purposes of this section, the term ``individually identifiable 
        information'' means any information, whether oral or recorded 
        in any form or medium, that identifies an individual, or with 
        respect to which there is a reasonable basis to believe that 
        the information can be used to identify an individual.
    (j) Termination of Commission.--The Commission shall terminate 30 
days after submitting a report under subsection (d)(1).
    (k) Authorization of Appropriations.--
            (1) In general.--There is authorized to be appropriated to 
        the Commission $4,750,000 to carry out this Act.
            (2) Availability.--Any sums appropriated pursuant to the 
        authorization in subsection (a) shall remain available until 
        expended.
                                 <all>