[Congressional Bills 110th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4241 Introduced in House (IH)]







110th CONGRESS
  1st Session
                                H. R. 4241

   To prohibit the transfer of personal information to any person or 
          business outside the United States, without notice.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           November 15, 2007

   Mr. Poe introduced the following bill; which was referred to the 
                    Committee on Financial Services

_______________________________________________________________________

                                 A BILL


 
   To prohibit the transfer of personal information to any person or 
          business outside the United States, without notice.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Notify Americans Before Outsourcing 
Personal Information Act''.

SEC. 2. PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION FROM 
              UNAUTHORIZED TRANSFER.

    (a) In General.--A business shall not transfer personally 
identifiable information regarding a citizen of the United States to 
any foreign affiliate or subcontractor located in another country 
without providing that citizen written notice that such information may 
be transferred to such foreign affiliate or subcontractor.
    (b) Plain Language Requirement.--Written notice must be sent by 
regular mail, not e-mail, and separate from any other financial 
disclosure or information. It must be written in easily understandable, 
plain language.
    (c) Notice Period.--Written notice must be provided to a citizen of 
the United States at least ninety (90) days before such information may 
be transferred to any foreign affiliate or subcontractor.

SEC. 3. PRIVATE CAUSE OF ACTION.

    To enforce compliance with this Act, to obtain damages, including 
compensatory and punitive; to obtain injunctive relief; and to obtain 
any other compensation, a private cause of action in State court is 
authorized.

SEC. 4. EFFECTIVE DATE.

    This Act shall take effect on the 90th day beginning after the date 
of the enactment of this Act.

SEC. 5. DEFINITIONS.

    As used in this Act, the following definitions apply:
            (1) Business.--The term ``business'' means any financial 
        institution that collects or retains personally identifiable 
        information.
            (2) Personally identifiable information.--The term 
        ``personally identifiable information'' includes information 
        such as, but not limited to:
                    (A) name;
                    (B) postal address;
                    (C) financial information;
                    (D) date of birth;
                    (E) phone number (landline and/or cell phone);
                    (F) e-mail address;
                    (G) social security number;
                    (H) mother's maiden name;
                    (I) password for access to electronic Internet 
                records;
                    (J) driver's license number; and
                    (K) personal tax information.
                                 <all>