[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[S. 2025 Introduced in Senate (IS)]
113th CONGRESS
2d Session
S. 2025
To require data brokers to establish procedures to ensure the accuracy
of collected personal information, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
February 12, 2014
Mr. Rockefeller (for himself and Mr. Markey) introduced the following
bill; which was read twice and referred to the Committee on Commerce,
Science, and Transportation
_______________________________________________________________________
A BILL
To require data brokers to establish procedures to ensure the accuracy
of collected personal information, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Data Broker Accountability and
Transparency Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(2) Data broker.--The term ``data broker'' means a
commercial entity that collects, assembles, or maintains
personal information concerning an individual who is not a
customer or an employee of that entity in order to sell the
information or provide third party access to the information.
(3) Non-public information.--The term ``non-public
information'' means information about an individual that is of
a private nature, not available to the general public, and not
obtained from a public record.
(4) Public record information.--The term ``public record
information'' means information about an individual that has
been obtained originally from records of a Federal, State, or
local government entity that are available for public
inspection.
SEC. 3. PROHIBITION ON OBTAINING OR SOLICITATION TO OBTAIN PERSONAL
INFORMATION BY FALSE PRETENSES.
(a) In General.--It shall be unlawful for a data broker to obtain
or attempt to obtain, or cause to be disclosed or attempt to cause to
be disclosed to any person, personal information or any other
information relating to any person by making a false, fictitious, or
fraudulent statement or representation to any person, including by
providing any document to any person, that the data broker knows or
should know to be forged, counterfeit, lost, stolen, or fraudulently
obtained, or contains a false, fictitious, or fraudulent statement or
representation.
(b) Solicitation.--It shall be unlawful for a data broker to
request a person to obtain personal information, or any other
information, relating to any other person if the data broker knows or
should know that the person to whom the request is made will obtain or
attempt to obtain that information in the manner described in
subsection (a).
SEC. 4. PERSONAL INFORMATION.
(a) Accuracy.--A data broker shall establish reasonable procedures
to ensure the maximum possible accuracy of the personal information it
collects, assembles, or maintains, and any other information it
collects, assembles, or maintains that specifically identifies an
individual, unless the information only identifies an individual's name
or address.
(b) Exception; Fraud Databases.--Notwithstanding subsection (a), a
data broker may collect or maintain information that may be inaccurate
with respect to a particular individual if that information is being
collected or maintained solely for the purpose of--
(1) indicating whether there may be a discrepancy or
irregularity in the personal information that is associated
with an individual;
(2) helping to identify, or to authenticate the identity
of, an individual; or
(3) helping to protect against or investigate fraud or
other unlawful conduct.
(c) Consumer Access.--A data broker shall provide an individual a
means to review any personal information or other information that
specifically identifies that individual, that the data broker collects,
assembles, or maintains on that individual, unless an exception applies
under section 5.
(d) Review Requirements.--The means for review under subsection (c)
shall be provided--
(1) at an individual's request;
(2) after verifying the identity of the individual;
(3) at least 1 time per year; and
(4) at no cost to the individual.
(e) Notice.--A data broker shall maintain an Internet Web site and
place a clear and conspicuous notice on that Internet Web site
instructing an individual--
(1) how to review the information described under
subsection (c); and
(2) how to express a preference with respect to the use of
personal information for marketing purposes under subsection
(g).
(f) Disputed Information.--An individual whose personal information
is maintained by a data broker may dispute the accuracy of any
information described under subsection (c) by requesting, in writing,
that the data broker correct the information. A data broker, after
verifying the identity of the individual making the request, and unless
there are reasonable grounds to believe the request is frivolous or
irrelevant, shall--
(1) with regard to public record information--
(A) inform the individual of the source of the
information and, if reasonably available, where to
direct the individual's request for correction; or
(B) if the individual provides proof that the
public record has been corrected or that the data
broker was reporting the information incorrectly,
correct the inaccuracy in the data broker's records;
and
(2) with regard to non-public information--
(A) note the information that is disputed,
including the individual's written request;
(B) if the information can be independently
verified, use the reasonable procedures established
under subsection (a) to independently verify the
information; and
(C) if the data broker was reporting the
information incorrectly, correct the inaccuracy in the
data broker's records.
(g) Certain Marketing Information.--A data broker that maintains
any information described under subsection (a) and that uses, shares,
or sells that information for marketing purposes shall provide each
individual whose information it maintains with a reasonable means of
expressing a preference not to have that individual's information used
for those purposes. If an individual expresses such a preference, the
data broker may not use, share, or sell that individual's information
for marketing purposes.
(h) Persons Regulated by the Fair Credit Reporting Act.--A data
broker shall be deemed in compliance with this section with respect to
information that is subject to the Fair Credit Reporting Act (15 U.S.C.
1681 et seq.) if the data broker is in compliance with sections 609,
610, and 611 of that Act (15 U.S.C. 1681g, 1681h, 1681i).
SEC. 5. REGULATIONS.
Not later than 1 year after the date of enactment of this Act, the
Commission shall promulgate regulations under section 553 of title 5,
United States Code, to implement and enforce the requirements of this
Act, including--
(1) a requirement that a data broker establish measures
that facilitate the auditing or retracing of any internal or
external access to, or transmission of, any data containing
personal information collected, assembled, or maintained by the
data broker;
(2) the establishment of a centralized Internet Web site
for the benefit of consumers that lists the data brokers
subject to section 4 and provides additional information to
consumers about their rights under this Act;
(3) if the Commission considers a data broker outside the
scope of the purposes of this Act, the exclusion of that data
broker from the applicability of this Act, such as, if the
Commission considers it appropriate for exclusion, a data
broker who processes information collected by or on behalf of
and received from or on behalf of a nonaffiliated third party
concerning an individual who is a customer or an employee of
that third party to enable that third party, directly or
through parties acting on its behalf, to provide benefits for
its employees or directly transact business with its customers;
(4) any exceptions, that the Commission considers
necessary, to the auditing and retracing requirements under
paragraph (1) to further or protect law enforcement or national
security activities; and
(5) any exceptions, that the Commission considers
necessary, to an individual's right to review the information
described under section 4(c), such as for child protection, law
enforcement, fraud prevention, or other legitimate government
purposes.
SEC. 6. ENFORCEMENT.
(a) In General.--A violation of a regulation prescribed under this
Act shall be treated as a violation of a rule defining an unfair or a
deceptive act or practice under section 18(a)(1)(B) of the Federal
Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(b) Powers of Commission.--The Commission shall enforce this Act in
the same manner, by the same means, and with the same jurisdiction,
powers, and duties as though all applicable terms and provisions of the
Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated
into and made a part of this Act. Any data broker who violates a
regulation prescribed under this Act shall be subject to the penalties
and entitled to the privileges and immunities provided in the Federal
Trade Commission Act (15 U.S.C. 41 et seq.).
(c) Enforcement by State Attorneys General.--
(1) Civil action.--Except as provided under paragraph
(3)(B), in any case in which the attorney general of a State,
or an official or agency of a State, has reason to believe that
an interest of the residents of that State has been or is
threatened or adversely affected by a data broker who violates
a regulation prescribed under this Act, the attorney general,
official, or agency of the State, as parens patriae, may bring
a civil action on behalf of the residents of the State in a
district court of the United States of appropriate
jurisdiction--
(A) to enjoin further violation of this Act by the
defendant;
(B) to compel compliance with this Act;
(C) to obtain damages, restitution, or other
compensation on behalf of such residents, or to obtain
such further and other relief as the court may deem
appropriate; or
(D) to obtain civil penalties in the amount
determined under paragraph (2).
(2) Civil penalties.--
(A) Calculation.--For purposes of imposing a civil
penalty under paragraph (1)(D), the amount determined
under this paragraph is the amount calculated by
multiplying the number of separate violations of a rule
by an amount not greater than $16,000.
(B) Adjustment for inflation.--Beginning on the
date that the Consumer Price Index is first published
by the Bureau of Labor Statistics that is after 1 year
after the date of enactment of this Act, and each year
thereafter, the amount specified in subparagraph (A)
shall be increased by the percentage increase in the
Consumer Price Index published on that date from the
Consumer Price Index published the previous year.
(3) Intervention by the commission.--
(A) Notice.--A State shall provide prior written
notice of any civil action under paragraph (1) to the
Commission and provide the Commission with a copy of
its complaint, except in any case in which such prior
notice is not feasible, in which case the State shall
serve such notice immediately upon instituting such
action.
(B) Intervention by the commission.--The Commission
shall have the right--
(i) to intervene in the civil action under
paragraph (1);
(ii) upon so intervening, to be heard on
all matters arising in that civil action; and
(iii) to file petitions for appeal of a
decision in that civil action.
(C) Limitation on state action while federal action
is pending.--If the Commission has instituted a civil
action for violation of this Act, no State attorney
general, or official or agency of a State, may bring an
action under this subsection during the pendency of
that action against any defendant named in the
complaint of the Commission for any violation of this
Act alleged in the complaint.
(4) Construction.--For purposes of bringing any civil
action under paragraph (1), nothing in this Act shall be
construed to prevent an attorney general of a State from
exercising the powers conferred on the attorney general by the
laws of that State--
(A) to conduct investigations;
(B) to administer oaths or affirmations; or
(C) to compel the attendance of witnesses or the
production of documentary and other evidence.
SEC. 7. EFFECT ON OTHER LAWS.
(a) Preservation of Commission Authority.--Nothing in this Act may
be construed in any way to limit or affect the Commission's authority
under any other provision of law.
(b) Preservation of Other Federal Law.--Nothing in this Act may be
construed in any way to supersede, restrict, or limit the application
of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) or any other
Federal law.
<all>