[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 668 Introduced in Senate (IS)]
114th CONGRESS
1st Session
S. 668
To require data brokers to establish procedures to ensure the accuracy
of collected personal information, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
March 4, 2015
Mr. Markey (for himself, Mr. Blumenthal, Mr. Whitehouse, and Mr.
Franken) introduced the following bill; which was read twice and
referred to the Committee on Commerce, Science, and Transportation
_______________________________________________________________________
A BILL
To require data brokers to establish procedures to ensure the accuracy
of collected personal information, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Data Broker Accountability and
Transparency Act of 2015''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(2) Covered data broker.--
(A) In general.--The term ``covered data broker''
includes all data brokers except those data brokers
excepted under subparagraph (B).
(B) Exceptions.--The Commission may except a data
broker if the Commission considers, by rule, a data
broker outside the scope of this Act, such as a data
broker who processes information collected by or on
behalf of and received from or on behalf of a
nonaffiliated third party concerning an individual who
is a customer or an employee of that third party to
enable that third party, directly or through parties
acting on its behalf, to provide benefits for its
employees or directly transact business with its
customers.
(3) Data broker.--The term ``data broker'' means a
commercial entity that collects, assembles, or maintains
personal information concerning an individual who is not a
customer or an employee of that entity in order to sell the
information or provide third party access to the information.
(4) Non-public information.--The term ``non-public
information'' means information about an individual that is--
(A) of a private nature;
(B) not available to the general public; and
(C) not obtained from a public record.
(5) Public record information.--The term ``public record
information'' means information about an individual that has
been obtained originally from records of a Federal, State, or
local government entity that are available for public
inspection.
SEC. 3. PROHIBITION ON OBTAINING OR SOLICITATION TO OBTAIN PERSONAL
INFORMATION BY FALSE PRETENSES.
(a) In General.--A covered data broker may not obtain or attempt to
obtain, or cause to be disclosed or attempt to cause to be disclosed to
any person, personal information or any other information relating to
any person by making a false, fictitious, or fraudulent statement or
representation to any person, including by providing any document to
any person, that the covered data broker knows or should know--
(1) to be forged, counterfeit, lost, stolen, or
fraudulently obtained; or
(2) contains a false, fictitious, or fraudulent statement
or representation.
(b) Solicitation.--A covered data broker may not request a person
to obtain personal information, or any other information, relating to
any other person if the covered data broker knows or should know that
the person to whom the request is made will obtain or attempt to obtain
that information in the manner described in subsection (a).
SEC. 4. REQUIREMENTS CONCERNING ACCURACY OF AND ACCESS TO PERSONAL
INFORMATION.
(a) Accuracy.--
(1) In general.--Except as provided in paragraph (2), a
covered data broker shall establish procedures to ensure, to
the maximum extent practicable, the accuracy of--
(A) the personal information it collects,
assembles, or maintains; and
(B) any other information it collects, assembles,
or maintains that specifically identifies an
individual, unless the information only identifies an
individual's name or address.
(2) Exception.--A covered data broker may collect or
maintain information that may be inaccurate with respect to a
particular individual if that information is being collected or
maintained solely for the purpose of--
(A) indicating whether there may be a discrepancy
or irregularity in the personal information that is
associated with an individual;
(B) helping to identify, or to authenticate the
identity of, an individual; or
(C) helping to protect against or investigate fraud
or other unlawful conduct.
(b) Consumer Access.--
(1) In general.--Subject to paragraph (4), a covered data
broker shall provide an individual a means to review any
personal information or other information that specifically
identifies that individual, that the covered data broker
collects, assembles, or maintains on that individual.
(2) Review requirements.--The means for review under
paragraph (1) shall be provided--
(A) at an individual's request;
(B) after verifying the identity of the individual;
(C) at least 1 time per year;
(D) at no cost to the individual; and
(E) in a format that can be readily understood by a
consumer, as determined by the Commission.
(3) Period of review.--A covered data broker shall provide
an individual the means required under paragraph (1) within
such period after receiving a request from such individual as
the Commission shall determine, by rule, is appropriate.
(4) Exceptions.--The Commission may, by rule, establish
such exceptions to paragraph (1) as the Commission considers
appropriate, such as for child protection, law enforcement,
fraud prevention, or other government purposes.
(5) Limitation on use of verifying information.--If a
covered data broker collects information from an individual to
verify the identity of the individual under paragraph (2)(B)
that the data broker did not have before such collection, the
data broker may not use such information for any purpose other
than for purposes of verifying the identity of the individual
under such paragraph.
(c) Disputed Information.--
(1) In general.--An individual whose personal information
is maintained by a covered data broker may dispute the accuracy
of any information described under subsection (b)(1) by
requesting, in writing, that the covered data broker correct
the information.
(2) Correction requirements.--A covered data broker, after
verifying the identity of an individual making a request under
paragraph (1) to correct information, and unless there are
reasonable grounds to believe the request is frivolous or
irrelevant, shall--
(A) with regard to public record information--
(i) inform the individual of the source of
the information and, if reasonably available,
where to direct the individual's request for
correction; or
(ii) if the individual provides proof that
the public record has been corrected or that
the covered data broker was reporting the
information incorrectly, correct the inaccuracy
in the covered data broker's records; and
(B) with regard to non-public information--
(i) note the information that is disputed,
including the individual's written request;
(ii) if the information can be
independently verified, use the procedures
established under subsection (a) to
independently verify the information; and
(iii) if the covered data broker was
reporting the information incorrectly, correct
the inaccuracy in the covered data broker's
records.
(3) Period of correction.--In a case in which a covered
data broker is subject to a requirement under paragraph (2) due
to a request made by an individual under paragraph (1), such
covered data broker shall take such action as may be required
to satisfy such requirement within such period as the
Commission shall determine, by rule, is appropriate.
(d) Notice.--
(1) In general.--A covered data broker shall maintain an
Internet website and place a clear and conspicuous notice on
that Internet website instructing an individual how--
(A) to review information under subsection (b)(1);
and
(B) to express a preference under subsection
(e)(2).
(2) Form.--A covered data broker shall ensure that the
notice the covered data broker places under paragraph (1)
conforms to such model form as the Commission shall promulgate
for purposes of this subsection.
(e) Certain Marketing Information.--
(1) In general.--A covered data broker may not use, share,
or sell any information for marketing purposes that is subject
to an expressed preference under paragraph (2).
(2) Expression of preferences.--A covered data broker that
maintains any information described under subsection (a) and
that uses, shares, or sells that information for marketing
purposes shall provide each individual whose information the
covered data broker maintains with a reasonable means of
expressing a preference not to have that individual's
information used for those purposes.
(f) Auditing.--
(1) In general.--Subject to paragraph (2), each covered
data broker shall establish measures that facilitate the
auditing or retracing of any internal or external access to, or
transmission of, any data containing personal information
collected, assembled, or maintained by the covered data broker.
(2) Exceptions.--The Commission may establish, by rule,
such exceptions to paragraph (1) as the Commission considers
appropriate to further or protect law enforcement or national
security activities.
(g) Persons Regulated by the Fair Credit Reporting Act.--A covered
data broker shall be considered to be in compliance with this section
with respect to information that is subject to the Fair Credit
Reporting Act (15 U.S.C. 1681 et seq.) if the covered data broker is in
compliance with sections 609, 610, and 611 of that Act (15 U.S.C.
1681g, 1681h, 1681i).
SEC. 5. REGULATIONS.
(a) In General.--Not later than 1 year after the date of the
enactment of this Act, the Commission shall promulgate regulations
under section 553 of title 5, United States Code, to carry out this
Act.
(b) Elements.--The regulations promulgated under subsection (a)
shall include the following:
(1) Such exceptions the Commission considers appropriate to
promulgate under section 2(2)(B).
(2) The period of review required under section 4(b)(3).
(3) Such exceptions as the Commission considers appropriate
to promulgate under section 4(b)(4).
(4) The period of correction required under section
4(c)(3).
(5) The model form required by section 4(d)(2).
(6) Requirements for auditing under paragraph (1) of
section 4(f) and such exceptions under paragraph (2) of such
section as the Commission considers appropriate.
(7) Establishment of a centralized Internet website for the
benefit of consumers that--
(A) lists the covered data brokers that are subject
to a requirement of section 4; and
(B) provides information to consumers about their
rights under this Act.
(8) Such other regulations as the Commission considers
appropriate to carry out this Act.
SEC. 6. ENFORCEMENT.
(a) Enforcement by Federal Trade Commission.--
(1) Unfair or deceptive acts or practices.--A violation of
section 3 or 4 or a regulation promulgated under this Act shall
be treated as a violation of a rule defining an unfair or a
deceptive act or practice under section 18(a)(1)(B) of the
Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(2) Powers of commission.--
(A) In general.--The Commission shall enforce this
Act in the same manner, by the same means, and with the
same jurisdiction, powers, and duties as though all
applicable terms and provisions of the Federal Trade
Commission Act (15 U.S.C. 41 et seq.) were incorporated
into and made a part of this Act.
(B) Privileges and immunities.--Any person who
violates a regulation prescribed under this Act shall
be subject to the penalties and entitled to the
privileges and immunities provided in the Federal Trade
Commission Act (15 U.S.C. 41 et seq.).
(b) Enforcement by States.--
(1) Civil action.--Except as provided under paragraph (5),
in any case in which the attorney general of a State has reason
to believe that an interest of the residents of that State has
been or is threatened or adversely affected by any person
subject to a provision of section 3 or 4 or a regulation
promulgated under this Act in a practice that violates such
provision or regulation, the attorney general of the State may,
as parens patriae, bring a civil action on behalf of the
residents of the State in an appropriate district court of the
United States--
(A) to enjoin further violation of such provision
or regulation by such person;
(B) to compel compliance with such provision or
regulation;
(C) to obtain damages, restitution, or other
compensation on behalf of such residents;
(D) to obtain such other relief as the court
considers appropriate; or
(E) to obtain civil penalties in the amount
determined under paragraph (2).
(2) Civil penalties.--
(A) Calculation.--For purposes of imposing a civil
penalty under paragraph (1)(E), the amount determined
under this paragraph is the amount calculated by
multiplying the number of separate violations of a rule
by an amount not greater than $16,000.
(B) Adjustment for inflation.--Beginning on the
date that the Consumer Price Index is first published
by the Bureau of Labor Statistics that is after 1 year
after the date of enactment of this Act, and each year
thereafter, the amount specified in subparagraph (A)
shall be increased by the percentage increase in the
Consumer Price Index published on that date from the
Consumer Price Index published the previous year.
(3) Rights of federal trade commission.--
(A) Notice to federal trade commission.--
(i) In general.--Except as provided in
clause (iii), the attorney general of a State
shall notify the Commission in writing that the
attorney general intends to bring a civil
action under paragraph (1) before initiating
the civil action.
(ii) Contents.--The notification required
by clause (i) with respect to a civil action
shall include a copy of the complaint to be
filed to initiate the civil action.
(iii) Exception.--If it is not feasible for
the attorney general of a State to provide the
notification required by clause (i) before
initiating a civil action under paragraph (1),
the attorney general shall notify the
Commission immediately upon instituting the
civil action.
(B) Intervention by federal trade commission.--The
Commission may--
(i) intervene in any civil action brought
by the attorney general of a State under
paragraph (1); and
(ii) upon intervening--
(I) be heard on all matters arising
in the civil action; and
(II) file petitions for appeal of a
decision in the civil action.
(4) Investigatory powers.--Nothing in this subsection may
be construed to prevent the attorney general of a State from
exercising the powers conferred on the attorney general by the
laws of the State to conduct investigations, to administer
oaths or affirmations, or to compel the attendance of witnesses
or the production of documentary or other evidence.
(5) Preemptive action by federal trade commission.--If the
Commission institutes a civil action or an administrative
action with respect to a violation of a provision of section 3
or 4 or a regulation promulgated under this Act, the attorney
general of a State may not, during the pendency of such action,
bring a civil action under paragraph (1) against any defendant
named in the complaint of the Commission for the violation with
respect to which the Commission instituted such action.
(6) Actions by other state officials.--
(A) In general.--In addition to civil actions
brought by attorneys general under paragraph (1), any
other officer of a State who is authorized by the State
to do so may bring a civil action under paragraph (1),
subject to the same requirements and limitations that
apply under this subsection to civil actions brought by
attorneys general.
(B) Savings provision.--Nothing in this subsection
may be construed to prohibit an authorized official of
a State from initiating or continuing any proceeding in
a court of the State for a violation of any civil or
criminal law of the State.
SEC. 7. EFFECT ON OTHER LAWS.
(a) Preservation of Commission Authority.--Nothing in this Act may
be construed in any way to limit or affect the Commission's authority
under any other provision of law.
(b) Preservation of Other Federal Law.--Nothing in this Act may be
construed in any way to supersede, restrict, or limit the application
of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.) or any other
Federal law.
<all>