Home > 106th Congressional Bills > S. 1634 (is) To amend the Internal Revenue Code of 1986 to allow a credit for residential solar energy property. [Introduced in Senate] ...

S. 1634 (is) To amend the Internal Revenue Code of 1986 to allow a credit for residential solar energy property. [Introduced in Senate] ...

Web GovRecords.org

  1st Session
                                S. 1633

 To require financial institutions and financial service providers to 
 notify customers of the unauthorized use of personal information, to 
   amend the Fair Credit Reporting Act to require fraud alerts to be 
    included in consumer credit files in such cases, and to provide 
    customers with enhanced access to credit reports in such cases.



                           September 17, 2003

Mr. Corzine introduced the following bill; which was read twice and 
        referred to the Committee on Banking, Housing, and Urban 


                                 A BILL

 To require financial institutions and financial service providers to 
 notify customers of the unauthorized use of personal information, to 
   amend the Fair Credit Reporting Act to require fraud alerts to be 
    included in consumer credit files in such cases, and to provide 
    customers with enhanced access to credit reports in such cases.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,


    This Act may be cited as the ``Identity Theft Notification and 
Credit Restoration Act of 2003''.


    Congress finds that--
            (1) the privacy and financial security of individuals is 
        increasingly at risk due to the ever more widespread collection 
        of personal information by both the private and public sector;
            (2) credit card transactions, real estate records, consumer 
        surveys, credit reports, and Internet websites are all sources 
        of personal information and form the source material for 
        identity thieves;
            (3) identity theft is one of the fastest growing crimes 
        committed in the United States, and identity theft has become 
        one of the major law enforcement challenges of the new economy, 
        as vast quantities of sensitive personal information are now 
        vulnerable to criminal interception and misuse;
            (4) criminals who steal personal information use the 
        information to open fraudulent credit card accounts, write bad 
        checks, buy products, and commit other financial crimes with 
        assumed financial identities;
            (5) in 2002, more than 160,000 people notified the Federal 
        Trade Commission that they had been victims of identity theft, 
        more than 3 times the number reported in 2000;
            (6) identity theft is costly to consumers and to the United 
        States marketplace;
            (7) victims of identity theft are often required to contact 
        numerous Federal, State, and local law enforcement agencies, 
        consumer credit reporting agencies, and creditors over many 
        years, as each event of fraud arises;
            (8) the Government, financial institutions, financial 
        service providers, and credit reporting agencies that handle 
        sensitive personal information of consumers have a shared 
        responsibility to protect the information from identity 
        thieves, to assist identity theft victims, and to mitigate the 
        harm that results from fraud perpetrated in the name of the 
        victim; and
            (9) the private sector can better protect consumers by 
        improving customer notification, implementing effective fraud 
        alerts, affording greater consumer access to credit reports, 
        and establishing other financial identity theft prevention 


    Subtitle B of title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6821 
et seq.) is amended--
            (1) by redesignating sections 526 and 527 as sections 528 
        and 529, respectively; and
            (2) by inserting after section 525 the following:


    ``(a) Definitions.--In this section--
            ``(1) the term `breach'--
                    ``(A) means unauthorized acquisition of 
                computerized data or paper records which compromises 
                the security, confidentiality, or integrity of personal 
                information maintained by or on behalf of a financial 
                institution; and
                    ``(B) does not include a good faith acquisition of 
                personal information by an employee or agent of a 
                financial institution for a business purpose of the 
                institution, if the personal information is not subject 
                to further unauthorized disclosure; and
            ``(2) with respect to a customer of a financial 
        institution, the term `personal information' means the first 
        name or first initial and last name of the customer, in 
        combination with any one or more of the following data 
        elements, when either the name or the data element is not 
                    ``(A) A social security number.
                    ``(B) A driver's license number or other officially 
                recognized form of identification.
                    ``(C) A credit card number, debit card number, or 
                any required security code, access code, or password 
                that would permit access to financial account 
                information relating to that customer.
    ``(b) Notification Relating to Breach of Personal Information.--
            ``(1) Financial institution requirement.--In any case in 
        which there has been a breach of personal information at a 
        financial institution, or such a breach is reasonably believed 
        to have occurred, the financial institution shall promptly 
                    ``(A) each customer affected by the violation or 
                suspected violation;
                    ``(B) each consumer reporting agency described in 
                section 603(p) of the Fair Credit Reporting Act (15 
                U.S.C. 1681a); and
                    ``(C) appropriate law enforcement agencies, in any 
                case in which the financial institution has reason to 
                believe that the breach or suspected breach affects a 
                large number of customers, including as described in 
                subsection (e)(1)(C), subject to regulations of the 
                Federal Trade Commission.
            ``(2) Other entities.--For purposes of paragraph (1), any 
        person that maintains personal information for or on behalf of 
        a financial institution shall promptly notify the financial 
institution of any case in which such customer information has been, or 
is reasonably believed to have been, breached.
    ``(c) Timing.--Notification required by this section shall be 
            ``(1) promptly and without unreasonable delay, upon 
        discovery of the breach or suspected breach; and
            ``(2) consistent with--
                    ``(A) the legitimate needs of law enforcement, as 
                provided in subsection (d); and
                    ``(B) any measures necessary to determine the scope 
                of the breach or restore the reasonable integrity of 
                the information security system of the financial 
    ``(d) Delays for Law Enforcement Purposes.--Notification required 
by this section may be delayed if a law enforcement agency determines 
that the notification would impede a criminal investigation, and in any 
such case, notification shall be made promptly after the law 
enforcement agency determines that it would not compromise the 
    ``(e) Form of Notice.--Notification required by this section may be 
            ``(1) to a customer--
                    ``(A) in writing;
                    ``(B) in electronic form, if the notice provided is 
                consistent with the provisions regarding electronic 
                records and signatures set forth in section 101 of the 
                Electronic Signatures in Global and National Commerce 
                Act (15 U.S.C. 7001);
                    ``(C) if the Federal Trade Commission determines 
                that the number of all customers affected by, or the 
                cost of providing notifications relating to, a single 
                breach or suspected breach would make other forms of 
                notification prohibitive, or in any case in which the 
                financial institution certifies in writing to the 
                Federal Trade Commission that it does not have 
                sufficient customer contact information to comply with 
                other forms of notification, in the form of--
                            ``(i) an e-mail notice, if the financial 
                        institution has access to an e-mail address for 
                        the affected customer that it has reason to 
                        believe is accurate;
                            ``(ii) a conspicuous posting on the 
                        Internet website of the financial institution, 
                        if the financial institution maintains such a 
                        website; or
                            ``(iii) notification through the media that 
                        a breach of personal information has occurred 
                        or is suspected that compromises the security, 
                        confidentiality, or integrity of customer 
                        information of the financial institution; or
                    ``(D) in such other form as the Federal Trade 
                Commission may by rule prescribe; and
            ``(2) to consumer reporting agencies and law enforcement 
        agencies (where appropriate), in such form as the Federal Trade 
        Commission may prescribe, by rule.
    ``(f) Content of Notification.--Each notification to a customer 
under subsection (b) shall include--
            ``(1) a statement that--
                    ``(A) credit reporting agencies have been notified 
                of the relevant breach or suspected breach; and
                    ``(B) the credit report and file of the customer 
                will contain a fraud alert to make creditors aware of 
                the breach or suspected breach, and to inform creditors 
                that the express authorization of the customer is 
                required for any new issuance or extension of credit 
                (in accordance with section 605(g) of the Fair Credit 
                Reporting Act); and
            ``(2) such other information as the Federal Trade 
        Commission determines is appropriate.
    ``(g) Compliance.--Notwithstanding subsection (e), a financial 
institution shall be deemed to be in compliance with this section if--
            ``(1) the financial institution has established a 
        comprehensive information security program that is consistent 
        with the standards prescribed by the appropriate regulatory 
        body under section 501(b);
            ``(2) the financial institution notifies affected customers 
        and consumer reporting agencies in accordance with its own 
        internal information security policies in the event of a breach 
        or suspected breach of personal information; and
            ``(3) such internal security policies incorporate 
        notification procedures that are consistent with the 
        requirements of this section and the rules of the Federal Trade 
        Commission under this section.
    ``(h) Civil Penalties.--
            ``(1) Damages.--Any customer injured by a violation of this 
        section may institute a civil action to recover damages arising 
        from that violation.
            ``(2) Injunctions.--Actions of a financial institution in 
        violation or potential violation of this section may be 
            ``(3) Cumulative effect.--The rights and remedies available 
        under this section are in addition to any other rights and 
        remedies available under applicable law.
    ``(i) Rules of Construction.--
            ``(1) In general.--Compliance with this section by a 
        financial institution shall not be construed to be a violation 
        of any provision of subtitle (A), or any other provision of 
        Federal or State law prohibiting the disclosure of financial 
        information to third parties.
            ``(2) Limitation.--Except as specifically provided in this 
        section, nothing in this section requires or authorizes a 
        financial institution to disclose information that it is 
        otherwise prohibited from disclosing under subtitle A or any 
        other provision of Federal or State law.
            ``(3) No new recordkeeping obligation.--Nothing in this 
        section creates an obligation on the part of a financial 
        institution to obtain, retain, or maintain information or 
        records that are not otherwise required to be obtained, 
        retained, or maintained in the ordinary course of its business 
or under other applicable law.''.


    Section 605 of the Fair Credit Reporting Act (15 U.S.C. 1681c) is 
amended by adding at the end the following:
    ``(g) Fraud Alerts.--
            ``(1) Defined term.--In this subsection, the term `fraud 
        alert' means a clear and conspicuous statement in the file of a 
        consumer that notifies all prospective users of the consumer 
        credit report (or any portion thereof) relating to the 
        consumer, that--
                    ``(A) the identity of the consumer may have been 
                used, without the consent of the consumer, to 
                fraudulently obtain goods or services in the name of 
                the consumer; and
                    ``(B) the consumer does not authorize the issuance 
                or extension of credit in the name of the consumer, 
                unless the issuer of such credit, upon receiving 
                appropriate evidence of the true identity of the 
                            ``(i) obtains express preauthorization from 
                        the consumer at a telephone number designated 
                        by the consumer; or
                            ``(ii) utilizes another reasonable means of 
                        communication to obtain the express 
                        preauthorization of the consumer.
            ``(2) Inclusion of fraud alert in consumer file.--
                    ``(A) Upon notification by financial institution.--
                A consumer reporting agency shall include a fraud alert 
                meeting the requirements of this subsection in the file 
                of a consumer promptly upon receipt of a notice from a 
                financial institution under section 526(b)(1)(B) of the 
                Gramm-Leach-Bliley Act relating to the consumer.
                    ``(B) Upon request of consumer.--A consumer 
                reporting agency shall include a fraud alert meeting 
                the requirements of this subsection in the file of a 
                consumer promptly upon receipt of--
                            ``(i) a request by the consumer; and
                            ``(ii) appropriate evidence of--
                                    ``(I) the true identity of the 
                                person making the request; and
                                    ``(II) the claim of identity theft 
                                forming the basis for the request.
            ``(3) Consumer reporting agency responsibilities.--A 
        consumer reporting agency shall ensure that each person 
        procuring consumer credit information with respect to a 
        consumer is made aware of the existence of a fraud alert in the 
        file of that consumer, regardless of whether a full credit 
        report, credit score, or summary report is requested.

Pages: 1 2 Next >>

Other Popular 106th Congressional Bills Documents:

1 H.R. 1259 (eh) To amend the Congressional Budget Act of 1974 to protect Social Security surpluses through strengthened budgetary enforcement mechanisms. [Engrossed in House] ...
2 H.R. 5440 (ih) To require large employers to notify their employees of the amount paid by the employer for employee health coverage. [Introduced in House] ...
3 H.R. 536 (ih) To amend the Small Business Act to require the establishment of a regional or branch office of the Small Business Administration in each State. [Introduced in House] ...
4 H.R. 5663 (ih) To provide for community renewal and new markets initiatives. [Introduced in House] ...
5 H.R. 371 (eh) To facilitate the naturalization of aliens who served with special guerrilla units or irregular forces in Laos. [Engrossed in House] ...
6 S. 3152 (is) To amend the Internal Revenue Code of 1986 to provide tax incentives for distressed areas, and for other purposes. [Introduced in Senate] ...
7 H.R. 2669 (ih) To reauthorize the Coastal Zone Management Act of 1972, and for other purposes. [Introduced in House] ...
8 H.R. 2119 (ih) To amend the Fair Labor Standards Act of 1938 to reform the provisions relating to child labor. [Introduced in House] ...
9 S.Res. 208 (rs) Expressing the sense of the Senate regarding United States policy toward the North Atlantic Treaty Organization and the European Union, in light of the Alliance's April 1999 Washington Summit and the European Union's June 1999 Cologne Summ...
10 H.R. 3995 (ih) To establish procedures governing the responsibilities of court- appointed receivers who administer departments, offices, and agencies of the District of Columbia government. [Introduced in House] ...
11 H.R. 2773 (rh) To amend the Wild and Scenic Rivers Act to designate the Wekiva River and its tributaries of Rock Springs Run and Black Water Creek in the State of Florida as components of the national wild and scenic rivers system. [Reported in House] %%F...
12 H.R. 1749 (rh) To designate Wilson Creek in Avery and Caldwell Counties, North Carolina, as a component of the National Wild and Scenic Rivers System. [Reported in House] ...
13 H.R. 2368 (rs) To assist in the resettlement and relocation of the people of Bikini Atoll by amending the terms of the trust fund established during the United States administration of the Trust Territory of the Pacific Islands. [Reported in Senate] %%Fil...
14 S. 3144 (pcs) To amend the Inspector General Act of 1978 (5 U.S.C. App.) to establish police powers for certain Inspector General agents engaged in official duties and provide an oversight mechanism for the exercise of those powers. [Placed on Calendar Se...
15 S. 986 (rs) To direct the Secretary of the Interior to convey the Griffith Project to the Southern Nevada Water Authority. [Reported in Senate] ...
16 H.Res. 44 (rh) Providing for consideration of the bill (H.R. 437) to provide for a Chief Financial Officer in the Executive Office of the President. [Reported in House] ...
17 H.R. 1568 (eh) To provide technical, financial, and procurement assistance to veteran owned small businesses, and for other purposes. [Engrossed in House] ...
18 H.R. 2572 (ih) To direct the Administrator of NASA to design and present an award to the Apollo astronauts. [Introduced in House] ...
19 H.Con.Res. 50 (enr) [Enrolled bill] ...
20 H.R. 2473 (ih) To suspend temporarily the duty on dichloro aniline (DCA). [Introduced in House] ...
21 S. 1066 (is) To amend the National Agricultural Research, Extension, and Teaching Policy Act of 1977 to encourage the use of and research into agricultural best practices to improve the environment, and for other purposes. [Introduced in Senate] %%Filenam...
22 H.R. 1753 (rh) To promote the research, identification, assessment, exploration, and development of methane hydrate resources, and for other purposes. [Reported in House] ...
23 S. 406 (enr) To amend the Indian Health Care Improvement Act to make permanent the demonstration program that allows for direct billing of medicare, medicaid, and other third party payors, and to expand the eligibility under such program to other tribes a...
24 S. 2675 (is) To establish an Office on Women's Health within the Department of Health and Human Services. [Introduced in Senate] ...
25 H.R. 5673 (ih) To amend title 18, United States Code, to provide a safe harbor for voluntary monitoring by e-commerce sites. [Introduced in House] ...
26 H.R. 92 (rh) To designate the Federal building and United States courthouse located at 251 North Main Street in Winston-Salem, North Carolina, as the ``Hiram H. Ward Federal Building and United States Courthouse''. [Reported in House] ...
27 H.R. 2884 (rh) To extend energy conservation programs under the Energy Policy and Conservation Act through fiscal year 2003. [Reported in House] ...
28 S. 2859 (is) To provide assistance to States in reducing the backlog of casework files awaiting DNA analysis and to make DNA testing available in appropriate cases to convicted Federal and State offenders. [Introduced in Senate] ...
29 H.Res. 618 (eh) [Engrossed in House] ...
30 S. 3276 (es) To make technical corrections to the College Scholarship Fraud Prevention Act of 2000 and certain amendments made by that Act. [Engrossed in Senate] ...

Other Documents:

106th Congressional Bills Records and Documents

GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.
House Rules:

104th House Rules
105th House Rules
106th House Rules

Congressional Bills:

104th Congressional Bills
105th Congressional Bills
106th Congressional Bills
107th Congressional Bills
108th Congressional Bills

Supreme Court Decisions

Supreme Court Decisions


1995 Privacy Act Documents
1997 Privacy Act Documents
1994 Unified Agenda
2004 Unified Agenda

Congressional Documents:

104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents

Congressional Directory:

105th Congressional Directory
106th Congressional Directory
107th Congressional Directory
108th Congressional Directory

Public Laws:

104th Congressional Public Laws
105th Congressional Public Laws
106th Congressional Public Laws
107th Congressional Public Laws
108th Congressional Public Laws

Presidential Records

1994 Presidential Documents
1995 Presidential Documents
1996 Presidential Documents
1997 Presidential Documents
1998 Presidential Documents
1999 Presidential Documents
2000 Presidential Documents
2001 Presidential Documents
2002 Presidential Documents
2003 Presidential Documents
2004 Presidential Documents

Home Executive Judicial Legislative Additional Reference About Privacy