Home > 106th Congressional Bills > S. 1634 (is) To amend the Internal Revenue Code of 1986 to allow a credit for residential solar energy property. [Introduced in Senate] ...S. 1634 (is) To amend the Internal Revenue Code of 1986 to allow a credit for residential solar energy property. [Introduced in Senate] ...
108th CONGRESS
1st Session
S. 1633
To require financial institutions and financial service providers to
notify customers of the unauthorized use of personal information, to
amend the Fair Credit Reporting Act to require fraud alerts to be
included in consumer credit files in such cases, and to provide
customers with enhanced access to credit reports in such cases.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
September 17, 2003
Mr. Corzine introduced the following bill; which was read twice and
referred to the Committee on Banking, Housing, and Urban
AffairsYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
_______________________________________________________________________
A BILL
To require financial institutions and financial service providers to
notify customers of the unauthorized use of personal information, to
amend the Fair Credit Reporting Act to require fraud alerts to be
included in consumer credit files in such cases, and to provide
customers with enhanced access to credit reports in such cases.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Identity Theft Notification and
Credit Restoration Act of 2003''.
SEC. 2. FINDINGS.
Congress finds that--
(1) the privacy and financial security of individuals is
increasingly at risk due to the ever more widespread collection
of personal information by both the private and public sector;
(2) credit card transactions, real estate records, consumer
surveys, credit reports, and Internet websites are all sources
of personal information and form the source material for
identity thieves;
(3) identity theft is one of the fastest growing crimes
committed in the United States, and identity theft has become
one of the major law enforcement challenges of the new economy,
as vast quantities of sensitive personal information are now
vulnerable to criminal interception and misuse;
(4) criminals who steal personal information use the
information to open fraudulent credit card accounts, write bad
checks, buy products, and commit other financial crimes with
assumed financial identities;
(5) in 2002, more than 160,000 people notified the Federal
Trade Commission that they had been victims of identity theft,
more than 3 times the number reported in 2000;
(6) identity theft is costly to consumers and to the United
States marketplace;
(7) victims of identity theft are often required to contact
numerous Federal, State, and local law enforcement agencies,
consumer credit reporting agencies, and creditors over many
years, as each event of fraud arises;
(8) the Government, financial institutions, financial
service providers, and credit reporting agencies that handle
sensitive personal information of consumers have a shared
responsibility to protect the information from identity
thieves, to assist identity theft victims, and to mitigate the
harm that results from fraud perpetrated in the name of the
victim; and
(9) the private sector can better protect consumers by
improving customer notification, implementing effective fraud
alerts, affording greater consumer access to credit reports,
and establishing other financial identity theft prevention
measures.
SEC. 3. TIMELY NOTIFICATION OF UNAUTHORIZED ACCESS TO PERSONAL
INFORMATION.
Subtitle B of title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6821
et seq.) is amended--
(1) by redesignating sections 526 and 527 as sections 528
and 529, respectively; and
(2) by inserting after section 525 the following:
``SEC. 526. NOTIFICATION TO CUSTOMERS OF UNAUTHORIZED ACCESS TO
PERSONAL INFORMATION.
``(a) Definitions.--In this section--
``(1) the term `breach'--
``(A) means unauthorized acquisition of
computerized data or paper records which compromises
the security, confidentiality, or integrity of personal
information maintained by or on behalf of a financial
institution; and
``(B) does not include a good faith acquisition of
personal information by an employee or agent of a
financial institution for a business purpose of the
institution, if the personal information is not subject
to further unauthorized disclosure; and
``(2) with respect to a customer of a financial
institution, the term `personal information' means the first
name or first initial and last name of the customer, in
combination with any one or more of the following data
elements, when either the name or the data element is not
encrypted:
``(A) A social security number.
``(B) A driver's license number or other officially
recognized form of identification.
``(C) A credit card number, debit card number, or
any required security code, access code, or password
that would permit access to financial account
information relating to that customer.
``(b) Notification Relating to Breach of Personal Information.--
``(1) Financial institution requirement.--In any case in
which there has been a breach of personal information at a
financial institution, or such a breach is reasonably believed
to have occurred, the financial institution shall promptly
notify--
``(A) each customer affected by the violation or
suspected violation;
``(B) each consumer reporting agency described in
section 603(p) of the Fair Credit Reporting Act (15
U.S.C. 1681a); and
``(C) appropriate law enforcement agencies, in any
case in which the financial institution has reason to
believe that the breach or suspected breach affects a
large number of customers, including as described in
subsection (e)(1)(C), subject to regulations of the
Federal Trade Commission.
``(2) Other entities.--For purposes of paragraph (1), any
person that maintains personal information for or on behalf of
a financial institution shall promptly notify the financial
institution of any case in which such customer information has been, or
is reasonably believed to have been, breached.
``(c) Timing.--Notification required by this section shall be
made--
``(1) promptly and without unreasonable delay, upon
discovery of the breach or suspected breach; and
``(2) consistent with--
``(A) the legitimate needs of law enforcement, as
provided in subsection (d); and
``(B) any measures necessary to determine the scope
of the breach or restore the reasonable integrity of
the information security system of the financial
institution.
``(d) Delays for Law Enforcement Purposes.--Notification required
by this section may be delayed if a law enforcement agency determines
that the notification would impede a criminal investigation, and in any
such case, notification shall be made promptly after the law
enforcement agency determines that it would not compromise the
investigation.
``(e) Form of Notice.--Notification required by this section may be
provided--
``(1) to a customer--
``(A) in writing;
``(B) in electronic form, if the notice provided is
consistent with the provisions regarding electronic
records and signatures set forth in section 101 of the
Electronic Signatures in Global and National Commerce
Act (15 U.S.C. 7001);
``(C) if the Federal Trade Commission determines
that the number of all customers affected by, or the
cost of providing notifications relating to, a single
breach or suspected breach would make other forms of
notification prohibitive, or in any case in which the
financial institution certifies in writing to the
Federal Trade Commission that it does not have
sufficient customer contact information to comply with
other forms of notification, in the form of--
``(i) an e-mail notice, if the financial
institution has access to an e-mail address for
the affected customer that it has reason to
believe is accurate;
``(ii) a conspicuous posting on the
Internet website of the financial institution,
if the financial institution maintains such a
website; or
``(iii) notification through the media that
a breach of personal information has occurred
or is suspected that compromises the security,
confidentiality, or integrity of customer
information of the financial institution; or
``(D) in such other form as the Federal Trade
Commission may by rule prescribe; and
``(2) to consumer reporting agencies and law enforcement
agencies (where appropriate), in such form as the Federal Trade
Commission may prescribe, by rule.
``(f) Content of Notification.--Each notification to a customer
under subsection (b) shall include--
``(1) a statement that--
``(A) credit reporting agencies have been notified
of the relevant breach or suspected breach; and
``(B) the credit report and file of the customer
will contain a fraud alert to make creditors aware of
the breach or suspected breach, and to inform creditors
that the express authorization of the customer is
required for any new issuance or extension of credit
(in accordance with section 605(g) of the Fair Credit
Reporting Act); and
``(2) such other information as the Federal Trade
Commission determines is appropriate.
``(g) Compliance.--Notwithstanding subsection (e), a financial
institution shall be deemed to be in compliance with this section if--
``(1) the financial institution has established a
comprehensive information security program that is consistent
with the standards prescribed by the appropriate regulatory
body under section 501(b);
``(2) the financial institution notifies affected customers
and consumer reporting agencies in accordance with its own
internal information security policies in the event of a breach
or suspected breach of personal information; and
``(3) such internal security policies incorporate
notification procedures that are consistent with the
requirements of this section and the rules of the Federal Trade
Commission under this section.
``(h) Civil Penalties.--
``(1) Damages.--Any customer injured by a violation of this
section may institute a civil action to recover damages arising
from that violation.
``(2) Injunctions.--Actions of a financial institution in
violation or potential violation of this section may be
enjoined.
``(3) Cumulative effect.--The rights and remedies available
under this section are in addition to any other rights and
remedies available under applicable law.
``(i) Rules of Construction.--
``(1) In general.--Compliance with this section by a
financial institution shall not be construed to be a violation
of any provision of subtitle (A), or any other provision of
Federal or State law prohibiting the disclosure of financial
information to third parties.
``(2) Limitation.--Except as specifically provided in this
section, nothing in this section requires or authorizes a
financial institution to disclose information that it is
otherwise prohibited from disclosing under subtitle A or any
other provision of Federal or State law.
``(3) No new recordkeeping obligation.--Nothing in this
section creates an obligation on the part of a financial
institution to obtain, retain, or maintain information or
records that are not otherwise required to be obtained,
retained, or maintained in the ordinary course of its business
or under other applicable law.''.
SEC. 4. INCLUSION OF FRAUD ALERTS IN CONSUMER CREDIT REPORTS.
Section 605 of the Fair Credit Reporting Act (15 U.S.C. 1681c) is
amended by adding at the end the following:
``(g) Fraud Alerts.--
``(1) Defined term.--In this subsection, the term `fraud
alert' means a clear and conspicuous statement in the file of a
consumer that notifies all prospective users of the consumer
credit report (or any portion thereof) relating to the
consumer, that--
``(A) the identity of the consumer may have been
used, without the consent of the consumer, to
fraudulently obtain goods or services in the name of
the consumer; and
``(B) the consumer does not authorize the issuance
or extension of credit in the name of the consumer,
unless the issuer of such credit, upon receiving
appropriate evidence of the true identity of the
consumer--
``(i) obtains express preauthorization from
the consumer at a telephone number designated
by the consumer; or
``(ii) utilizes another reasonable means of
communication to obtain the express
preauthorization of the consumer.
``(2) Inclusion of fraud alert in consumer file.--
``(A) Upon notification by financial institution.--
A consumer reporting agency shall include a fraud alert
meeting the requirements of this subsection in the file
of a consumer promptly upon receipt of a notice from a
financial institution under section 526(b)(1)(B) of the
Gramm-Leach-Bliley Act relating to the consumer.
``(B) Upon request of consumer.--A consumer
reporting agency shall include a fraud alert meeting
the requirements of this subsection in the file of a
consumer promptly upon receipt of--
``(i) a request by the consumer; and
``(ii) appropriate evidence of--
``(I) the true identity of the
person making the request; and
``(II) the claim of identity theft
forming the basis for the request.
``(3) Consumer reporting agency responsibilities.--A
consumer reporting agency shall ensure that each person
procuring consumer credit information with respect to a
consumer is made aware of the existence of a fraud alert in the
file of that consumer, regardless of whether a full credit
report, credit score, or summary report is requested.
Other Popular 106th Congressional Bills Documents:
|
| GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information. |
 |