| Home > 106th Congressional Bills > S. 1634 (is) To amend the Internal Revenue Code of 1986 to allow a credit for residential solar energy property. [Introduced in Senate] ...
S. 1634 (is) To amend the Internal Revenue Code of 1986 to allow a credit for residential solar energy property. [Introduced in Senate] ...
108th CONGRESS 1st Session S. 1633 To require financial institutions and financial service providers to notify customers of the unauthorized use of personal information, to amend the Fair Credit Reporting Act to require fraud alerts to be included in consumer credit files in such cases, and to provide customers with enhanced access to credit reports in such cases. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES September 17, 2003 Mr. Corzine introduced the following bill; which was read twice and referred to the Committee on Banking, Housing, and Urban AffairsYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY _______________________________________________________________________ A BILL To require financial institutions and financial service providers to notify customers of the unauthorized use of personal information, to amend the Fair Credit Reporting Act to require fraud alerts to be included in consumer credit files in such cases, and to provide customers with enhanced access to credit reports in such cases. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Identity Theft Notification and Credit Restoration Act of 2003''. SEC. 2. FINDINGS. Congress finds that-- (1) the privacy and financial security of individuals is increasingly at risk due to the ever more widespread collection of personal information by both the private and public sector; (2) credit card transactions, real estate records, consumer surveys, credit reports, and Internet websites are all sources of personal information and form the source material for identity thieves; (3) identity theft is one of the fastest growing crimes committed in the United States, and identity theft has become one of the major law enforcement challenges of the new economy, as vast quantities of sensitive personal information are now vulnerable to criminal interception and misuse; (4) criminals who steal personal information use the information to open fraudulent credit card accounts, write bad checks, buy products, and commit other financial crimes with assumed financial identities; (5) in 2002, more than 160,000 people notified the Federal Trade Commission that they had been victims of identity theft, more than 3 times the number reported in 2000; (6) identity theft is costly to consumers and to the United States marketplace; (7) victims of identity theft are often required to contact numerous Federal, State, and local law enforcement agencies, consumer credit reporting agencies, and creditors over many years, as each event of fraud arises; (8) the Government, financial institutions, financial service providers, and credit reporting agencies that handle sensitive personal information of consumers have a shared responsibility to protect the information from identity thieves, to assist identity theft victims, and to mitigate the harm that results from fraud perpetrated in the name of the victim; and (9) the private sector can better protect consumers by improving customer notification, implementing effective fraud alerts, affording greater consumer access to credit reports, and establishing other financial identity theft prevention measures. SEC. 3. TIMELY NOTIFICATION OF UNAUTHORIZED ACCESS TO PERSONAL INFORMATION. Subtitle B of title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6821 et seq.) is amended-- (1) by redesignating sections 526 and 527 as sections 528 and 529, respectively; and (2) by inserting after section 525 the following: ``SEC. 526. NOTIFICATION TO CUSTOMERS OF UNAUTHORIZED ACCESS TO PERSONAL INFORMATION. ``(a) Definitions.--In this section-- ``(1) the term `breach'-- ``(A) means unauthorized acquisition of computerized data or paper records which compromises the security, confidentiality, or integrity of personal information maintained by or on behalf of a financial institution; and ``(B) does not include a good faith acquisition of personal information by an employee or agent of a financial institution for a business purpose of the institution, if the personal information is not subject to further unauthorized disclosure; and ``(2) with respect to a customer of a financial institution, the term `personal information' means the first name or first initial and last name of the customer, in combination with any one or more of the following data elements, when either the name or the data element is not encrypted: ``(A) A social security number. ``(B) A driver's license number or other officially recognized form of identification. ``(C) A credit card number, debit card number, or any required security code, access code, or password that would permit access to financial account information relating to that customer. ``(b) Notification Relating to Breach of Personal Information.-- ``(1) Financial institution requirement.--In any case in which there has been a breach of personal information at a financial institution, or such a breach is reasonably believed to have occurred, the financial institution shall promptly notify-- ``(A) each customer affected by the violation or suspected violation; ``(B) each consumer reporting agency described in section 603(p) of the Fair Credit Reporting Act (15 U.S.C. 1681a); and ``(C) appropriate law enforcement agencies, in any case in which the financial institution has reason to believe that the breach or suspected breach affects a large number of customers, including as described in subsection (e)(1)(C), subject to regulations of the Federal Trade Commission. ``(2) Other entities.--For purposes of paragraph (1), any person that maintains personal information for or on behalf of a financial institution shall promptly notify the financial institution of any case in which such customer information has been, or is reasonably believed to have been, breached. ``(c) Timing.--Notification required by this section shall be made-- ``(1) promptly and without unreasonable delay, upon discovery of the breach or suspected breach; and ``(2) consistent with-- ``(A) the legitimate needs of law enforcement, as provided in subsection (d); and ``(B) any measures necessary to determine the scope of the breach or restore the reasonable integrity of the information security system of the financial institution. ``(d) Delays for Law Enforcement Purposes.--Notification required by this section may be delayed if a law enforcement agency determines that the notification would impede a criminal investigation, and in any such case, notification shall be made promptly after the law enforcement agency determines that it would not compromise the investigation. ``(e) Form of Notice.--Notification required by this section may be provided-- ``(1) to a customer-- ``(A) in writing; ``(B) in electronic form, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in section 101 of the Electronic Signatures in Global and National Commerce Act (15 U.S.C. 7001); ``(C) if the Federal Trade Commission determines that the number of all customers affected by, or the cost of providing notifications relating to, a single breach or suspected breach would make other forms of notification prohibitive, or in any case in which the financial institution certifies in writing to the Federal Trade Commission that it does not have sufficient customer contact information to comply with other forms of notification, in the form of-- ``(i) an e-mail notice, if the financial institution has access to an e-mail address for the affected customer that it has reason to believe is accurate; ``(ii) a conspicuous posting on the Internet website of the financial institution, if the financial institution maintains such a website; or ``(iii) notification through the media that a breach of personal information has occurred or is suspected that compromises the security, confidentiality, or integrity of customer information of the financial institution; or ``(D) in such other form as the Federal Trade Commission may by rule prescribe; and ``(2) to consumer reporting agencies and law enforcement agencies (where appropriate), in such form as the Federal Trade Commission may prescribe, by rule. ``(f) Content of Notification.--Each notification to a customer under subsection (b) shall include-- ``(1) a statement that-- ``(A) credit reporting agencies have been notified of the relevant breach or suspected breach; and ``(B) the credit report and file of the customer will contain a fraud alert to make creditors aware of the breach or suspected breach, and to inform creditors that the express authorization of the customer is required for any new issuance or extension of credit (in accordance with section 605(g) of the Fair Credit Reporting Act); and ``(2) such other information as the Federal Trade Commission determines is appropriate. ``(g) Compliance.--Notwithstanding subsection (e), a financial institution shall be deemed to be in compliance with this section if-- ``(1) the financial institution has established a comprehensive information security program that is consistent with the standards prescribed by the appropriate regulatory body under section 501(b); ``(2) the financial institution notifies affected customers and consumer reporting agencies in accordance with its own internal information security policies in the event of a breach or suspected breach of personal information; and ``(3) such internal security policies incorporate notification procedures that are consistent with the requirements of this section and the rules of the Federal Trade Commission under this section. ``(h) Civil Penalties.-- ``(1) Damages.--Any customer injured by a violation of this section may institute a civil action to recover damages arising from that violation. ``(2) Injunctions.--Actions of a financial institution in violation or potential violation of this section may be enjoined. ``(3) Cumulative effect.--The rights and remedies available under this section are in addition to any other rights and remedies available under applicable law. ``(i) Rules of Construction.-- ``(1) In general.--Compliance with this section by a financial institution shall not be construed to be a violation of any provision of subtitle (A), or any other provision of Federal or State law prohibiting the disclosure of financial information to third parties. ``(2) Limitation.--Except as specifically provided in this section, nothing in this section requires or authorizes a financial institution to disclose information that it is otherwise prohibited from disclosing under subtitle A or any other provision of Federal or State law. ``(3) No new recordkeeping obligation.--Nothing in this section creates an obligation on the part of a financial institution to obtain, retain, or maintain information or records that are not otherwise required to be obtained, retained, or maintained in the ordinary course of its business or under other applicable law.''. SEC. 4. INCLUSION OF FRAUD ALERTS IN CONSUMER CREDIT REPORTS. Section 605 of the Fair Credit Reporting Act (15 U.S.C. 1681c) is amended by adding at the end the following: ``(g) Fraud Alerts.-- ``(1) Defined term.--In this subsection, the term `fraud alert' means a clear and conspicuous statement in the file of a consumer that notifies all prospective users of the consumer credit report (or any portion thereof) relating to the consumer, that-- ``(A) the identity of the consumer may have been used, without the consent of the consumer, to fraudulently obtain goods or services in the name of the consumer; and ``(B) the consumer does not authorize the issuance or extension of credit in the name of the consumer, unless the issuer of such credit, upon receiving appropriate evidence of the true identity of the consumer-- ``(i) obtains express preauthorization from the consumer at a telephone number designated by the consumer; or ``(ii) utilizes another reasonable means of communication to obtain the express preauthorization of the consumer. ``(2) Inclusion of fraud alert in consumer file.-- ``(A) Upon notification by financial institution.-- A consumer reporting agency shall include a fraud alert meeting the requirements of this subsection in the file of a consumer promptly upon receipt of a notice from a financial institution under section 526(b)(1)(B) of the Gramm-Leach-Bliley Act relating to the consumer. ``(B) Upon request of consumer.--A consumer reporting agency shall include a fraud alert meeting the requirements of this subsection in the file of a consumer promptly upon receipt of-- ``(i) a request by the consumer; and ``(ii) appropriate evidence of-- ``(I) the true identity of the person making the request; and ``(II) the claim of identity theft forming the basis for the request. ``(3) Consumer reporting agency responsibilities.--A consumer reporting agency shall ensure that each person procuring consumer credit information with respect to a consumer is made aware of the existence of a fraud alert in the file of that consumer, regardless of whether a full credit report, credit score, or summary report is requested.
Other Popular 106th Congressional Bills Documents:
|GovRecords.org presents information on various agencies of the United States Government. Even though all information is believed to be credible and accurate, no guarantees are made on the complete accuracy of our government records archive. Care should be taken to verify the information presented by responsible parties. Please see our reference page for congressional, presidential, and judicial branch contact information. GovRecords.org values visitor privacy. Please see the privacy page for more information.|
Supreme Court Decisions
104th Congressional Documents
105th Congressional Documents
106th Congressional Documents
107th Congressional Documents
108th Congressional Documents
1994 Presidential Documents