| State: |
Bill Summary: |
| Alabama |
S.B. 114
Indefinitely postponed 5/29/07
Provides a procedure for notification of a breach of security where there is a reasonable belief that computer data containing the personal information of an Alabama resident is disclosed to an unauthorized person; provides limited exceptions to the procedure. |
| Alaska |
H.B. 31
Relates to breaches of security involving personal information, credit report and credit score security freezes, consumer credit monitoring, credit accuracy, protection of Social Security numbers, care of records, disposal of records, identity theft, furnishing consumer credit header information, credit cards, and debit cards, and to the jurisdiction of the office of administrative hearings. |
| |
H.B. 65
Relates to breaches of security involving personal information, credit report and credit score security freezes, consumer credit monitoring, credit accuracy, protection of Social Security numbers, care of records, disposal of records, identity theft, furnishing consumer credit header information, credit cards, and debit cards, and to the jurisdiction of the office of administrative hearings. |
| |
S.B. 21
Relates to breaches of security involving personal information, credit report and credit score security freezes, consumer credit monitoring, credit accuracy, protection of Social Security numbers, care of records, disposal of records, identity theft, furnishing consumer credit header information, credit cards, and debit cards, and to the jurisdiction of the office of administrative hearings. |
| Arizona |
S.B. 1617
Relates to Financial Information Privacy Act. |
| Arkansas |
H.B. 2477
Enhances the protection of personal information; requires notice to a consumer of an unauthorized breach of the consumer's personal information within the past five years. |
|
| California |
A.B. 372
Makes technical, nonsubstantive changes to provisions of existing law that allows a injured customer to institute a civil action to recover damages or for injective relief relating to existing law that requires businesses to destroy customer records, to implement and maintain reasonable security procedures and practices to protect personal information from unauthorized access, destruction, use, modification, or disclosure, and to make sure that third party's getting such information maintain procedures. |
| |
A.B. 429
Passed Assembly 5/17/07
Prohibits an innkeeper from disseminating the personal information of a guest, as defined, to any third party, with specified exceptions. |
| |
A.B. 779
Vetoed by governor 10/13/07
On and after July 1, 2008, this bill prohibits a person, business, or agency, as defined, that sells goods or services to any resident of California and accepts as payment a credit card, debit card, or other payment device, from storing, retaining, sending, or failing to limit access to payment-related data, as defined, retaining a primary account number, or storing sensitive authentication data subsequent to an authorization, as specified, unless a specified exception applies. Upon a violation, and as applicable, the bill would apply specified reimbursement and notice provisions. On and after July 1, 2008, this bill requires that notification to the owner or licensee of the information to include, among other things, a description of the categories of personal information that were, or may have been, acquired, a toll-free or local telephone number or electronic mail address that individuals may use to contact the agency, person, or business, and the telephone numbers and addresses of the major credit reporting agencies. If the owner or licensee of the information is the issuer of the credit or debit card or the payment device, or maintains the account from which the payment device orders payment, the bill requires the owner or licensee to disclose the same information to the California resident in plain language, as specified. |
| |
A.B. 814
Died pursuant to Art. IV, Sec. 10(c) of the Constitution 1/31/08
This bill, the Consumer Sales Security Act, requires that the Office of Privacy Protection develop an identity theft prevention program for businesses and retailers that will educate them on security methods and procedures to better protect the personal information and financial data of their customers. Makes it a felony for a person to illegally use or tamper with an electronic funds transfer device, and thereby obtain any personal identifying information or financial information. The bill states the intent of the Legislature to increase funding for law enforcement to prevent and investigate identity theft related to electronic funds transfer transactions. |
| |
S.B. 328
Passed Senate 6/6/07
Prohibits any person, as defined, from, among other things, obtaining or attempting to obtain, or causing or attempting to cause the disclosure of, personal information about a customer or employee contained in the records of a business through specified methods, such as by making false, fictitious, or fraudulent statements or representations, with specified exceptions. The bill provides civil remedies for the violation thereof, and would make related and conforming changes in that regard. |
| |
S.B. 364
Existing law requires any agency that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the data, as defined, to any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Existing law allows an agency to provide that disclosure by substitute notice, as specified, if the agency demonstrates that the cost of disclosure would exceed $250,000, or that the affected class exceeds 500,000 persons, or that the agency does not have sufficient contact information. In addition to the other substitute notice provisions, this bill allows for substitute notice if the agency demonstrates that the cost of disclosure would exceed $100,000. The bill also repeals a duplicative provision of law. |
| Connecticut |
H.B. 6815
Failed Joint Favorable deadline 4/13/07
Prohibits an individual obtaining or attempting to obtain personal identifying information or personal records of another individual under false pretenses. |
| Florida |
H.B. 1211
Died 5/4/07
S.B. 2268
Died in committee 5/4/07
Relates to personal identifying information; prohibits distribution of personal identifying information of an individual without permission; provides criminal penalties. |
| |
H.B. 1213
Died 5/4/07
S.B. 2818
Died in committee 5/4/07
Relates to public records; creates an additional general exemption from requirements governing the inspection and copying of public records; defines personal identification information for purposes of the act; provides that any portion of a public record held by an agency that contains personal identification information of an individual is confidential and exempt from public records requirements; provides for retroactive application of exemptions. |
| |
H.B. 7125
Died on calendar 5/4/07
Amends specified provision which provides exemption from public records requirements for bank account numbers and debit, charge, and credit card numbers held by agency; removes scheduled repeal of exemption under OGSR Act. |
| |
H.B. 7153
Relates to consumer complaints; provides exemption from public records requirements for personal financial and health information held by the Department of Financial Services or the Office of Insurance Regulation regarding a consumer's complaint or inquiry regarding matter or activity regulated under the Insurance Code; expands exemption to include personal financial and health information regarding a consumer's complaint or inquiry regarding the matter. |
| |
S.B. 1346
Died in committee 5/4/07
Revises general state policy concerning public records in order to conform to provisions of State Constitution governing public records; deletes provision specifying certain public-record exemptions that apply to public records made part of court file; provides that Social Security numbers and financial account numbers are exempt from public-record requirements to conform to changes made by act. |
| |
S.B. 1348
Died in committee 5/4/07
Amends specified provision regarding exemptions for public-records requirements for Social Security and financial account numbers held by clerks of circuit court and county recorders; clarifies provisions requiring that county recorder use his or her best efforts to redact such information after January 1, 2008; saves exemptions from repeal under OGSR Act; deletes provisions that provide for repeal of exemptions. |
| Hawaii |
H.B. 246
Relates to personal financial information; relates to unauthorized disclosure; requires public or private entities responsible for the inadvertent, unauthorized disclosure of personal financial information to pay for access to credit reports. |
| |
S.B. 9
Requires public or private entities responsible for the inadvertent, unauthorized disclosure of personal financial information to pay for access to credit reports for at least one year. |
| Illinois |
H.B. 5
Amends the Personal Information Protection Act. Makes a technical change in a section concerning the short title. |
| |
H.B. 605
Amends the Personal Information Protection Act. Defines breach of the security of the system data or written material. Provides that the notice requirements of the Act apply to breaches of written material containing personal information. Provides that a data collector shall notify the resident that there has been a breach of the security of the system data or written material within a reasonable time after the discovery of the breach of the system data or written material. |
| |
H.B. 3725
Creates the Illinois Financial Information Privacy Act. Allows a consumer to direct a financial institution to not share the nonpublic personal information with affiliated companies or with nonaffiliated financial companies with which the financial institution has contracted to provide financial products and services. |
| |
S.B. 235
Amends the Illinois Banking Act. Provides that a bank may not disclose to any person, except to the customer or his or her duly authorized agent, any financial records or financial information obtained from financial records relating to that customer of that bank unless the financial records are disclosed in response to a lawful subpoena, summons, warrant, citation to discover assets, or court order which meets certain criteria. |
| Iowa |
H.F. 655
Provides for the notification of a breach in the security of computerized data of personal information, allows a security alert or block on a consumer report, allows the issuance of an identity theft passport, requires the deletion of certain records relating to dishonored checks, prohibits the collection of certain unauthorized debt obligations, and provides for civil remedies and penalties. |
| |
H.S.B. 117
Became H.F. 579 2/28/07
Under the bill, the supreme court may prescribe a rule or issue a directive requiring confidentiality of certain categories of personal identification and financial account information filed with the clerk of the district court or the clerk of the supreme court. The bill provides the rule or directive may specify the manner and format in which the confidential information is to be provided to or disseminated by the clerk. The bill also provides that the rule or directive prescribed by the supreme court shall prevail over any other state laws and administrative rules. |
| |
S.F. 454
Withdrawn from further consideration 3/26/07
Under the bill, the supreme court may prescribe a rule or issue a directive requiring confidentiality of certain categories of personal identification and financial account information filed with the clerk of the district court or the clerk of the supreme court. The bill provides the rule or directive may specify the manner and format in which the confidential information is to be provided to or disseminated by the clerk. The bill also provides that the rule or directive prescribed by the supreme court shall prevail over any other state laws and administrative rules. |
| |
S.S.B 1109
Became S.F. 454 3/8/07
Under the bill, the supreme court may prescribe a rule or issue a directive requiring confidentiality of certain categories of personal identification and financial account information filed with the clerk of the district court or the clerk of the supreme court. The bill provides the rule or directive may specify the manner and format in which the confidential information is to be provided to or disseminated by the clerk. The bill also provides that the rule or directive prescribed by the supreme court shall prevail over any other state laws and administrative rules. |
|
| Kentucky |
H.B. 7
Passed House 2/22/07
Creates new sections of KRS Chapter 367 to create definitions related to identity theft; restricts certain uses by businesses of a consumer's Social Security number subject to certain exceptions, to delay the effective date to July 1, 2008, and to make a violation subject to the same remedies, duties, powers and penalties as violations of the Consumer Protection Act; requires an agency or business to give notice to a person whose personal information was acquired in a security breach subject to certain exceptions, to make a waiver void and unenforceable, and to declare that a violation is subject to the same remedies, duties, powers and penalties as violations of the Consumer Protection Act; requires an agency or business to take certain measures to safeguard against security breaches subject to certain exceptions, and to declare that a violation is subject to the same remedies, duties, powers and penalties as violations of the Consumer Protection Act; declares that the provisions regarding business use of Social Security numbers, security breach notices, and safeguarding against security breaches do not limit the power to enforce criminal or civil statutes or the right to bring civil actions, and to provide venue for civil actions brought by the attorney general regarding violations; creates a new section of KRS Chapter 17 to require a law enforcement agency to take a complaint and provide a copy of the police report to a complainant who has learned or reasonably suspects that his or her identity or personal information has been used without consent in the commission of a criminal offense; creates a new section of KRS Chapter 411 to establish an expedited Circuit Court procedure for a person whose identity or personal information has been used without consent in the commission of a criminal offense to get a determination that he or she is a victim of identity theft, and to require that the court filing fee be the same as for filing a small claims case; creates a new section of KRS Chapter 431 to establish an expedited procedure allowing a person who has been charged with a crime because another person used his or her identifying information, and who has been found not guilty or the charges have been dismissed, to make a motion to the Court to redact his or her identifying information from certain records and to establish a procedure restricting access and inspection of those records; creates a new section of KRS Chapter 12 to restrict certain uses by agencies of a person’s Social Security number, and to prohibit the inclusion of a person’s Social Security number in documents filed or recorded with an agency, subject to certain exceptions, to establish a procedure to request redaction of a Social Security number shown in official records on an agency’s Internet Web site subject to certain exceptions, and to delay the effective date to July 1, 2008; creates a new section of KRS Chapter 434 to create definitions and establish a Class D felony offense for "phishing," which is using the Internet to induce a person to provide identifying information by representing without authorization that the requester is another person; create a new section of KRS Chapter 411 to provide a civil cause of action against a person who "phishes," to allow injunctive relief, damages up to the greater of actual damages or $25,000 for each violation, treble damages in certain circumstances, and reasonable attorney's fees and court costs to a prevailing plaintiff to subject violations to the remedies, powers, and duties of the Consumer Protection Act, and to establish a statute of limitations; amends KRS 365.720 relating to disposal of records to create a definition for "agency" and delete the definition for "customer"; amends KRS 365.725 to extend the application of the records disposal provisions to agencies and to make the provisions applicable to all records; amends KRS 15.334 to require law enforcement basic training regarding identity theft; amends KRS 411.210 to extend the civil cause of action for victims of certain identity-theft-related crimes to persons whose identity or personal information has been used without consent in the commission of a criminal offense, and to extend the statute of limitations to the later of five years or the date of discovery of the violation or the identity of the perpetrator of the violation; amends KRS 514.160 to provide that the crime of theft of identity applies to use of a live or deceased person’s identity, to increase the types of identifying information protected, and to delete the exclusion of credit or debit card fraud crimes; amends KRS 525.080 to provide that the crime of harassing communications applies whether the perpetrator is using the perpetrator's own or another person’s identity. |
| Maryland |
H.B. 90
Requires a business to destroy records that contain specified personal information in a specified manner; requires a business that owns or licenses specified personal information to implement and maintain specified security procedures and practices; requires businesses that own or license specified data that include specified personal information to notify specified individuals of a breach of the security of a system under specified circumstances. |
| |
H.B. 123
S.B. 904
Requires a business to destroy or arrange for the destruction of records that contain specified personal information in a specified manner; requires a business that compiles, maintains, or makes available specified personal information of an individual residing in the State to implement and maintain specified security procedures and practices; requires businesses to notify specified individuals of a breach of security of a system. |
| |
H.B. 210
Withdrawn 2/21/07
Prohibits specified businesses from disclosing to a third party, for compensation, specified personal information obtained in a specified manner; provides that a violation of specified provisions of the Act is an unfair or deceptive trade practice; provides that a waiver of specified provisions of the Act is contrary to public policy and is void and unenforceable. |
| |
H.B. 739
Withdrawn 3/20/07
S.B. 467
Requires merchants that collect specified personal and marketing information to implement and maintain specified security procedures and practices; requires a merchant to disclose to a consumer specified personal and marketing information in a specified manner; establishes procedures for requesting the information; requires a merchant to provide the information requested within a specified period of time. |
| |
S.B. 514
Requires specified business and state entities that own, license, or maintain specified records that include specified personal information of an individual residing in the state to notify specified persons of a breach of the security of a system under specified circumstances; specifies the time at which notification must be given; authorizes notification to be given in a specified manner. |
| Massachusetts |
H.B. 213
Relates to enhancing the confidentiality and protection of certain consumer information. |
| |
H.B. 291
Establishes the protection of personal information protection. |
| |
H.B. 328
Authorizes a consumer reporting agency to place a security freeze at the request of a consumer; regulates the destruction of personal information, provides for notification of a security breach. |
| |
H.B. 333
Relates to identity theft in the commonwealth; authorizes identity theft victims to report identity theft to local law enforcement; creates a division of privacy protection; regulates the use of Social Security numbers. |
| |
H.B. 1008
Provides that no insurance company shall disclose any non-public personal information contrary to the provisions of Title V of the federal Financial Services Modernization Act of 1999 (public law 106-102), known as the Gramm-Leach-Bliley Act. |
| |
H.B. 1559
Requires security measures for businesses storing personal information by electronic means. |
| |
H.B. 3818
Calls for an investigation by a special commission (including members of the General Court) relative to the protection of privacy in the collection, storage, use and release of personal information and other related matters. |
| |
S.B. 160
Establishes the protection of personal information protection. |
| |
S.B. 242
Restores consumer control over the private information collected by retail discount cards. |
| Michigan |
H.B. 4521
Provides that an order or judgment entered in an action for divorce or separate maintenance, or any document attached to or filed in the case file with the judgment or order, shall not contain personal identifying information unless specifically required by state or federal law, rule, or regulation, or by a court order or rule. This section does not affect an obligation of a person to provide personal identifying information to the friend of the court or another person. |
| |
H.B. 4683
Requires reasonable security measures for data brokers to protect personal identifying information. |
| Minnesota |
H.F. 116
Passed House 5/1/07
S.F. 162
Substituted 5/10/07
Imposes certain customer sales or service call center requirements; prescribes a criminal penalty. |
| Mississippi |
S.B. 2089
Died on calendar 2/12/07
Creates the "Mississippi Clean Credit and Identity Theft Protection Act"; defines certain terms; authorizes consumers to place a security freeze on their credit files; limits the release or sharing of credit header information; provides a consumer with the right to file a police report regarding identity theft with the local law enforcement agency having jurisdiction over his actual residence; provides identity theft victims with the right to obtain a court ordered factual declaration of innocence and creates a statewide criminal identity theft registry; requires notice to consumers in the event that security of data has been breached; limits the use of Social Security numbers; prohibits insurers from using information regarding a consumer's creditworthiness for the purpose of determining rates for insurance or eligibility for coverage; regulates the disposal of records containing personal information. |
| Missouri |
H.B. 377
Changes the laws regarding the release of personal information to unauthorized persons. |
| |
H.B. 1190
Makes personal information that is collected by a county collector including an individual's name, address, real estate tax information, financial information or transactions, real estate parcel number, loan number for real estate parcels, or any other personal information not a public record unless authorized by the county collector. |
| |
H.B. 1248
Prohibits displaying or posting financial information over the Internet if consent was not obtained by the individual or entity whose information is being displayed or posted. |
| |
H.B. 1285
Revises the definition of "public record" by excluding an individual's personal information collected by municipalities. Personal information includes any financial information, medical history, or criminal or employment history that contains an individual's name, identifying number, or other identifiers assigned to the individual. |
| |
H.C.R. 10
Urges the United States Congress to adopt a comprehensive federal law that protects consumer information from data thieves. |
| New Hampshire |
H.B. 269
Inexpedient to legislate 1/2/08
Makes "pretexting," the act of using a ruse to obtain personally identifiable information about another individual, a violation, subject to a fine, and establishes a private cause of action for those injured by pretexting. |
| |
H.B. 745
Inexpedient to legislate 4/5/07
Prohibits any public or private entity from using a secret database that contains personally identifiable information and does not provide the person an opportunity to review the accuracy of such information. |
| New Jersey |
A.B. 4413
Prohibits a retail sales establishment from retaining or storing the full magnetic-stripe data, including Visa Card Verification Value 2 or MasterCard Card Validation Code 2, obtained from a credit card, debit card, or access device on any system components after a response to the retail sales establishment’s authorization request has been received. However, notwithstanding the above, a retail sales establishment may retain the account number, expiration date, and name contained on the credit card. The bill also provides that a business or public entity that is required to provide notice of a breach of security of computerized records to a customer pursuant to subsection a. or b. of section 12 of P.L.2005, c.226 (C.56:8-163) will be liable to a financial institution for the costs incurred by that financial institution in protecting the personal information of a customer or providing financial services to that customer as a result of a potential or actual breach of security of the computerized records of the business or public entity, including, but not limited to: (1) the cancellation or re-issuance by any financial institution of any credit card, debit card, or access device; (2) the closure of any deposit, transaction, share draft, or other account and any action to stop payments or block transactions with respect to a customer’s account; (3) the opening or re-opening of any deposit, transaction, share draft, or other account for any customer of the financial institution; and (4) any refund or credit made to any customer of the financial institution as a result of a breach of security. The bill also adds a definition of “financial institution” to the “Identity Theft Prevention Act.” It defines a financial institution as a bank, savings bank, savings and loan association, mutual savings bank, or credit union organized, chartered, or holding a license or authorization certificate under the law of this state, any other state, the United States, or of any other country, or the parent or the subsidiary of a financial institution. The term also includes any person who issues an access device and agrees with a consumer to provide electronic fund transfer services. |
| New Mexico |
H.B. 612
Relates to financial privacy; requires consent for sharing certain financial information; provides penalties. |
| |
S.B. 606
Relates to financial privacy; requires consent for sharing certain financial information; provides penalties. |
| New York |
A.B. 69
S.B. 5047
Passed Senate 6/12/07
Prohibits the use of inmate labor to access, collect or process personal information relating to a natural person residing in this state; provides for a civil penalty of not more than $1500 for a first violation and not more than $2500 for a second or subsequent violation. |
| |
A.B. 275
Prohibits persons or business entities from filing unnecessary personal identifying information with an agency; provides for enforcement by the attorney general. |
| |
A.B. 406
S.B. 5586
Relates to the fees that may be charged by a county clerk's office; requires that a county clerk not accept any document for recording if unnecessary personal identifying information is written on such document. |
| |
A.B. 490
Passed Assembly 6/13/07
S.B. 3897
Restricts insurers from demanding intrusive personal, financial and tax information from insureds as a standard practice in processing ordinary theft claims where no special circumstances warranting a demand for such information exists. |
| |
A.B. 576
Passed Assembly 5/9/07
S.B. 279
Grants consumers the option to prohibit the rental, sale, exchange or other availability of personal information possessed by an issuer of a credit card, charge card or debit card; requires notice of such option be given to cardholders by credit card, charge card and debit card issuers in existing bill mailings and in credit card and debit card agreements and renewals thereof; limits any effect on credit card registration services. |
| |
A.B. 645
S.B. 4129
Enacts the New York consumer and worker protection act; requires employers to provide notice of the outsourcing of jobs prior to such outsourcing; prohibits any governmental agency from engaging in the practice of outsourcing jobs; requires consumers be made aware and provide consent if such consumers nonpublic personal information is disclosed to nonaffiliated third parties by any corporation or other business entity; requires ratification by the legislature of procurement contracts between the state, through the governor, and any multinational trade organization or corporation; and defines applicable terms. |
| |
A.B. 2243
Makes provisions for privacy in banking, insurance, and other financial transactions; forbids disclosure of personal information without prior consent granted by the customer to the financial institution; requires written notice of privacy policies and practices be given to customers; requires security and confidentiality safeguards; prohibits disclosure of account number or access code information. |
| |
A.B. 2261
Enacting clause stricken 4/20/07
Provides that any person, firm, partnership, association or corporation that collects, owns, maintains or uses personal information shall disclose a breach of security related to personal information concerning 25 or more residents in the state; provides notification within two business days after learning of the breach; provides methods for notification; provides steps to be taken to destroy or arrange for the destruction of such information; allows for injunctions and civil penalties for violations. |
| |
A.B. 2518
Relates to regulating the use and dissemination of confidential customer information by financial institutions; prohibits the disclosure of financial information without the informed consent of the customer to whom the information relates; establishes the basic privacy rights for financial information; authorizes attorney general enforcement; imposes civil penalties; allows a private cause of action. |
| |
A.B. 3189
Enacting clause stricken 4/20/07
Enacts the Financial Information New York Privacy Act to require that financial institutions obtain consent from consumers prior to disclosing nonpublic personal information; defines terms and sets penalties. |
| |
A.B. 3295
Enacts the Electronic Fund Transfer Privacy Act; provides privacy protection for consumers engaging in electronic fund transfer transactions by limiting disclosure of personal information about any consumer involved in such and limiting the circumstances in which government authority may get such information. |
| |
A.B. 5941
Creates the "Electronic Access to Records Act"; requires all state public records to be accessible on the Internet; prohibits provision of personal identifying information, unless explicitly required by law. |
| |
A.B. 6225
Prohibits commercial entities from disclosing protected personal information on consumers; defines terms; prohibits wrongful disclosure of protected personal information with certain exceptions; provides for civil liability for wrongful disclosure; authorizes the attorney general to bring enforcement action for injunction and penalties; limits time period in which such an action may be brought. |
| |
A.B. 6852
S.B. 4308
Establishes issuers of credit cards and debit cards are prohibited from knowingly accepting or soliciting personal information of a cardholder from a third-party; establishes a civil penalty not to exceed $2,000 for each violation of this section. |
| |
A.B. 7650
S.B. 5267
Provides for the protection of confidential personal information collected and distributed by individual reference services providers or marketing list brokers; establishes exclusion lists, penalties and grounds for civil liability. |
| |
A.B. 8834
S.B. 5688
Provides a comprehensive plan for the protection of confidential personal information; includes definitions, penalties and civil liability. |
| |
S.B. 1005
Restricts the right of certain utility corporations to sell or otherwise distribute information concerning residential customers, subscriber names and addresses subjecting the same to regulations by the public service commission; prohibits such utility from disclosing and marketing certain other information about its customers; permits a violated customer to bring an action against such utility and imposes a fine of not more than $500 for a violation. |
| |
S.B. 1298
Provides privacy protection for voter registration records; prohibits sale or other dissemination of records or information contained in such records if use of such information would promote identity theft, financial fraud or otherwise invade privacy. |
| |
S.B. 1365
Provides that banking institutions in New York state may release customer information in the following manner; (a) to the actual customer or authorized agent, or (b) unless a customer affirmatively and in writing prohibits the release, to a subsidiary or affiliate of the banking institution, or, (c) to any other persons or entities if the customer information intended to be released consists only of customer identification, (e.g. name or address of customer) and/or is recorded in public records; defines the term "customer information" to mean account records and any other information constructed from those records relating to the customer's relationship with the institution. |
| |
S.B. 1802
Creates a nine member privacy task force within the state office for technology to conduct ongoing review of state and local laws, regulations and practices with respect to the compilation, protection and dissemination of "personal information"; provides for composition of the task force and for annual reports to the governor and the legislature. |
| |
S.B. 2332
Requires notice to residents when a computerized database security breach releases personal information. |
| |
S.B. 3388
Makes provisions for privacy in banking, insurance, and other financial transactions; forbids disclosure of personal information without prior consent granted by the customer to the financial institution; requires written notice of privacy policies and practices be given to customers; requires security and confidentiality safeguards; prohibits disclosure of account number or access code information. |
| |
S.B. 4649
Prohibits the disclosure of personal information on consumers by banking organizations to third parties without providing notice in plain language to the consumer in writing or electronic form. |
| Oklahoma |
H.B. 1533
Provides that any contract entered into by the Department of Central Services that involves a customer service call center shall prohibit the sending of any personal information of a person to any location outside the United States without the written consent of the person. |
| |
H.B. 1633
Relates to the disclosure of breach of security of computerized personal information. |
| Oregon |
H.B. 2339
Authorizes state or defendant to obtain financial records in response to subpoena in criminal actions; requires production of financial records directly to court or grand jury; allows production of financial records to grand jury without personal service on customer whose records are sought. |
| |
H.B. 2442
Requires a business that owns, possesses or uses personal information to notify individual when breach of security that may result in misuse of personal information occurs; requires Department of Consumer and Business Services to establish registry of businesses that own, possess or use personal information; requires business that owns, possesses or uses personal information to provide individual, upon request, with copy of personal information about individual maintained by business. |
| Rhode Island |
H.B. 5103
Establishes rules of disclosure of personal information about insurers, by businesses to third-parties, rule s of notification to consumers of breaches in the security protecting consumer identification information as well as civil penalties and damages for violation of the disclosure and notification rules. |
| |
H.B. 5223
Establishes rules of disclosure of personal information about insurers, by businesses to third-parties, rule s of notification to consumers of breaches in the security protecting consumer identification information as well as civil penalties and damages for violation of the disclosure and notification rules. |
| |
S.B. 464
Establishes rules of disclosure of personal information about insurers, by businesses to third-parties, rule s of notification to consumers of breaches in the security protecting consumer identification information as well as civil penalties and damages for violation of the disclosure and notification rules. |
| South Carolina |
H.B. 3035
Enacts the "Identity Theft Protection Act", adds chapter 20 to title 37 providing for protections in connection with consumer credit-reporting agencies and with the use and communication of a consumer's Social Security number, imposition of a security freeze on a consumer's credit report, prescription of measures for disposal of personal identifying information and disclosure of unauthorized access to personal identifying information, and civil damages, including attorney's fees and costs and injunctive relief; redesignates the Family Privacy Protection Act of chapter 2, title 30, as article 1 and adds article 3 providing for protection of personal identifying information privacy in connection with a public body and its use and communication of a resident's Social Security number, prescription for disclosure of Social Security information and identifying information by and to certain public bodies, prohibition of requiring the use of personal identifying information on a mortgage and in preparation of documents for public filing; and procedure for redacting certain personal identifying information from public records; adds §16-13-540 so as to provide for the expunction of the criminal record of a named individual incurred as a result of the unlawful use of his identifying information; adds §16-13-550 so as to provide for reporting of the crime of financial identity fraud to the local law enforcement agency and reference by the local agency to the agency with jurisdiction to investigate and prosecute; amends §16-13-510, as amended, relating to the offense of financial identity fraud, so as to include the use of another's information to obtain anything of value, including credit, to avoid legal consequences, or to obtain employment, and to provide, for exceptions, to further define "identifying information", and to provide for criminal penalties, including restitution; amends §16-13-520, relating to prosecution of the crime of financial identity fraud, so as to further provide for the county in which the crime is considered to have been committed; adds §1-11-490 so as to provide for disclosure by an agency of this state of unauthorized access to the personal identifying information of a resident whose information the agency owns or licenses and to provide for civil damages, attorney's fees, and injunctive relief. |
| |
S.B. 8
Enacts the "Financial Identity Fraud and Identity Theft Protection Act", by adding chapter 20 to title 37 providing for protections in connection with consumer credit-reporting agencies and with the use and communication of a consumer's Social Security number, imposition of a security freeze on a consumer's credit report, prescription of measures for disposal of personal identifying information and disclosure of unauthorized access to personal identifying information, and civil damages, including attorney's fees and costs and injunctive relief; redesignates the Family Privacy Protection Act of chapter 2, title 30, as article 1 and adds article 3 providing for protection of personal identifying information privacy in connection with a public body and its use and communication of a resident's Social Security number, prescription for disclosure of Social Security information and identifying information by and to certain public bodies, prohibition of requiring the use of personal identifying information on a mortgage and in preparation of documents for public filing, and procedure for redacting certain personal identifying information from public records; adds §1-11-490 so as to provide for disclosure by an agency of this state of unauthorized access to or acquisition of the personal identifying information of a resident whose information the agency owns or licenses and to provide for civil damages, attorney's fees, and injunctive relief; adds §16-11-725 so as to make it unlawful to use another person's household garbage for the purpose of committing financial or identity fraud; adds §16-13-512 so as to regulate the use of a cardholder's Social Security number on a credit or debit card receipt; adds §39-1-90 so as to provide for disclosure by a person conducting business in this state of unauthorized access to or acquisition of the personal identifying information of a resident whose information the person owns of licenses and to provide for civil damages, attorney's fees, and injunctive relief; amends §16-13-510, as amended, relating to the offense of financial identity fraud, so as to add the elements of willfulness and knowledge and to include the offense of identity fraud as the use of another's information to avoid legal consequences or to obtain employment and to further define "identifying information"; and repeals §16-13-515, relating to identity fraud. |
| |
S.B. 453
Passed Senate 2/22/07
Enacts the "Financial Identity Fraud and Identity Theft Protection Act", adds chapter 20 to title 37 providing for protections in connection with consumer credit-reporting agencies and with the use and communication of a consumer's Social Security number, imposition of a security freeze on a consumer's credit report, prescription of measures for disposal of personal identifying information and disclosure of unauthorized access to personal identifying information, and civil damages, including attorney's fees and costs and injunctive relief; redesignates the Family Privacy Protection Act of chapter 2, title 30, as article 1 and adds article 3 providing for protection of personal identifying information privacy in connection with a public body and its use and communication of a resident's Social Security number, prescription for disclosure of Social Security information and identifying information by and to certain public bodies, prohibition of requiring the use of personal identifying information on a mortgage and in preparation of documents for public filing, and procedure for redacting certain personal identifying information from public records; adds §1-11-490 so as to provide for disclosure by an agency of this state of unauthorized access to or acquisition of the personal identifying information of a resident whose information the agency owns or licenses and to provide for civil damages, attorney's fees, and injunctive relief; adds §16-11-725 so as to make it unlawful to use another person's household garbage for the purpose of committing financial or identity fraud; adds §16-13-512 so as to regulate the use of a cardholder's Social Security number on a credit or debit card receipt; adds §39-1-90 so as to provide for disclosure by a person conducting business in this state of unauthorized access to or acquisition of the personal identifying information of a resident whose information the person owns of licenses and to provide for civil damages, attorney's fees, and injunctive relief; amends §16-13-510, as amended, relating to the offense of financial identity fraud, so as to add the elements of willfulness and knowledge and to include the offense of identity fraud as the use of another's information to avoid legal consequences or to obtain employment and to further define "identifying information"; and repeals §16-13-515, relating to identity fraud. |
| |
S.B. 584
Passed Senate 5/8/07
Enacts the family court financial privacy act; provides that a financial declaration made a part of the record in a matter before the family court must be sealed. |
| Tennessee |
H.B. 1489
S.B. 2285
Concerns Consumer Protection; renames Tennessee Identity Theft Deterrence Act of 1999 to Tennessee Identification and Personal Information Protection Act of 2007; includes unauthorized transfer of personal information under such act. |
| Texas |
H.B. 59
Concerns management, security and protection of personal information and governmental records; provides a criminal penalty. |
| |
H.B. 87
Relates to acquisition of personal information in a business record through fraudulent means. |
| |
H.B. 885
S.B. 224
Relates to a consumer's option to prevent the sale of the consumer's financial information by a financial institution; provides a civil penalty. |
| |
H.B. 1262
Relates to civil liability for the breach of security of certain computerized data containing sensitive personal information. |
| |
H.B. 3222
Passed House 5/10/07
Relates to a business's duty to protect and safeguard sensitive personal information contained in its customer records. |
| |
S.B. 223
Relates to a loss of computerized data or breach of computer security involving sensitive personal information. |
| Vermont |
H.B. 261
Amends the security breach law so that it applies to all acquisition of or access to personal information. |
| Virginia |
H.B. 2140
Tabled 2/1/07
Requires an individual or a commercial entity that conducts business in Virginia and that owns or licenses computerized data that includes personal information to conduct in good faith a reasonable and prompt investigation when it becomes aware of a breach of the security of the system. If the investigation determines that misuse of information has or is reasonably likely to occur, the individual or commercial entity shall give notice to the Virginia resident as soon as possible. Notification must be made in good faith, in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system. The bill also contains alternative notification provisions. The Office of the Attorney General may bring an action in law or equity to address violations of this section and other appropriate relief. |
| |
H.B. 2600
Tabled 1/25/07
Relates to personal information privacy; relates to protection of disposed records; provides for penalty; requires businesses to take all reasonable measures to protect against unauthorized access to or use of personal information in connection with or after its disposal; refers to reasonable measures that include policies and procedures requiring the burning, pulverizing or shredding of papers containing personal information. |
| |
H.B. 3097
Passed House 2/6/07
Provides an exemption for the name, physical address, telephone number, e-mail address, Social Security number, and bank or other financial account information contained in correspondence to and from an individual and a member of a local governing body, school board or other local public body in which the individual is a resident, unless the correspondence relates to a public matter before such public body. The bill also provides, however, that no record, which is otherwise open to inspection under FOIA, shall be deemed exempt by virtue of the fact that it has been attached to or incorporated within any such correspondence. |
| |
S.B. 1123
Tabled 2/12/07
Provides that the auditor of public accounts shall periodically review the security of any database or information system maintained or operated by any agency or other governmental entity of the Commonwealth that contains personal information regarding any individual to ensure that appropriate measures are in place to prevent unauthorized or unlawful access to this information. On an annual basis, the auditor shall report the results of its review to the General Assembly and make recommendations for new or revised security measures, if needed. |
| Washington |
H.B. 1763
Protects financial information and means of identification stored on portable electronic data storage devices; finds that the storage of large amounts of unencrypted financial information or means of identification on portable electronic data storage devices and the transportation of such devices away from the workplace contribute to identity crimes; reduces the incidence of identity crimes by imposing civil liability in certain cases. |
| |
S.B. 5341
Specifies penalties for harm caused by breaches of security that compromise personal information; provides that a court may award damages up to the actual amount of economic damages or five hundred dollars, whichever is greater; provides a violation constitutes an unfair or deceptive practice in violation of chapter 19.86 RCW. |
| |
S.B. 5515
Declares an intent to limit the amount of information that is made public in property assessments in order to protect property owners from being the victims of crime. Currently, property assessment information has included photographs that have contained pictures of property owners' children, vehicles with license plate numbers, and other related personal information. In order to prevent property owners from being potential victims of crime, this type of information must not be made public. |
| |
S.B. 5869
Passed Senate 3/14/07
Monitors personal information collected by state agencies; provides that personally identifiable information means information that can be associated with a particular individual through one or more identifiers or other information or circumstances. |
| West Virginia |
H.B. 2175
Relates to the unauthorized acquisition of data that compromises the security, confidentiality, or integrity of personal information maintained by the data collector. |
| |
H.B. 2263
Ensures clean credit information and identity theft protection; defines certain terms; provides a security freeze procedure; provides protection for credit header information; establishes a right to file a police report on identity theft; declaration of innocence for crimes committed by identity thieves; consumer credit monitoring; security breaches; protection of Social Security numbers; prohibits credit scoring and insurance scoring for use in insurance decisions; requires adequate destruction of certain personal records; and provides for fines, criminal penalties and civil actions for violations. |
| |
H.B. 2705
Relates generally to consumer credit and identity theft protection; defines certain terms; provides a procedure for consumers to implement a security freeze; provides for notice of consumer rights; provides for protection for consumer credit header information; provides for the right to file a police report in the event of security theft; requires a notice to consumers of information systems breach; provides for factual declaration of innocence after identity theft; protects Social Security numbers; provides for civil penalties for violations; provides for making a violation an unfair or deceptive act or practice; and provides for severability of the provisions of the article under certain circumstances. |
| |
S.B. 57
Relates to establishing annual reporting requirements for regulated consumer lender licensees; ensures access to information needed to conduct examinations; provides safeguards for nonpublic personal information that consumers disclose to licensees; and provides penalties for failure to timely file annual report. |
| Wisconsin |
A.B. 267
Relates to retention of personal identification data by retailers. |
| |
A.B. 502
Passed Assembly 11/6/07
Imposes certain state law restrictions on the dissemination and use of trigger lead information, which restrictions vary depending on whether or not the trigger lead is a consumer report under the FCRA. |
| |
S.B. 275
Imposes certain state law restrictions on the dissemination and use of trigger lead information, which restrictions vary depending on whether or not the trigger lead is a consumer report under the FCRA. |
| Wyoming |
S.F. 65
Died in committee 2/9/07
Relates to consumer protection; provides for notice to consumers affected by breaches of consumer information databases, as specified; authorizes consumers to prohibit release of information maintained by credit rating agencies, as specified; provides definitions; provides exceptions. |
