NCISS Legislative Update: Personal Data Privacy and Data Breach Acts

Colleagues,

NCISSLarry Sabbath and I spent this Thursday morning watching the Senate Judiciary Committee discussing two issues of concern to NCISS and the investigative profession. The committee passed S-1490, the “Personal Data Privacy & Security Act of 2009” and S-139, the “Data Breach Notification Act.” These bills require notification of consumers after beaches of personal data, but our concern was possible amendments that would have affected our members and the investigative profession.

Fortunately, the committee did not add any amendments regarding the sale and display of Social Security numbers. Several Republican amendments to narrow the scope of personal data covered under the bill were defeated. S-1490 is sponsored by Senator Pat Leahy (D-VT), the Chairman of the Judiciary Committee.

S-139, by Senator Diane Feinstein (D-CA), also was passed by the Committee and includes requirements to notify consumers when a breach occurs. S-1690 is a more comprehensive bill and is likely to be the primary bill that will be eventually considered on the Senate floor because Senator Leahy Chairs the committee. Chairman Leahy made it clear that there will be additional changes made before the legislation is considered by the whole Senate.

HR 1110, the House Judiciary Committee this week issued its report on the PHONE Act, which bans caller ID spoofing for the purpose of using false caller ID information with the intent wrongfully to obtain anything of value. We are concerned that ANY information acquired by investigators could be considered “anything of value.”

Here is the current wording:

Sec. 1041. Caller ID spoofing
(a) Offense- Whoever, in or affecting interstate or foreign commerce, knowingly uses or provides to another–
(1) false caller ID information with intent wrongfully to obtain anything of value; or
(2) caller ID information pertaining to an actual person or other entity without that person’s or entity’s consent and with intent to deceive any person or other entity about the identity of the caller; or attempts or conspires to do so, shall be punished as provided in subsection (b).
(b) Punishment- Whoever violates subsection (a) shall–
(1) if the offense is a violation of subsection (a)(1), be fined under this title or imprisoned not more than 5 years, or both; and
(2) if the offense is a violation of subsection (a)(2), be fined under this title or imprisoned not more than one year, or both.
(c) Law Enforcement Exception- This section does not prohibit lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a state, or of an intelligence agency of the United States, or any activity authorized under chapter 224 of this title.
(d) Forfeiture-
(1) IN GENERAL- The court, in imposing sentence on a person who is convicted of an offense under this section, shall order that the defendant forfeit to the United States–
(A) any property, real or personal, constituting or traceable to gross proceeds obtained from such offense; and
(B) any equipment, software or other technology used or intended to be used to commit or to facilitate the commission of such offense.

The NCISS Legislative Committee will continue to monitor daily activity in Washington, DC and keep you informed in these and all the other bills that may affect our members and the entire profession. You can find more information about bills we are following at http://www.nciss.org/Tracking/legislative_resources.htm.

Jimmie Mesis, LPI
NCISS Legislative Chairman
National Council of Investigation & Security Services
7501 Sparrows Point Blvd.
Baltimore, Maryland 21219-1927
(800) 445-8408 · Fax: (410) 388-9746
Email: jim@nciss.org


(Permission granted to repost to other email lists or PI association newsletters)