From electronic surveillance to healthcare privacy to drones, Congress is planning to consider a wide range of privacy legislation this year. The Edward Snowden leaks about the National Security Agency and the recent data breaches at retailers are likely to keep privacy and data security on the top of many lawmakers’ agendas. After the jump is a summary of twenty pending privacy-related bills to keep an eye on during the remainder of the 113th Congress.
- Personal Data Privacy and Security Act of 2014 (S. 1897, Leahy) Expands civil and criminal penalties for data breaches and the misuse of personal information. Other members of Congress have introduced similar legislation, and more bills are expected in the wake of the retail data breaches. Status: Read twice and referred to the Committee on the Judiciary.
- FISA Accountability and Privacy Protection Act of 2013 (S.1215, Leahy) Amends numerous provisions of the Foreign Intelligence Surveillance Act. One of many bills introduced in the Senate and House to reform FISA. Status: Read twice and referred to the Committee on the Judiciary.
- Electronic Communications Privacy Act Amendments Act of 2013 (S.607, Leahy) Makes numerous amendments to ECPA, including eliminating the different warrant requirements that depend on whether communications were stored for fewer than, or more than, 180 days. Status: Reported by Committee, awaiting full Senate vote.
- Restore Our Privacy Act (S.1168, Sanders) Makes numerous changes to the Foreign Intelligence Surveillance Act, including requiring Director of the Federal Bureau of Investigation (FBI) to apply for an order requiring the production of any tangible things only: (1) for an investigation to obtain foreign intelligence information not concerning a U.S. person; or (2) for an investigation concerning international terrorism. Status: Read twice and referred to the Committee on the Judiciary.
- Do Not Track Online Act of 2013 (S.418, Rockefeller) Would require the Federal Trade Commission to create rules for the implementation of a mechanism that would enable an individual to “simply and easily indicate whether [the] individual prefers to have personal information collected by providers of online services” — in other words, a “Do Not Track” mechanism. Status: Read twice and referred to the Committee on Commerce, Science, and Transportation.
- Healthcare Privacy and Anti-Fraud Act (S.1666, Rubio) Amends the Affordable Care Act to require privacy protections and training for safeguarding patient data. One of many bills introduced in the Senate and House to address privacy of information under the new healthcare law. Status: Read twice and referred to the Committee on Health, Education, Labor, and Pensions.
- Drone Aircraft Privacy and Transparency Act of 2013 (S.1639, Markey) Amends the FAA Modernization and Reform Act of 2012 to provide guidance and limitations regarding the integration of drones into U.S. airspace. Similar bills have been introduced in the House. Status: Read twice and referred to the Committee on Commerce, Science, and Transportation
- Password Protection Act of 2013 (S.1426, Blumenthal): Fines employers for requiring employees to provide the employers with their personal email or social media passwords. Similar legislation has been introduced in the House, and most states have either considered or enacted similar laws, of varying scope. Status: Read twice and referred to the Committee on Health, Education, Labor, and Pensions.
- Cyber Intelligence Sharing and Protection Act (H.R. 624, Rogers) Directs the federal government to conduct cybersecurity activities to provide shared situational awareness enabling integrated operational actions to protect, prevent, mitigate, respond to, and recover from cyber incidents. Status: Passed House, received in Senate and referred to Intelligence Committee.
- Aaron’s Law Act of 2013 (H.R. 2454, Lofgren) Amends provisions of the Computer Fraud and Abuse Act (CFAA) prohibiting computer fraud to replace the phrase “exceeds authorized access” with “access without authorization,” which is defined as obtaining information on a protected computer that the accesser lacks authorization to obtain by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information; amends CFAA’s criminal provisions. Status: Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations.
- Email Privacy Act (H.R. 1852, Yoder) Amends ECPA to prohibit a provider of remote computing service or electronic communication service to the public from knowingly divulging to any governmental entity the contents of any communication. Status: Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations
- We Are Watching You Act of 2013 (H.R. 2356, Capuano) Prohibits an operator of a video service from collecting visual or auditory information from the vicinity of the video programming device unless the operator displays a message that reads “We are watching you” and describes how the information will be collected and used. Status: Referred to the Subcommittee on Commerce, Manufacturing, and Trade.
- APPS Act of 2013 (H.R. 1913, Johnson) Requires mobile apps to display privacy notices and obtain user consent before collecting personal data. Status: Referred to the Subcommittee on Commerce, Manufacturing, and Trade.
- Protecting the Privacy of Social Security Numbers Act of 2013 (H.R. 2104, Frelinghuysen) Amends the federal criminal code to prohibit the display, sale, or purchase of Social Security numbers without the affirmatively expressed consent of the individual, except in specified circumstances. Status: Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations
- Do Not Track Kids Act of 2013 (H.R. 3481, Barton) Amends the Children’s Online Privacy Protection Act of 1998 to apply the prohibitions against collecting personal information from children to online applications and mobile applications directed to children. Establishes additional privacy protections against the collection of personal or geolocation information from children and minors. Status: Referred to the Subcommittee on Communications and Technology.
- Privacy Advocate General Act of 2013 (H.R.2849, Lynch) Amends the Foreign Intelligence Surveillance Act of 1978 to establish as an independent office in the executive branch the Office of the Privacy Advocate General, to be headed by the Privacy Advocate General who shall be appointed jointly by the Chief Justice of the United States and the senior Associate Justice for a seven-year term. Status: Referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations.
- Cyber Privacy Fortification Act of 2013 (H.R.1221, Conyers) Establishes criminal penalties for intentional failures to provide required notices of a security breach involving sensitive personally identifiable information. Status: Referred to the Subcommittee on Crime, Terrorism, Homeland Security, And Investigations.
- FACE Act of 2013 (H.R. 2645, Duncan). Prohibits social media service providers from intentionally or knowingly using for a commercial purpose a self-image uploaded by a minor. Status: Referred to the Subcommittee on Commerce, Manufacturing, and Trade.
- GPS Act (H.R. 1312, Chaffetz) Establishes criminal penalties for the intentional interception of geolocation information. Status: Referred to the Subcommittee on Crime, Terrorism, Homeland Security, And Investigations.
- Mobile Device Tracking Bill (H.R. 210, Serrano) Requires a retailer that uses mobile device tracking technology to display in a prominent location a notice that such technology is in use and that individuals can avoid being tracked by turning off their mobile devices. Status: Referred to the Subcommittee on Commerce, Manufacturing, and Trade