Specter-Leahy Personal Data Privacy and Security Act 2005 - USA

From The Secure Arc Wiki

Jump to: navigation, search

Specter-Leahy is a legislative bill originally sponsored by United States Senators Arlen Specter and Patrick Leahy. The reference code for this bill is “S.1789” and is entitled, “The Data Privacy and Security Act of 2005.”

The purpose of the Specter-Leahy bill is to:

  • Prevent and mitigate identity theft
  • Ensure privacy and provide notice of security breaches to affected individuals
  • Enhance criminal penalties, law enforcement assistance and other protections against security breaches, fraudulent access and misuse of personally identifiable information

In the face of hackers, identity thieves, rogue employees and other criminals, the United States congress believes this bill is necessary to ensure the right of consumers and identity theft victims to information and assistance that will help them mitigate damages and restore the integrity of their personal information.

Title IV of the Specter-Leahy bill is of particular interest because it introduces two new areas of Due Diligence for organizations that use personal electronic records:

  • Implementation of a data privacy and security program
  • Public notification of security breaches involving personal information

Major publications

The Data Privacy and Security Act of 2005, can be found at the following link.

Compliance

Compliance is required by any business entity engaging in commerce that involves collecting, accessing, transmitting, using, storing or disposing of sensitive personally identifiable information in electronic or digital form on 10,000 or more United States persons.

Penalties for non compliance are as follows; Data privacy and security program

Non-compliance carries a civil fine of $5,000 per violation, per day while the violation persists. There is a daily maximum of $35,000. These fines double if the violation is found to be willful or intentional.

Non-compliance carries a civil fine of $1,000 per day for every affected individual who has not notified in a timely manner. This fee is assessed daily while the violation persists. There is a daily maximum of $50,000. These fines double if the violation is found to be willful or intentional.

In addition, any person or organization that is found to have willfully or intentionally concealed a security breach can be imprisoned for up to 5 years.

Navigation

Personal tools