2005 Senate Bill 2118 (Notification of Unauthorized Disclosure of Personal Information)

[Comments on this legislation] [Text and Analysis] [Add to Watch List]
[Previous] [Next]

• Introduced by Sen. David Gaither on April 6, 2005, to require businesses that possess personal data to notify persons whose personal information has been disclosed to unauthorized persons (HF2121 Companion Bill).
  • Referred to the Senate Commerce Committee on April 6, 2005.
  • Motion by Sen. Dean E. Johnson on May 23, 2005, (as HF2121) to lay the bill on the table. The motion passed in the Senate by voice vote on May 23, 2005.
  • Amendment offered by Sen. Dean E. Johnson on May 23, 2005, (as SF2118) to insert the language of SF1307 the first engrossment. As amended, the bill would require businesses to disclose to consumers of a breach in security of personal information in an electronic form. Any person or business that discovers circumstances requiring notification under this bill of more than 100 persons at one time would be required to also notify, within 48 hours, all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis. The amendment passed in the Senate by voice vote on May 23, 2005.
  • Amendment offered by Sen. Satveer S. Chaudhary on May 23, 2005, (as HF2121) to apply the provisions to business and government. Each government and entity that possesses or resells personal information would be required to conduct a comprehensive security assessment of personal information maintained by the government or entity. The amendment passed in the Senate by voice vote on May 23, 2005.
  • Amendment offered by Sen. Linda Scheid on May 23, 2005, (as HF2121) to exempt financial institutions from these provisions. The amendment passed in the Senate by voice vote on May 23, 2005.
• Passed in the Senate (59 to 0) on May 23, 2005, (as HF2121) to require businesses (except financial institutions) and government to disclose to consumers of a breach in security of personal information in an electronic form. Any person or business that discovers circumstances requiring notification under this bill of more than 100 persons at one time would be required to also notify, within 48 hours, all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis. Each government and entity that possesses or resells personal information would be required to conduct a comprehensive security assessment of personal information maintained by the government or entity. [Vote Details and Comments]
• Motion by Sen. Satveer S. Chaudhary on May 23, 2005, (as HF2121) that the Conference Committee report be adopted and that the bill be repassed as amended. As amended, the bill would: 1) require businesses that possess personal data to notify persons whose personal information has been disclosed to unauthorized persons, 2) exempt good faith acquisition of personal information by an employee or agent or business, 3) require the notification of all consumer reporting agencies of the unauthorized disclosure if a person discovers circumstances in which there are more than 500 persons information discovered to have been disclosed at one time, 4) grant the attorney general the right to enforce these provisions, 5) require government entities to conduct a comprehensive security assessment of any personal information maintained. The motion passed in the Senate (65 to 0) on May 23, 2005. [Vote Details and Comments]

Comments

Introduced by Sen. David Gaither on April 6, 2005. Passed in the Senate (59 to 0) on May 23, 2005. New Comment