Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 113th Congress · S. 1995 (Introduced in Senate) — To protect consumers by mitigating the vulnerability of personally identifiable information to theft through a securi... · Sec. 3

Sec. 3. Definitions

1,254 words·~6 min read·/bill/113/s/1995/is/section-3

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this Act, the following definitions shall apply: The term affiliate means persons related by common ownership or by corporate control. The term agency has the meaning given the term in section 551 of title 5, United States Code. The term business entity means any organization, corporation, trust, partnership, sole proprietorship, unincorporated association, or venture established to make a profit, or nonprofit. The term credit rating agency has the meaning given the term in section 3(a)(61) of the Securities Exchange Act of 1934 ( 15 U.S.C. 78c(a)(61) ).
The term credit report means a consumer report, as that term is defined in section 603(d) of the Fair Credit Reporting Act ( 15 U.S.C. 1681a(d) ). The term data broker means a business entity which for monetary fees or dues regularly engages in the practice of collecting, transmitting, or providing access to sensitive personally identifiable information on more than 5,000 individuals who are not the customers or employees of that business entity or affiliate primarily for the purposes of providing such information to nonaffiliated third parties on an interstate basis.
The term designated entity means the Federal Government entity designated under section 217(a). The term encryption — means the protection of data in electronic form, in storage or in transit, using an encryption technology that has been generally accepted by experts in the field of information security that renders such data indecipherable in the absence of associated cryptographic keys necessary to enable decryption of such data; and includes appropriate management and safeguards of such cryptographic keys so as to protect the integrity of the encryption.
The term identity theft means a violation of section 1028(a)(7) of title 18, United States Code. The term intelligence community includes the following: The Office of the Director of National Intelligence. The Central Intelligence Agency. The National Security Agency. The Defense Intelligence Agency. The National Geospatial-Intelligence Agency. The National Reconnaissance Office. Other offices within the Department of Defense for the collection of specialized national intelligence through reconnaissance programs.
The intelligence elements of the Army, the Navy, the Air Force, the Marine Corps, the Federal Bureau of Investigation, and the Department of Energy. The Bureau of Intelligence and Research of the Department of State. The Office of Intelligence and Analysis of the Department of the Treasury. The elements of the Department of Homeland Security concerned with the analysis of intelligence information, including the Office of Intelligence of the Coast Guard. Such other elements of any other department or agency as may be designated by the President, or designated jointly by the Director of National Intelligence and the head of the department or agency concerned, as an element of the intelligence community.
The term predispute arbitration agreement means any agreement to arbitrate a dispute that had not yet arisen at the time of the making of the agreement. The term public record source means the Congress, any agency, any State or local government agency, the government of the District of Columbia and governments of the territories or possessions of the United States, and Federal, State or local courts, courts martial and military commissions, that maintain personally identifiable information in records available to the public.
The term security breach means compromise of the security, confidentiality, or integrity of, or the loss of, computerized data through misrepresentation or actions that result in, or that there is a reasonable basis to conclude has resulted in— the unauthorized acquisition of sensitive personally identifiable information; or access to sensitive personally identifiable information that is for an unauthorized purpose, or in excess of authorization. The term security breach does not include— a good faith acquisition of sensitive personally identifiable information by a business entity or agency, or an employee or agent of a business entity or agency, if the sensitive personally identifiable information is not subject to further unauthorized disclosure; the release of a public record not otherwise subject to confidentiality or nondisclosure requirements or the release of information obtained from a public record; or any lawfully authorized criminal investigation or authorized investigative, protective, or intelligence activities that are carried out by or on behalf of any element of the intelligence community and conducted in accordance with the United States laws, authorities, and regulations governing such intelligence activities.
The term security freeze means a notice, at the request of the consumer and subject to exceptions in section 215(b), that prohibits the consumer reporting agency from releasing all or any part of the consumer’s credit report or any information derived from it without the express authorization of the consumer. The term sensitive personally identifiable information means any information or compilation of information, in electronic or digital form that includes the following: An individual’s first and last name or first initial and last name in combination with any 2 of the following data elements:
Home address. Telephone number of the individual. Mother’s maiden name. Month, day, and year of birth. A non-truncated social security number, driver’s license number, passport number, or alien registration number or other government-issued unique identification number. Information about an individual’s geographic location that is in whole or in part generated by or derived from that individual’s use of a wireless communication device or other electronic device, excluding telephone and instrument numbers and network or Internet Protocol addresses.
Unique biometric data such as a fingerprint, voice print, face print, a retina or iris image, or any other unique physical representation. A unique account identifier, including a financial account number or credit or debit card number, electronic identification number, user name, health insurance policy or subscriber identification number, or routing code. Not less than 2 of the following data elements: An individual’s first and last name or first initial and last name. A unique account identifier, including a financial account number or credit or debit card number, electronic identification number, user name, or routing code.
Any security code, access code, or password, or source code that could be used to generate such codes and passwords. Information regarding an individual’s medical history, mental or physical medical condition, or medical treatment or diagnosis by a health care professional. Any other combination of data elements that could allow unauthorized access to or acquisition of the information described in subparagraph (A), (B), (C), (D), (E), or (F), including— a unique account identifier; an electronic identification number; a user name; a routing code; or any associated security code, access code, or password or any associated security questions and answers that could allow unauthorized access to the account.
The term service provider means a business entity that— provides electronic data transmission, routing, intermediate and transient storage, or connections to the system or network of the business entity; is not the sender or the intended recipient of the data; is not ordinarily expected to select or modify the content of the electronic data; and transmits, routes, stores, or provides connections for personal information in a manner that personal information is undifferentiated from other types of data that such business entity transmits, routes, stores, or provides connections.
Any such business entity shall be treated as a service provider under this Act only to the extent that the business entity is engaged in the provision of the transmission, routing, intermediate and transient storage or connections described in subparagraph (A). The Federal Trade Commission may, by rule promulgated under section 553 of title 5, United States Code, modify the definition of sensitive personally identifiable information in a manner consistent with the purposes of this Act and to the extent that such modification will not unreasonably impede interstate commerce.
Connectionstraces to 2
Citation graph
cites case law
Sec. 3
Definitions
U.S.C.§ 78c
U.S.C.§ 1681a
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.