Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 113th Congress · S. 1995 (Introduced in Senate) — To protect consumers by mitigating the vulnerability of personally identifiable information to theft through a securi... · Sec. 303

Sec. 303. Privacy impact assessment of government use of commercial information services containing sensitive personally identifiable information

627 words·~3 min read·/bill/113/s/1995/is/section-303·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Section 208(b)(1) of the E-Government Act of 2002 ( 44 U.S.C. 3501 note) is amended in subparagraph (A)— in clause (i), by striking or ; in clause (ii)(II), by striking the period and inserting ; or ; and by adding at the end the following: purchasing or subscribing for a fee to sensitive personally identifiable information from a data broker (as such terms are defined in section 3 of the Personal Data Protection and Breach Accountability Act of 2014 ). . Notwithstanding any other provision of law, beginning 1 year after the date of enactment of this Act, no Federal agency may enter into a contract with a data broker to access for a fee any database consisting primarily of sensitive personally identifiable information concerning United States persons (other than news reporting or telephone directories) unless the head of the agency— completes a privacy impact assessment under section 208 of the E-Government Act of 2002 ( 44 U.S.C. 3501 note), which shall subject to the provision in that Act pertaining to sensitive information, include a description of— such database; the name of the data broker from whom it is obtained; and the amount of the contract for use; adopts regulations that specify— the personnel permitted to access, analyze, or otherwise use such databases; standards governing the access, analysis, or use of such databases; any standards used to ensure that the sensitive personally identifiable information accessed, analyzed, or used is the minimum necessary to accomplish the intended legitimate purpose of the Federal agency; standards limiting the retention and redisclosure of sensitive personally identifiable information obtained from such databases; procedures ensuring that such data meet standards of accuracy, relevance, completeness, and timeliness; the auditing and security measures to protect against unauthorized access, analysis, use, or modification of data in such databases; applicable mechanisms by which individuals may secure timely redress for any adverse consequences wrongly incurred due to the access, analysis, or use of such databases; mechanisms, if any, for the enforcement and independent oversight of existing or planned procedures, policies, or guidelines; and an outline of enforcement mechanisms for accountability to protect individuals and the public against unlawful or illegitimate access or use of databases; and incorporates into the contract or other agreement totaling more than $500,000, provisions— providing for penalties— for failure to comply with title II of this Act; or if the entity knows or has reason to know that the sensitive personally identifiable information being provided to the Federal department or agency is inaccurate, and provides such inaccurate information; and requiring a data broker that engages service providers not subject to subtitle A of title II of this Act for responsibilities related to sensitive personally identifiable information to— exercise appropriate due diligence in selecting those service providers for responsibilities related to sensitive personally identifiable information; take reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the security, privacy, and integrity of the sensitive personally identifiable information at issue; and require such service providers, by contract, to implement and maintain appropriate measures designed to meet the objectives and requirements in title II of this Act.
The penalties under subsection (b)(3)(A) shall not apply to a data broker providing information that is accurately and completely recorded from a public record source. Not later than 180 days after the date of enactment of this Act, the Comptroller General of the United States shall conduct a study and audit and prepare a report on Federal agency actions to address the recommendations in the Government Accountability Office's April 2006 report on agency adherence to key privacy principles in using data brokers or commercial databases containing sensitive personally identifiable information.
A copy of the report required under paragraph
(1)shall be submitted to Congress.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 303
Privacy impact assessment of government use of commercial information services containing sensitive personally identifiable information
U.S.C.§ 3501
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.