Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · S. 3456 (Introduced in Senate) — To protect the privacy of consumers. · Sec. 2

Sec. 2. Definitions

1,583 words·~7 min read·/bill/116/s/3456/is/section-2·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this Act: The term biometric information means information, resulting from specific technical processing related to the physical, biological, physiological, genetic, or behavioral characteristics of an individual, that identifies the individual. The term collection means acquiring personal data by any means, including by receiving, purchasing, or leasing the data or by observing or interacting with the individual to whom the data relates. The term Commission means the Federal Trade Commission.
The term covered entity means any entity that— alone, or jointly with others, determines the purpose and means of collecting or processing personal data; and is— a person over which the Commission has authority pursuant to section 5(a)(2) of the Federal Trade Commission Act ( 15 U.S.C. 45(a)(2) ); a common carrier subject to the Communications Act of 1934 ( 47 U.S.C. 151 et seq.) and Acts amendatory thereof and supplementary thereto; or a nonprofit organization, including any organization that is not organized to carry on business for its own profit or that of its members.
An entity shall not be considered to be a covered entity with respect to personal data to the extent that the entity is a service provider with respect to such data. The term de-identify means, with respect to personal data held by a covered entity or service provider, that the covered entity or service provider— alters, anonymizes, or aggregates the data so that there is a reasonable basis for expecting that the data could not be linked (including by the entity or service provider) as a practical matter to a specific individual; publicly commits to refrain from attempting to re-identify the data with a specific individual, and adopts controls to prevent such identification; and causes the data to be covered by a contractual or other legally enforceable prohibition on each entity to which the covered entity or service provider discloses the data from attempting to use the data to identify a specific individual and requires the same of all onward disclosures.
The term delete means to remove or destroy information such that the information is not able to be retrieved in the ordinary course of business. The term individual means a natural person residing in the United States. The term material change means a change to a policy or practice of a covered entity or service provider that— relates to the collection or processing of personal data by the covered entity or service provider; is likely to affect the conduct or decision of a reasonable individual with respect to any personal data of the individual that is subject to such policy or practice; and in the case of a service provider, is made at the direction of the covered entity on whose behalf the service provider is performing a service or function.
The term personal data means information that identifies or is linked or reasonably linkable to a specific individual. For purposes of subparagraph (A), information held by a covered entity or service provider is linked or reasonably linkable to a specific individual if it can be used on its own or in combination with other information held by, or readily accessible to, the covered entity or service provider to identify the individual. A persistent identifier that is used to identify a specific individual over time and across services and platforms, including a customer number held in a cookie, a static Internet Protocol
(IP)address, a processor or device serial number, or another unique device identifier, shall be considered information that is linked or reasonably linkable to the individual for purposes of subparagraph (A). The term personal data does not include— de-identified data; data that has been rendered unreadable or indecipherable; information about employees or employment status collected or used by an employer pursuant to an employer-employee relationship, including information related to prospective employees and relevant application materials; publicly available information; data that has undergone pseu­do­ny­mi­za­tion; or employee data. For purposes of subparagraph (C), the term employee data means information collected by a covered entity or the service provider of a covered entity that is— contact information for an individual or the individual's emergency contact that is collected in the course of the individual’s employment or application for employment (including on a contract or temporary basis) with the covered entity, provided that such information is retained or processed by the covered entity or service provider solely for purposes related to the individual's employment or application for employment with the covered entity; or information about an individual who is an employee or former employee of the covered entity (or a relative of such an individual) that is necessary to administer benefits to which such individual or relative is entitled on the basis of the individual’s employment with the covered entity, provided that such data is retained or processed by the covered entity or service provider solely for the purpose of administering such benefits. The term pseu­do­ny­mi­za­tion means the processing of personal data so that the personal data can no longer be attributed or reasonably linked to a specific individual without the use of additional information, provided that such additional information— is kept separately; and is subject to technical and organizational measures to ensure that the personal data is not attributed to a specific individual. The term privacy officer means an individual designated by a covered entity or service provider under section 7(b)(1) to be the privacy officer of the covered entity. The term processing means any operation or set of operations performed on personal data, including the analysis, organization, structuring, retaining, using, disclosing, transmitting, sharing, transferring, selling, licensing, or otherwise handling of personal data. The term publicly available information means any information that a covered entity or service provider has a reasonable basis to believe is lawfully made available to the general public from— a Federal, State, or local government record; widely distributed media; or a disclosure to the general public that is made voluntarily by an individual, or required to be made by a Federal, State, or local law. For purposes of subparagraph (A), reasonable bases for believing that information is lawfully made available to the general public shall include a written determination by a covered entity or service provider that the information is of a type that is lawfully made available to the general public. The term sensitive personal data means personal data that is— a unique, government-issued identifier, such as a social security number, passport number, driver’s license number, or taxpayer identification number; a user name or email address in combination with a password or security question and answer that would permit access to an online account; biometric information of an individual; the content of a wire communication, oral communication, or electronic communication, as those terms are defined in section 2510 of title 18, United States Code, to which the individual is a party, unless the covered entity is the intended recipient of the communication; information that relates to— the past, present, or future diagnosed physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; a financial account number, debit card number, credit card number, if combined with an access code, password, or credentials that provide access to such an account; the race or ethnicity of the individual; the religious beliefs or affiliation of the individual; the sexual orientation of the individual; the precise geolocation of an individual that is technically derived and that is capable of determining with reasonable specificity the past or present actual physical location of the individual more precisely than a zip code, street, or town or city level; or such other specific categories of personal data as the Commission may define by rule issued in accordance with section 553 of title 5, United States Code, the collection or processing of which could lead to reasonably foreseeable harm to an individual. The term service provider means an entity that collects or processes personal data on behalf of, and at the direction of, a covered entity to which the service provider is unaffiliated, but only— with respect to the personal data collected or processed on the behalf of, and at the direction of, such covered entity; and to the extent that the collection or processing— is on the behalf of, and at the direction of, such covered entity; or is permitted under section 3(c). The term small business means any covered entity or service provider that— for the most recent 6-month period— employs not more than 500 employees; and maintains less than $50,000,000 in average gross receipts for the previous 3 years; and collects or processes on an annual basis— the personal data of fewer than 1,000,000 individuals; or the sensitive personal data of fewer than 100,000 individuals. The term third party means a covered entity that receives third party personal data from an unaffiliated covered entity, but only with respect to such third party personal data. For purposes of subparagraph (A), the term third party personal data means personal data that a covered entity discloses to another unaffiliated covered entity and such disclosure— is not directed by the individual to whom the personal data relates; and is not necessary to complete a transaction or fulfill a request made by the individual to whom such data relates. The term unaffiliated means, with respect to two or more entities, that the entities do not share interrelated operations, common management, centralized control of labor relations, or common ownership or financial control.
Connectionstraces to 2
Citation graph
cites case law
Sec. 2
Definitions
U.S.C.§ 45
U.S.C.§ 151
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.