Sec. 404. Approved certification programs
556 words·~3 min read·
/bill/116/s/4626/is/section-404A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Commission shall establish a program in which the Commission shall approve voluntary consensus standards or certification programs that covered entities may use to comply with one or more provisions in this Act. A covered entity in compliance with a voluntary consensus standard approved by the Commission shall be deemed to be in compliance with the provisions of this Act. The Commission shall issue a decision regarding the approval of a proposed voluntary consensus standard not later than 180 days after a request for approval is submitted.
A covered entity that claims compliance with an approved voluntary consensus standard and is found not to be in compliance with such program by the Commission or in any judicial proceeding shall be considered to be in violation of the section 5 of the Federal Trade Commission Act ( 15 U.S.C. 45 ) prohibition on unfair or deceptive acts or practices. Not later than 120 days after the date of enactment of this Act, the Commission shall promulgate regulations under section 553 of title 5, United States Code, establishing a process for review of requests for approval of proposed voluntary consensus standards under this section.
To be eligible for approval by the Commission, a voluntary consensus standard shall meet the requirements for voluntary consensus standards set forth in Office of Management and Budget Circular A–119, or other equivalent guidance document, ensuring that they are the result of due process procedures and appropriately balance the interests of all the stakeholders, including individuals, businesses, organizations, and other entities making lawful uses of the covered data covered by the standard, and— specify clear and enforceable requirements for covered entities participating in the program that provide an overall level of data privacy or data security protection that is equivalent to or greater than that provided in the relevant provisions in this Act; require each participating covered entity to post in a prominent place a clear and conspicuous public attestation of compliance and a link to the website described in paragraph (4); include a process for an independent assessment of a participating covered entity’s compliance with the voluntary consensus standard or certification program prior to certification and at reasonable intervals thereafter; create a website describing the voluntary consensus standard or certification program’s goals and requirements, listing participating covered entities, and providing a method for individuals to ask questions and file complaints about the program or any participating covered entity; take meaningful action for non-compliance with the relevant provisions of this Act by any participating covered entity, which shall depend on the severity of the non-compliance and may include— removing the covered entity from the program; referring the covered entity to the Commission or other appropriate Federal or State agencies for enforcement; publicly reporting the disciplinary action taken with respect to the covered entity; providing redress to individuals harmed by the non-compliance; making voluntary payments to the United States Treasury; and taking any other action or actions to ensure the compliance of the covered entity with respect to the relevant provisions of this Act; and issue annual reports to the Commission and to the public detailing the activities of the program and its effectiveness during the preceding year in ensuring compliance with the relevant provisions of this Act by participating covered entities and taking meaningful disciplinary action for non-compliance with such provisions by such entities.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 404
Approved certification programs
Cites 1Cited by 0 across 0 sources