Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 1494 (Introduced in Senate) — To protect the privacy of consumers. · Sec. 7

Sec. 7. Accountability

815 words·~4 min read·/bill/117/s/1494/is/section-7

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this section, the term applicable entity means a covered entity or service provider that, on an annual basis, conducts collection and processing of— the personal data of more than 20,000,000 individuals; or the sensitive personal data of more than 1,000,000 individuals. Each applicable entity shall— designate an employee of the applicable entity, or an individual who is a contractor of the applicable entity, to be the privacy officer responsible for overseeing its policies and practices relating to the collection and processing of personal data; and ensure that the privacy officer is involved in all issues relating to the privacy and security of personal data.
The privacy officer may perform other tasks and duties for the applicable entity, but only to the extent that the applicable entity ensures that the performance of those other tasks or duties does not present a conflict of interest with respect to the duties and responsibilities of the privacy officer role. The privacy officer shall— inform and advise the applicable entity of the obligations of the applicable entity under this Act; monitor compliance by the applicable entity with this Act; oversee— in the case of an applicable entity that is a covered entity, each privacy impact assessment carried out under subsection (c); and the comprehensive privacy program implemented under subsection (d); and act as a contact for the Commission, other Federal, State, and local authorities, and the applicable entity with respect to matters relating to the privacy and security of personal data.
If an applicable entity that is a covered entity intends to begin a new collection or processing activity or to make a material change in its processing of sensitive personal data, the applicable entity shall, before beginning the new processing activity or making the material change, consider the privacy implications, if any of the change. An applicable entity that is a covered entity shall ensure, in considering the privacy implications of a material change as required under paragraph (1), that the consideration is reasonable and appropriate with respect to the sensitive personal data that will be affected by the new processing activity or the material change in processing by considering— the nature and volume of the sensitive personal data; and the potential for the new processing activity or the material change to be a proximate cause of harm to individuals to whom the sensitive personal data pertains.
The privacy officer shall be required to approve the findings of a privacy impact assessment carried out under paragraph
(1)before a applicable entity that is a covered entity may begin the new processing activity or make the material change that is the subject of the privacy impact assessment. An applicable entity that is a covered entity shall document and maintain in written form any privacy impact assessment carried out under paragraph
(1)if the new processing activity or material change that is the subject of the privacy impact assessment involves sensitive personal data. Each applicable entity shall implement a comprehensive privacy program to safeguard the privacy and security of personal data collected or processed by the applicable entity for the life cycle of development and operational practices of its products or services, including by— enhancing the privacy and security of personal data collected or processed by the applicable entity through appropriate technical or operational safeguards, such as encryption, de-identification, and other privacy enhancing technologies; verifying that the applicable entity's practices relating to the collection and processing of personal data are consistent with— the entity's policies and documentation of such policies; in the case of an applicable entity that is a covered entity, representations the entity makes to individuals; and in the case of an applicable entity that is a service provider, representations the entity makes to covered entities to which the entity provides services; and ensuring that the privacy controls of the applicable entity are adequately accessible to, and effective at safeguarding the expressed preferences of— in the case of an applicable entity that is a covered entity, each individual whose personal data is collected or processed by the covered entity (excluding any personal data with respect to which the covered entity is a third party); and in the case of an applicable entity that is a service provider, each covered entity to which the entity provides services. In implementing a comprehensive privacy program under paragraph (1), each applicable entity shall— take into consideration, as applicable given the entity's role as a covered entity or service provider— the relevant risks to the privacy and security of personal data against which the applicable entity must guard in meeting the expectations of individuals; the requirements under this Act; the size and complexity of the applicable entity; and the sensitivity and volume of the personal data that the applicable entity processes; and address the findings and implement the recommendations contained in privacy impact assessments that the applicable entity carries out under subsection (c).
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.