Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

Code · BILL · 119th Congress · H.R. 8014 (Introduced in House) — To provide for individual rights relating to privacy of personal information, to establish privacy and security requi... · Sec. 201

Sec. 201. Minimization

558 words·~3 min read·/bill/119/hr/8014/ih/section-201·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A covered entity shall have a reasonable, articulated basis for collecting, processing, maintaining, and disclosing of personal information that takes into account the reasonable business needs of the covered entity and minimum amount of personal information necessary for providing the service, balanced with the intrusion on the privacy of, potential privacy harms to, and reasonable expectations of individuals to whom the personal information relates. A covered entity may not collect more personal information than is reasonably needed to provide a product or service that an individual has requested.
A covered entity may not process personal information for a purpose other than the purpose for which such information was originally collected from the individual or in the case of a service provider, a purpose other than that which is in accordance with the directions of a covered entity. A covered entity may not maintain personal information once such information is no longer needed for the purpose for which such information was originally collected from the individual or in the case of a service provider, a purpose other than that which is in accordance with the directions of a covered entity.
A covered entity may not disclose personal information for a purpose other than the purpose for which such information was originally collected from the individual or in the case of a service provider, a purpose other than that which is in accordance with the directions of a covered entity. Notwithstanding subsection (b), a covered entity may collect, process, disclose, or maintain personal information beyond limitations under subsection
(b)only if such covered entity complies with this subsection. A covered entity may collect, process, or maintain personal information without additional notice or consent if the purpose for such collecting, processing, or maintaining is substantially similar to the type of personal information and purpose for which such personal information was originally collected and such ancillary collecting, processing, or maintaining will not result in additional or increased privacy harms. A covered entity shall provide notice of ancillary collecting, processing, maintaining, or disclosing of personal information in the case of one, but not more than one, of the following instances: Such ancillary collecting, processing, maintaining, or disclosing may result in additional or increased privacy harms (but not increased significant privacy harms), and is substantially similar to the purpose for which such personal information was originally collected. Such ancillary collecting, processing, maintaining, or disclosing is not substantially similar to the purpose for which such personal information was originally collected, but will not result in additional or increased privacy harms. Such ancillary collecting, processing, maintaining, or disclosing may result in additional or increased privacy harms (but not increased significant privacy harms), and the purpose is not substantially similar to the purpose for which such personal information was originally collected, so long as the personal information is secured using privacy-preserving computing. For scenarios not covered under paragraph
(1)or (2), and notwithstanding sections 208(b)(2) and (3), a covered entity shall provide notice of and obtain consent for ancillary collecting, processing, maintaining, or disclosing of personal information. In cases in which personal information can be replaced with artificial personal information, personal information that has been de-identified, or the random personal information of one or more individuals without substantially reducing the utility of the data or requiring an unreasonable amount of effort, such a replacement shall take place.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.