Code of Fair Information Practices - Provides that organizations keeping records of personal data, which are not part of an administrative automated personal data system, shall not transfer such data to another organization, without the prior informed consent of the individual to whom the data pertains, if because of such transfer the data will become part of an administrative automated personal data system not subject to these requirements.
Requires any organization maintaining an administrative automated personal data system to: (1) specify penalties for employees who contribute to disciplinary action against individuals who bring to the attention of authorities, the press, or the public, evidence of unfair personal information practice; (2) maintain a complete record of every access to, and use made of, any data in the system, including the identity of those to which access has been given; and (3) maintain data in the system with accuracy, completeness, and timeliness.
Requires organizations maintaining administrative automated data systems to give annual public notice of the existence and character of its system, which shall specify: (1) the categories of data kept; (2) the organization's policies regarding data storage and disposal; (3) uses made of the data; and (4) how persons can be informed if they are the subject of data in the system, how they can gain access to such data, and how they can contest their accuracy.
Requires such organizations to: (1) inform individuals asked to supply data if he is legally required to do so and of consequences of supplying or not supplying the data, and (2) clearly disclose, upon request, to data subjects the data about him, the sources of the data, and the recipients of transfer or report of the data.
Provides that such disclosure requirements shall not apply to data related to international relations, international subversive activities, or active criminal investigations.
Requires such organizations to delete from the system, data that is challenged and cannot be verified by such organizations, and to note on any transfers or reports that the data is challenged.
Provides that organizations keeping records of personal data, not part of an automated data system used for statistical-reporting or research, shall not transfer such data without prior informed consent of the data subject, if the transfer will cause the data to become part of a data system not subject to these regulations.
Requires organizations keeping an automated personal data system used for statistical-reporting or research to: (1) specify penalties for employees who contribute to disciplinary action against individuals who bring to the attention of authorities, the press, or the public evidence of unfair personal information practice; and (2) make no transfer of personal data without specifying requirements for security of the data.
Requires such organizations to: (1) make annual public notice of the nature described earlier in this Act for other organizations; (2) inform individuals asked to supply data of the consequences of supplying or not supplying such data; and (3) assure that no use of the data is outside the stated purposes as understood by the individuals.
Provides for temporary or permanent injunctions to stop acts of unfair personal information practice as described in this Act.
Provides for damages, including liquidated damages of not less than $10,000, punitive damages, and actual damages, for unfair personal information practices.
Provides for a $10,000 fine for Federal employees who permits an unfair personal information practice.
States that this Act shall supersede any State laws in conflict with it, except those State laws that are more stringent.
Requires each Federal agency to promulgate rules to further the purposes of this Act.
Introduced in House
Introduced in House
Referred to House Committee on the Judiciary.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line