H.R. 2221: Data Accountability and Trust Act

The House text of the Federal legislation requiring email encryption and data safeguards for businesses and law firms is now out. What kind of teeth does the proposed data and email privacy act have? Here’s your answer:

TREATMENT OF VIOLATIONS OF SECTION 2- For purposes of paragraph (1)(C) with regard to a violation of section 2, the amount determined under this paragraph is the amount calculated by multiplying the number of violations of such section by an amount not greater than $11,000. Each day that a person is not in compliance with the requirements of such section shall be treated as a separate violation. The maximum civil penalty calculated under this clause shall not exceed $5,000,000.

(ii) TREATMENT OF VIOLATIONS OF SECTION 3- For purposes of paragraph (1)(C) with regard to a violation of section 3, the amount determined under this paragraph is the amount calculated by multiplying the number of violations of such section by an amount not greater than $11,000. Each failure to send notification as required under section 3 to a resident of the State shall be treated as a separate violation. The maximum civil penalty calculated under this clause shall not exceed $5,000,000.

That’s teeth!

View full text of bill at: http://www.govtrack.us/congress/billtext.xpd?bill=h111-2221

Details Emerge on Federal Email Privacy Legislation

Catherine McCullough, principal of Meadowbrook Strategic Government Relations, a D.C. lobbying firm, guest-blogs for CommLawBlog.com on the language of two online privacy bills being drafted in the US House. The legislation will affect how online information is emailed, gathered, and stored.

“The first is being written by Rep. Rick Boucher (D-VA-9^th), Chairman of the Energy and Commerce Subcommittee on Communications, Technology and the Internet, one of two House subcommittees with jurisdiction over the issue. Boucher reportedly is working with his Republican counterpart, Cliff Stearns (R-FL-6^th), on language that would . . . prohibit the collection of sensitive personal information unless the consumer expressly agreed to such collection by affirmatively 'opting-in."

Because personal information is often combed from email transfers, McCullough goes onto describe subcommittee focus on email privacy safeguards in a second bill.

"The second bill has been introduced by Rep. Bobby Rush (D-IL-1^st), Chairman of Energy and Commerce’s Subcommittee on Commerce, Trade and Consumer Protection – the other House subcommittee of jurisdiction. Rush’s bill, H.R. 2221, would require the Federal Trade Commission (FTC) to promulgate regulations to secure computerized data containing personal information. (See the subcommittee hearing on the bill here.) It would be no surprise if the two subcommittees’ bills were to be merged into one piece of legislation regulating online privacy.”

Legislative changes in Massachusetts and Nevada may offer a guide to changes at the Federal level. Both states require businesses to encrypt their email. Legislation in those states becomes effective in January of 2010.