Bill: Brownback Amendments to S 2201, the Hollings Privacy Bill, 5/17/02.


Two amendments to the Manager's Amendment to S 2201, the Online Personal Privacy Act 2002. Offered by Sen. Sam Brownback (R-KS). Date: May 16, 2002. Editor's Notes: • The first amendment regarding a small business safe harbor was approved by unanimous consent at the Senate Commerce Committee's mark up session of May 16, 2002. • The second amendment regarding security procedures was rejected on a roll call vote at the mark up session of May 16, 2002. • The manager's amendment, as amended, was approved on a roll call vote on May 16, and ordered to be reported by a roll call vote on May 17. • TLJ converted one PDF copy into HTML, and transcribed from one paper copy. Several features were eliminated during the conversion, including pagination, double spacing, and line numbering.		Sen. Brownback

Small Business Safe Harbor:

Purpose: The Internet is an empowerment tool for small businesses. This amendment seeks to ensure that online privacy requirements do not burden small businesses who do not use PII or sensitive PII they may happen to collect in the course of doing business.

IN THE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION—107TH Cong., 2D Sess.

S. 2201, 107TH Congress, 2D Session

MAY 16, 2002

INTENDED to be proposed by Mr. BROWNBACK to the amendment proposed by Mr. HOLLINGS

Viz:

Amend SEC. 203 to include new subparagraph (A):

(A) SMALL BUSINESS SAFE HARBOR.–This Act does not apply to any entity that—

(1) has annual gross revenue under $1,000,000 (based on the value of such amount in fiscal year 2000, adjusted for current dollars);

(2) has fewer than 25 employees;

(3) collects or uses personally identifiable information from fewer than 1,000 consumers per year for a purpose unrelated to a transaction with the consumer;

(4) does not process personally identifiable information or sensitive personally identifiable information of consumers; and

(5) does not sell or disclose for consideration such information to another person.

Security Procedures:

Purpose: To provide for reasonable network security procedures.

IN THE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION—107TH Cong., 2D Sess.

S. 2201, 107TH Congress, 2D Session

MAY 16, 2002

INTENDED to be proposed by Mr. BROWNBACK to the amendment proposed by Mr. HOLLINGS

Viz:

On page 22, line 6, strike "An" and insert "(a) IN GENERAL.---An".

On page 22, between lines 11 and 12, insert the following:

(b) REASONABLENESS CRITERIA.---Network security procedures shall be deemed reasonable if an internet service provider, online service provider, or operator of a commercial website has adopted, implemented, and regularly reviews compliance with, an internal network security program which includes the following, without regard to whether such procedures have prevented a breach of network security:

(1) Architecture (including network and service configuration and firewalls).

(2) Security services and procedures (including authentication, confidentiality, confidentiality, integrity, authorization, access, auditing, backups).

(3) Security incident handling (including preparations, notification and points of contact, and the identifying, handling, and aftermath of an incident).