[House Report 106-919]
[From the U.S. Government Publishing Office]
106th Congress Report
HOUSE OF REPRESENTATIVES
2d Session 106-919
======================================================================
PRIVACY COMMISSION ACT
_______
September 29, 2000.--Committed to the Committee of the Whole House on
the State of the Union and ordered to be printed
_______
Mr. Burton of Indiana, from the Committee on Government Reform,
submitted the following
R E P O R T
together with
MINORITY VIEWS
[To accompany H.R. 4049]
[Including cost estimate of the Congressional Budget Office]
The Committee on Government Reform, to whom was referred the
bill (H.R. 4049) to establish the Commission for the
Comprehensive Study of Privacy Protection, having considered
the same, report favorably thereon with an amendment and
recommend that the bill as amended do pass.
CONTENTS
Page
I. Summary of Legislation...........................................6
II. Background and Need for the Legislation..........................6
III. Legislative Hearings and Committee Actions.......................7
IV. Explanation of the Bill..........................................8
V. Committee Oversight Findings....................................14
VI. Budget Analysis and Projections.................................14
VII. Cost Estimate of the Congressional Budget Office................15
VIII.Statement of Constitutional Authority...........................16
IX. Committee Recommendation........................................16
X. Congressional Accountability Act; P.L. 104-1....................16
XI. Unfunded Mandates Reform Act; P.L. 104-4, Section 423...........16
XII. Federal Advisory Committee Act (5 U.S.C. App.) Section 5(b).....16
XIII.Changes in Existing Law.........................................16
The amendment is as follows:
Strike out all after the enacting clause and insert in lieu
thereof the following:
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Privacy Commission Act''.
SEC. 2. FINDINGS.
The Congress finds the following:
(1) Americans are increasingly concerned about their civil
liberties and the security and use of their personal
information, including medical records, educational records,
library records, magazine subscription records, records of
purchases of goods and other payments, and driver's license
numbers.
(2) Commercial entities are increasingly aware that consumers
expect them to adopt privacy policies and take all appropriate
steps to protect the personal information of consumers.
(3) There is a growing concern about the confidentiality of
medical records, because there are inadequate Federal
guidelines and a patchwork of confusing State and local rules
regarding privacy protection for individually identifiable
patient information.
(4) In light of recent changes in financial services laws
allowing for increased sharing of information between
traditional financial institutions and insurance entities, a
coordinated and comprehensive review is necessary regarding the
protections of personal data compiled by the health care,
insurance, and financial services industries.
(5) The use of Social Security numbers has expanded beyond
the uses originally intended.
(6) Use of the Internet has increased at astounding rates,
with approximately 5 million current Internet sites and 64
million regular Internet users each month in the United States
alone.
(7) Financial transactions over the Internet have increased
at an astounding rate, with 17 million American households
spending $20 billion shopping on the Internet last year.
(8) Use of the Internet as a medium for commercial activities
will continue to grow, and it is estimated that by the end of
2000, 56 percent of the companies in the United States will
sell their products on the Internet.
(9) There have been reports of surreptitious collection of
consumer data by Internet marketers and questionable
distribution of personal information by on-line companies.
(10) In 1999, the Federal Trade Commission found that 87
percent of Internet sites provided some form of privacy notice,
which represented an increase from 15 percent in 1998.
(11) The United States is the leading economic and social
force in the global information economy, largely because of a
favorable regulatory climate and the free flow of information.
It is important for the United States to continue that
leadership. As nations and governing bodies around the world
begin to establish privacy standards, these standards will
directly affect the United States.
(12) The shift from an industry-focused economy to an
information-focused economy calls for a reassessment of the
most effective way to balance personal privacy and information
use, keeping in mind the potential for unintended effects on
technology development, innovation, the marketplace, and
privacy needs.
(13) This Act shall not be construed to prohibit the
enactment of legislation on privacy issues by the Congress
during the existence of the Commission. It is the
responsibility of the Congress to act to protect the privacy of
individuals, including individuals' medical and financial
information. Various committees of the Congress are currently
reviewing legislation in the area of medical and financial
privacy. Further study by the Commission established by this
Act should not be considered a prerequisite for further
consideration or enactment of financial or medical privacy
legislation by the Congress.
SEC. 3. ESTABLISHMENT.
There is established a commission to be known as the ``Commission for
the Comprehensive Study of Privacy Protection'' (in this Act referred
to as the ``Commission'').
SEC. 4. DUTIES OF COMMISSION.
(a) Study.--The Commission shall conduct a study of issues relating
to protection of individual privacy and the appropriate balance to be
achieved between protecting individual privacy and allowing appropriate
uses of information, including the following:
(1) The monitoring, collection, and distribution of personal
information by Federal, State, and local governments, including
personal information collected for a decennial census, and such
personal information as a driver's license number.
(2) Current efforts to address the monitoring, collection,
and distribution of personal information by Federal and State
governments, individuals, or entities, including--
(A) existing statutes and regulations relating to the
protection of individual privacy, such as section 552a
of title 5, United States Code (commonly referred to as
the Privacy Act of 1974) and section 552 of title 5,
United States Code (commonly referred to as the Freedom
of Information Act);
(B) legislation pending before the Congress;
(C) privacy protection efforts undertaken by the
Federal Government, State governments, foreign
governments, and international governing bodies;
(D) privacy protection efforts undertaken by the
private sector; and
(E) self-regulatory efforts initiated by the private
sector to respond to privacy issues.
(3) The monitoring, collection, and distribution of personal
information by individuals or entities, including access to and
use of medical records, financial records (including credit
cards, automated teller machine cards, bank accounts, and
Internet transactions), personal information provided to on-
line sites accessible through the Internet, Social Security
numbers, insurance records, education records, and driver's
license numbers.
(4) Employer practices and policies with respect to the
financial and health information of employees, including--
(A) whether employers use or disclose employee
financial or health information for marketing,
employment, or insurance underwriting purposes;
(B) what restrictions employers place on disclosure
or use of employee financial or health information;
(C) employee rights to access, copy, and amend their
own health records and financial information;
(D) what type of notice employers provide to
employees regarding employer practices with respect to
employee financial and health information; and
(E) practices of employer medical departments with
respect to disclosing employee health information to
administrative or other personnel of the employer.
(5) The extent to which individuals in the United States can
obtain redress for privacy violations.
(6) The extent to which older individuals and disabled
individuals are subject to exploitation involving the
disclosure or use of their financial information.
(b) Field Hearings.--
(1) In general.--The Commission shall conduct at least 2
field hearings in each of the 5 geographical regions of the
United States.
(2) Boundaries.--For purposes of this subsection, the
Commission may determine the boundaries of the five
geographical regions of the United States.
(c) Report.--
(1) In general.--Not later than 18 months after appointment
of all members of the Commission--
(A) a majority of the members of the Commission shall
approve a report; and
(B) the Commission shall submit the approved report
to the Congress and the President.
(2) Contents.--The report shall include a detailed statement
of findings, conclusions, and recommendations, including the
following:
(A) Findings on potential threats posed to individual
privacy.
(B) Analysis of purposes for which sharing of
information is appropriate and beneficial to consumers.
(C) Analysis of the effectiveness of existing
statutes, regulations, private sector self-regulatory
efforts, technology advances, and market forces in
protecting individual privacy.
(D) Recommendations on whether additional legislation
is necessary, and if so, specific suggestions on
proposals to reform or augment current laws and
regulations relating to individual privacy.
(E) Analysis of purposes for which additional
regulations may impose undue costs or burdens, or cause
unintended consequences in other policy areas, such as
security, law enforcement, medical research, or
critical infrastructure protection.
(F) Cost analysis of legislative or regulatory
changes proposed in the report.
(G) Recommendations on non-legislative solutions to
individual privacy concerns, including education,
market-based measures, industry best practices, and new
technology.
(H) Review of the effectiveness and utility of third-
party verification of privacy statements, including
specifically with respect to existing private sector
self-regulatory efforts.
(d) Additional Report.--Together with the report under subsection
(c), the Commission shall submit to the Congress and the President any
additional report of dissenting opinions or minority views by a member
of the Commission.
(e) Interim Report.--The Commission may submit to the Congress and
the President an interim report approved by a majority of the members
of the Commission.
SEC. 5. MEMBERSHIP.
(a) Number and Appointment.--The Commission shall be composed of 17
members appointed as follows:
(1) 4 members appointed by the President.
(2) 4 members appointed by the majority leader of the Senate.
(3) 2 members appointed by the minority leader of the Senate.
(4) 4 members appointed by the Speaker of the House of
Representatives.
(5) 2 members appointed by the minority leader of the House
of Representatives.
(6) 1 member, who shall serve as Chairperson of the
Commission, appointed jointly by the President, the majority
leader of the Senate, and the Speaker of the House of
Representatives.
(b) Diversity of Views.--The appointing authorities under subsection
(a) shall seek to ensure that the membership of the Commission has a
diversity of views and experiences on the issues to be studied by the
Commission, such as views and experiences of Federal, State, and local
governments, the media, the academic community, consumer groups, public
policy groups and other advocacy organizations, business and industry
(including small business), the medical community, civil liberties
experts, and the financial services industry.
(c) Date of Appointment.--The appointment of the members of the
Commission shall be made not later than 30 days after the date of the
enactment of this Act.
(d) Terms.--Each member of the Commission shall be appointed for the
life of the Commission.
(e) Vacancies.--A vacancy in the Commission shall be filled in the
same manner in which the original appointment was made.
(f) Compensation; Travel Expenses.--Members of the Commission shall
serve without pay, but shall receive travel expenses, including per
diem in lieu of subsistence, in accordance with sections 5702 and 5703
of title 5, United States Code.
(g) Quorum.--A majority of the members of the Commission shall
constitute a quorum, but a lesser number may hold hearings.
(h) Meetings.--
(1) In general.--The Commission shall meet at the call of the
Chairperson or a majority of its members.
(2) Initial meeting.--Not later than 45 days after the date
of the enactment of this Act, the Commission shall hold its
initial meeting.
SEC. 6. DIRECTOR; STAFF; EXPERTS AND CONSULTANTS.
(a) Director.--
(1) In general.--On or after October 1, 2000, the Commission
shall appoint a Director without regard to the provisions of
title 5, United States Code, governing appointments to the
competitive service.
(2) Pay.--The Director shall be paid at the rate payable for
level III of the Executive Schedule established under section
5314 of such title.
(b) Staff.--The Director may appoint staff as the Director determines
appropriate.
(c) Applicability of Certain Civil Service Laws.--
(1) In general.--The staff of the Commission shall be
appointed without regard to the provisions of title 5, United
States Code, governing appointments in the competitive service.
(2) Pay.--The staff of the Commission shall be paid in
accordance with the provisions of chapter 51 and subchapter III
of chapter 53 of that title relating to classification and
General Schedule pay rates, but at rates not in excess of the
maximum rate for grade GS-15 of the General Schedule under
section 5332 of that title.
(d) Experts and Consultants.--The Director may procure temporary and
intermittent services under section 3109(b) of title 5, United States
Code.
(e) Staff of Federal Agencies.--
(1) In general.--Upon request of the Director, the head of
any Federal department or agency may detail, on a reimbursable
basis, any of the personnel of that department or agency to the
Commission to assist it in carrying out this Act.
(2) Notification.--Before making a request under this
subsection, the Director shall give notice of the request to
each member of the Commission.
SEC. 7. POWERS OF COMMISSION.
(a) Hearings and Sessions.--The Commission may, for the purpose of
carrying out this Act, hold hearings, sit and act at times and places,
take testimony, and receiveevidence as the Commission considers
appropriate. The Commission may administer oaths or affirmations to
witnesses appearing before it.
(b) Powers of Members and Agents.--Any member or agent of the
Commission may, if authorized by the Commission, take any action which
the Commission is authorized to take by this section.
(c) Obtaining Official Information.--
(1) In general.--Except as provided in paragraph (2), if the
Chairperson of the Commission submits a request to a Federal
department or agency for information necessary to enable the
Commission to carry out this Act, the head of that department
or agency shall furnish that information to the Commission.
(2) Exception for national security.--If the head of that
department or agency determines that it is necessary to guard
that information from disclosure to protect the national
security interests of the United States, the head shall not
furnish that information to the Commission.
(d) Mails.--The Commission may use the United States mails in the
same manner and under the same conditions as other departments and
agencies of the United States.
(e) Administrative Support Services.--Upon the request of the
Director, the Administrator of General Services shall provide to the
Commission, on a reimbursable basis, the administrative support
services necessary for the Commission to carry out this Act.
(f) Gifts and Donations.--The Commission may accept, use, and dispose
of gifts or donations of services or property to carry out this Act,
but only to the extent or in the amounts provided in advance in
appropriation Acts.
(g) Contracts.--The Commission may contract with and compensate
persons and government agencies for supplies and services, without
regard to section 3709 of the Revised Statutes (41 U.S.C. 5).
(h) Subpoena Power.--
(1) In general.--The Commission may issue subpoenas requiring
the attendance and testimony of witnesses and the production of
any evidence relating to any matter that the Commission is
empowered to investigate by section 4. The attendance of
witnesses and the production of evidence may be required by
such subpoena from any place within the United States and at
any specified place of hearing within the United States.
(2) Failure to obey a subpoena.--If a person refuses to obey
a subpoena issued under paragraph (1), the Commission may apply
to a United States district court for an order requiring that
person to appear before the Commission to give testimony,
produce evidence, or both, relating to the matter under
investigation. The application may be made within the judicial
district where the hearing is conducted or where that person is
found, resides, or transacts business. Any failure to obey the
order of the court may be punished by the court as civil
contempt.
(3) Service of subpoenas.--The subpoenas of the Commission
shall be served in the manner provided for subpoenas issued by
a United States district court under the Federal Rules of Civil
Procedure for the United States district courts.
(4) Service of process.--All process of any court to which
application is made under paragraph (2) may be served in the
judicial district in which the person required to be served
resides or may be found.
SEC. 8. TERMINATION.
The Commission shall terminate 30 days after submitting a report
under section 4(c).
SEC. 9. AUTHORIZATION OF APPROPRIATIONS.
(a) In General.--There are authorized to be appropriated to the
Commission $5,000,000 to carry out this Act.
(b) Availability.--Any sums appropriated pursuant to the
authorization in subsection (a) shall remain available until expended.
SEC. 10. BUDGET ACT COMPLIANCE.
Any new contract authority authorized by this Act shall be effective
only to the extent or in the amounts provided in advance in
appropriation Acts.
SEC. 11. PRIVACY PROTECTIONS.
(a) Destruction or Return of Information Required.--Upon the
conclusion of the matter or need for which individually identifiable
information was disclosed to the Commission, the Commission shall
either destroy the individually identifiable information or return it
to the person or entity from which it was obtained, unless the
individual that is the subject of the individually identifiable
information has authorized its disclosure.
(b) Disclosure of Information Prohibited.--The Commission--
(1) shall protect individually identifiable information from
improper use; and
(2) may not disclose such information to any person,
including the Congress or the President, unless the individual
that is the subject of the information has authorized such a
disclosure.
(c) Proprietary Business Information and Financial Information.--The
Commission shall protect from improper use, and may not disclose to any
person, proprietary business information and proprietary financial
information that may be viewed or obtained by the Commission in the
course of carrying out its duties under this Act.
(d) Individually Identifiable Information Defined.--For the purposes
of this Act, the term ``individually identifiable information'' means
any information, whether oral or recorded in any form or medium, that
identifies an individual, or with respect to which there is a
reasonable basis to believe that the information can be used to
identify an individual.
I. Summary of Legislation
H.R. 4049, the ``Privacy Commission Act,'' establishes a
17-member commission to study issues relating to the protection
of individual privacy and the appropriate balance to be
achieved between protecting such privacy and allowing
appropriate uses of information. The Commission also will make
recommendations to Congress.
II. Background and Need for the Legislation
Americans are increasingly concerned that their personal
information is no longer confidential. Recent public opinion
polls have found that the threat of the loss of personal
privacy is one of the leading issues concerning Americans
today.
Although personal privacy has been a concern of Americans,
recent developments in information technology and changes in
existing law have heightened attention to privacy issues.
Increased access to the Internet now allows millions of
Americans to access computer networks each month. Internet
financial transactions have grown at an astounding rate. In the
year 2000, an estimated 17 million U.S. households will spend
approximately $30 billion shopping on-line. This number is
expected to grow with predictions that 42 million households
will purchase over $64 billion worth of on-line goods and
services by the end of 2001.\1\ Commercial use of the Internet
will continue to grow, with predictions that 56 percent of U.S.
companies will sell their products on-line by the end of the
year 2000.
---------------------------------------------------------------------------
\1\ ``The Whole View'' by Forrester Research, Inc., Cambridge,
Mass., September 19, 2000.
---------------------------------------------------------------------------
In addition to the resultant flow of information allowed by
the Internet, changes in financial laws and changes in medical
records policy, a number of traditional barriers protecting
individual privacy have been eliminated. Advances in genetic
testing and the sharing of medical records among insurance
entities, pharmaceutical companies, and other health-related
entities alarm many American who are concerned that their
medical history could become available to inappropriate
individuals.
Along with consumers, local, State, and Federal lawmakers
have increasingly become concerned about privacy issues leading
to a rapid increase in the number of privacy-related
legislative proposals. Yet few of these bills have been
enacted, largely because of the issues' complexity and the lack
of consensus on an appropriate approach to resolve the
problems. Of the laws that have been enacted, several resulted
in unintended consequences, and at least one has been repealed.
H.R. 4049 would establish a commission to examine privacy
issues at all levels of government and make recommendations to
Congress regarding needed legislative initiatives to protect
personally identifiable information.\2\ This Commission will
have the authority to examine privacy from a broad perspective
in contrast to previous approaches, which have examined privacy
from a narrower spectrum.
---------------------------------------------------------------------------
\2\ As defined by the bill, ``individually identifiable
information'' is any information, whether verbal or recorded in any
form or medium, that identifies an individual, for which there is a
reasonable basis to believe could be used to identify an individual.
---------------------------------------------------------------------------
This legislation is the first congressional effort in more
than 25 years to address privacy issues via a commission. H.R.
4049 will build upon the work of the 1974 Privacy Commission by
venturing into new areas of privacy concerns, such as the
Internet.\3\ As the 1974 Commission helped set parameters for
the privacy debate of the last 25 years, H.R. 4049 will assist
in establishing principles that will serve as a guide
throughout the beginning of the 21st century.
---------------------------------------------------------------------------
\3\ Legislative Hearing to Establish the Commission for the
Comprehensive Study of Privacy Protection, 106th Congress, 2nd session
(2000) Statement of Sandra Parker, Director of Government Affairs and
Health Policy, Maine Hospital Association. (Transcript not printed at
the time of this report's publication.)
---------------------------------------------------------------------------
III. Legislative Hearings and Committee Actions
H.R. 4049 was introduced on March 21, 2000, by the Rep. Asa
Hutchinson (R-AR) and the Rep. Jim Moran (D-VA). Original co-
sponsors include Rep. Kay Granger (R-TX), Rep. Kevin Brady (R-
TX), Rep. Jim Davis (D-FL), Rep. Deborah Pryce (R-OH), Rep.
John Sununu (R-NH), Rep. Thomas Barrett (D-WI), Rep. Tom Coburn
(R-OK), Rep. Jay Dickey (R-AR), Rep. Gerald Kleczka (D-WI),
Rep. Joseph Pitts (R-PA), Rep. James Greenwood (R-PA), Rep. Bob
Riley (R-AL), Rep. John Duncan (R-TN), Rep. Frank Lucas (R-OK),
Rep. Jim Kolbe (R-AZ), Rep. Tom Campbell (R-CA), Rep. Sue Kelly
(R-NY), Rep. Thomas Davis (R-VA), and Rep. David Vitter (R-LA).
On March 29, 2000, H.R. 4049 was referred to the Committee
on Government Reform, and subsequently to its Subcommittee on
Government Management, Information, and Technology. The
subcommittee held three days of legislative hearings on the
legislation on April 12, 2000, and May 15-16, 2000. The
subcommittee held a mark-up of the bill on June 14, 2000, at
which time subcommittee Chairman Stephen Horn (R-CA) offered an
amendment in the nature of a substitute to H.R. 4049. The
amended bill was favorably reported to the full Committee by
voice vote.
On June 29, 2000, the full Committee on Government Reform
met to consider H.R. 4049. An amendment by Representative
Carolyn Maloney (D-NY) was acceptedrequiring the Commission to
review the effectiveness and utility of third-party verification of
privacy statements. In addition, another amendment offered by Mrs.
Maloney was adopted, requiring the Commission to review the extent to
which older or disabled individuals are subjected to exploitation
because of the disclosure or inappropriate use of their financial
information. Representative Janice Schakowsky (D-IL) offered an
amendment, which was approved, that inserted ``civil liberties
experts'' into the section of the bill that addresses the Commission's
recommended composition. Representative Henry Waxman (D-CA) offered an
amendment, also adopted, that added a finding stating that the Act
should not be construed to prohibit enactment of legislation on privacy
issues by Congress during the existence of the Commission, and that
further study by the Commission should not be considered a prerequisite
for further consideration or enactment of financial or medical privacy
legislation by the Congress. Following the adoption of the aforesaid,
the Committee favorably reported H.R. 4049, as amended, to the full
House by voice vote.
IV. Explanation of the Bill
Sec. 1. Short title
Section 1 provides that the Act may be cited as the
``Privacy Commission Act.''
Sec. 2. Finding and purposes
Section 2 provides a statement of findings and purposes for
the legislation.
Sec. 3. Establishment of Commission
Section 3 establishes the Commission.
Sec. 4. Duties of the Commission
Section 4 of the Act establishes the responsibilities and
goals of the Commission and offers broad recommendations on
those areas the Commission should review.
Subsection (a) directs the Commission to examine issues
relating to the protection of personal privacy and the need to
achieve a balance between protecting individual privacy and
allowing appropriate uses of information. During the hearings,
the Committee found that the privacy debate centers around the
issue of permissible and non-permissible uses of personally
identifiable information, as this information becomes
increasingly available. The testimony focused on the need to
strike a balance between protecting individually identifiable
information and the sharing of that information for purposes of
business, medicine, and other uses.
Under section (a)(1) the Commission is instructed to review
Federal, State and local governments' monitoring, collection
and distribution of personally identifiable information, and
the use of documents such as the decennial census and drivers
license applications.
Section (a)(2), instructs the Commission to examine
existing laws to protect individuals' privacy, including but
not limited to: the Privacy Act of 1974 and the Freedom of
Information Act. The Commission shall examine extant efforts to
address monitoring, collection and distribution of personal
information by the Federal Government, State Governments,
individuals and other entities.
During the Committee mark-up, some Committee members raised
concerns regarding the use of individually identifiable
information by Congress and the Executive Office of the
President. Presently, Congress is not covered by the 1974
Privacy Act or the Freedom of Information Act and the
longstanding position of the Department of Justice is that
certain components of the Executive Office of the President are
also not covered by those acts. The Committee believes that the
Commission should study the implications of applying the
Privacy Act and Freedom of Information Act to Congress and to
all components of the Executive Office of the President.
Under section (a)(2)(B) of the Act, the Commission is
directed to examine privacy-related legislation pending before
the Congress. There are currently many bills before Congress,
both in the Senate and House that address the issue of privacy.
The Commission should consider the differing congressional
views on the privacy debate.
Under section (a)(2)(C), the Commission is directed to
review the privacy protection efforts previously undertaken by
Federal and State governments, foreign bodies, and
international governing bodies. With thousands of privacy bills
introduced at the State and local levels, as well as
international bodies and sovereign nations implementing their
own privacy laws, the Commission needs to understand how these
different initiatives will interact and what can be learned
from them. The Commission should look at such questions as:
Should there be Federally guaranteed minimum levels of privacy
protections? Should there be Federal preemption for privacy
issues, particularly in light of the explosion in Internet use?
What occurs when privacy laws conflict? How will U.S. privacy
laws be affected by implementation of external regulations and
directives, such as the European Directive?
Under sections (a)(2)(D) and (a)(2)(E), the Commission is
directed to review privacy protection efforts undertaken by the
private sector, as well as self-regulated efforts initiated by
the private sector. In response to the growing concern of
individuals about their personal information, the Committee
found that some in the private sector--including high tech
companies, financial services, medical entities, and others--
are developing or have implemented new technologies and
practices designed to ensure the protection of individual
privacy. The Commission should review these policies and
procedures to determine their efficacy, as well as their impact
on consumers and others.
Under section (a)(3), the Commission is instructed to
examine the monitoring, collection, and distribution of
personal information by individuals or entities, both public
and private, including access to and the use of medical
records, financial records (such as credit cards, automated
teller machine cards, bank accounts, and Internet
transactions), personal information provided to on-line sites
accessible through the Internet, Social Security numbers,
insurance records, education records, and drivers license
numbers. In addition, the Committee believes that the
Commission should examine the use to which that information is
being employed once it has been collected.
Section (a)(4), instructs the Commission to review employer
practices and policies with respect to the financial and health
information of employees, including: under section (a)(4)(A),
whether employers use or disclose employee financial or health
information for marketing employment or insurance underwriting
purposes; under section (a)(4)(B), what restrictions employers
place on disclosure or use of employee financial or health
information; under section (a)(4)(C), what rights employees
have to access, copy, and amend their own health records and
financial information; under section (a)(4)(D), what type of
notice is provided to employees regarding employer practices
with respect to employee financial and health information; and,
under section (a)(4)(E), what practices employer medical
departments use regarding the disclosure of employee health
information to the employer. During the hearings, some
Committee members raised the point that employers collect
information on employees so that an employer may fulfil his or
her obligation to provide information to health insurance or
retirement plans. It is the view of the Committee that the
Commission should review the potential uses of any collected
information, as well as current trends among employers
regarding that information.
Section (a)(5), requires the Commission to review the
extent to which individuals in the United States can obtain
redress for privacy violations. The Commission should examine
whether mechanisms exist to assist people who believe their
privacy has been inappropriately compromised, and if so,
whether these mechanisms are effective.
Under section (a)(6), the Commission is to review the
extent to which older individuals and disabled individuals are
subject to exploitation involving the disclosure or use of
their financial information. The Committee believes that the
Commission should evaluate present trends occurring in the
financial community and their impact on seniors and the
disabled.
Section (b) directs the Commission to hold at least two
field hearings in five geographical regions of the United
States. For purposes of these field hearings, the Commission is
charged with the responsibility of designating the boundaries
that constitute the geographical areas. Field hearings may be
held with less than a majority of Commission members present.
During the course of the Committee hearings, it was suggested
that requiring members to be at every meeting would be
unnecessarily burdensome, and that the field hearings could be
equally effective with less than a majority of the Commission
present. The Committee agrees.
Section (c) requires that no later than 18 months after the
appointment of all members of the Commission, a majority of the
Commission's members shall submit a report to Congress and the
President.
Section (c)(2), delineates the minimum content of the
report. Section (c)(2)(H), requires the Commission to review
the effectiveness and utility of third-party verification of
privacy statements, including existing private sector self-
regulatory efforts. This provision contains language that may
lead the private and public sectors to a mutually satisfactory
solution on the broad privacy concerns of the American public
and the business community. The private sector has a long
history of securing objective, third party professionals to
undertake reviews of the financial and business records of
American industry. These reviews are, primarily, initiated by
the private sector. Arms-length reviews have been and remain an
important tradition in reassuring the American public that the
corporate sector can be depended upon for honest business
dealings. Now, more than ever, the public trusts the corporate
sector with its personal investments and savings. This trust
must include the maintenance of Americans' most private
information as well. This is why the Committee is specifically
asking the Commission to review and report to the Congress on
the efficacy of third-party verification and assurance services
for protecting individual private information. This objective
is critically important, in that it may protect the future of
the evolving e-commerce industry as well as the private
information of American citizens.
Subsection (d) allows for the submission of additional
reports in the event of dissenting points of view. Any
additional reports shall also be made public so that all points
of view can be disseminated.
Pursuant to section (e), the Commission has the authority
to issue interim reports approved by a majority of members of
the Commission. The Committee was concerned that during the
operation of the Commission, the Commission may determine that
certain aspects of the privacy debate require immediate
attention, and that the Commission might be prepared to make a
recommendation before the final report of the Commission.
Because governmental bodies and private entities continue to
question the appropriate relationships between protecting
privacy and the sharing of information, the Committee believes
that the Commission may want to issue interim reports on time-
sensitive privacy issues, so that the Commission's findings may
be used to assist entities that are moving forward on the
privacy front.
Sec. 5. Membership
Under section 5 of the Act, the Commission shall be
composed of 17 members--4 members appointed by the President; 4
members appointed by the Majority Leader of the Senate; 2
members appointed by the Minority Leader of the Senate; 4
members appointed by the Speaker of the House of
Representatives; 2 members appointed by the Minority Leader of
the House of Representatives; and 1 member, who shall serve as
Chairperson of the Commission, appointed jointly by the
President, the Majority Leader of the Senate, and the Speaker
of the House of Representatives.
Under subsection (b), the Committee firmly believes that it
is important for the Commission to be composed of individuals
who have a wide diversity of viewpoints as well as those who
deal with privacy issues on a regular basis. Furthermore, the
Committee believes that Commission members should possess
practical knowledge and experience in balancing individual
privacy interests with the legitimate needs of the public,
government, commercial interests, and news organizations to
gain access to and use information. The individuals appointed
should be open-minded and willing to look at new ideas and
possibilities. During the mark-up, the Committee included
language offering a broad outline of groups that should
comprise the Commission, including representatives from groups
such as: Federal, State and local governments who can provide
insight on the government's collection of information and
existing State and Federal laws; the news media, who have a
working familiarity with the use of public documents for the
dissemination of public information; the academic community,
who can provide expertise in the history and theories of
privacy policy; consumer groups, who can represent individual
consumers and their privacy concerns; public policy groups who
are knowledgeable on legislative policies and privacy policies
within private industry; the business community, including
small business, who can share information about developing
technologies and discuss the impact of privacy protections on
business endeavors including Internet and e-commerce; the
medical community, who can provide the Commission with an
understanding of the intricacies of privacy issues in the
medical profession; civil liberties organizations, who can help
raise awareness of privacy issues; and the financial community,
who can provide expertise regarding financial modernization
laws and can explain the need for allowing the free flow of
information while protecting privacy.
Under subsection (c), the appointment of the members of the
Commission shall be made no later than 30 days after the date
of the enactment of the Act.
Under subsection (d), each member of the Commission will
serve for the life of the Commission.
Under subsection (e), in the event of a vacancy, the
position will be filled in the same manner as the original
appointment. The individual serving in the capacity of the
appointing official (e.g., the Majority Leader of the House)
has the authority to appoint a replacement to fill the vacancy.
Pursuant to subsection (f), members of the Commission shall
serve without pay, but shall receive travel expenses, including
per diem in lieu of subsistence.
Subsection (g) establishes that a majority of the
Commission shall constitute a quorum, but a lesser number may
hold hearings.
Under subsection (h), the Commission shall meet at the call
of the Chairperson or a majority of its members. The initial
meeting of the Commission shall not be later than 45 days after
the date of enactment of this Act.
Sec. 6. Director; staff; experts and consultants
Section 6 of the Act addresses the staff of the Commission.
The Commission shall appoint a director, who will be paid at
the rate payable for level III of the Executive Schedule
established under section 5314 of Title 5, United States Code.
The Director may appoint staff, who will be paid in accordance
with the provisions of chapter 51 and subchapter III of chapter
53 of that title relating to classification and General
Schedule pay rates, but at rates not in excess of the maximum
rate for grade GS-15 of the General Schedule under section 5332
of that title. The Director may procure temporary and
intermittent services under section 3109(b) of Title 5, United
States Code. Finally, the Director, if it is deemed necessary,
may request the head of any Federal department or agency to
detail personnel of that department or agency on a reimbursable
to the Commission to assist in the carrying out of this Act.
However, before making such a request, the Director shall give
notice of the request to each member of the Commission.
Sec. 7. Powers of Commission
Pursuant to subsection (a), the Commission may hold
hearings, sit and act at times and places, take testimony, and
receive evidence, as the Commission considers appropriate. The
Commission may administer oaths or affirmation to witnesses
appearing before it.
Under subsection (b), any member or agent of the Commission
may, if authorized by the Commission, take any action which the
Commission is authorized to take by this section.
Under subsection (c), except as provided for by section
(7)(c)(2), if the Chairperson of the Commission submits a
request to a Federal department or agency for information
necessary to enable the Commission to carry out this Act, the
head of the department or agency shall furnish that information
to the Commission. However, if the head of the department or
agency determines that this information should not be furnished
due toissues of national security, the department or agency
head shall not furnish that information to the Commission. During the
hearings, witnesses representing the Administration raised the issue
that some agencies may need to withhold information from the Commission
that is deemed vital to the national security. It is the firm belief of
the Committee that the collection of information by the Commission
should in no way threaten the national security of the United States.
However, the determination to withhold information should be used
sparingly, and departments and agencies should work with the Commission
to ensure that information contained in said documents that can be
segregated and released without threatening national security are
released.
Under subsection (d), the Commission may use the United
States mail in the same manner and under the same conditions as
other departments and agencies of the United States.
Under subsection (e), upon request of the Director, the
Administrator of General Services shall provide to the
Commission, on a reimbursable basis, the administrative support
services necessary for the Commission to carry out this bill.
Subsection (f) provides that, the Commission may accept,
use, and dispose of gifts or donations of services or property
to carry out this bill, but only to the extent or in the
amounts provided in advance in appropriation Acts.
Pursuant to subsection (g), the Commission may contract
with and compensate individuals and government agencies for
supplies and services.
Subsection (h) allows the Commission to issue subpoenas
requiring the attendance and testimony of witnesses and the
production of any evidence relating to any matter that the
Commission is empowered to investigate. The attendance of
witnesses and the production of evidence may be required by
such subpoena from any place within the United States and at
any specified place of hearing within the United States. Should
a witness fail to obey a subpoena, the Commission may apply to
a United States district court for an order requiring the
witness to appear before the Commission to give testimony,
produce evidence, or both. The application may be made within
the judicial district where the hearing is conducted or where
that person is found, resides, or transacts business. Any
failure to obey the order of the court may be punished by the
court as civil contempt. Subpoenas of the Commission shall be
served in the manner provided for subpoenas issued by a United
States district court under the Federal Rules of Civil
Procedure for the United States district courts. All process of
any court to which application is made under this subsection
may be served in the judicial district, in which the person
required to be served resides or may be found.
Sec. 8. Termination
Under section 8, the Commission shall terminate 30 days
after submitting a report under section 4(c).
Sec. 9. Authorization of appropriations
Section 9 authorizes $5 million to be appropriated to the
Commission to carry out this Act. Any sum appropriated pursuant
to the authorization in subsection (a) shall remain available
until expended.
Sec. 10. Budget Act compliance
Under section 10, any new contract authority authorized by
this Act shall be effective only to the extent or in the
amounts provided in advance in appropriation Acts.
Sec. 11. Privacy protections
Section 11 directs the Commission upon conclusion of its
work or upon making a determination that individually
identifiable information disclosed to the Commission is no
longer needed, to either destroy the individually identifiable
information or return it to the person or entity from which it
was obtained, unless the subject of the individually
identifiable information has authorized its disclosure. The
Commission shall protect individually identifiable information
from improper use, and it may not disclose such information to
any person, including the Congress or the President, unless the
individual that is the subject of the information has
authorized such a disclosure. In addition, the Commission will
protect from improper use and may not disclose to any person,
proprietary business and financial information that may be
viewed or obtained by the Commission in the course of carrying
out its duties under this bill. It is the Committee's view that
as the Commission is reviewing the question concerning the
appropriate level of protection for personally identifiable
information, so, too, the Commission should be aware of how it
uses, discloses, and disposes of personally identifiable
information.
V. Committee Oversight Findings
Pursuant to rule XIII, clause 3(c)(1) of the Rules of the
House of Representatives, the results and findings of those
oversight activities are incorporated in the recommendations
found in the bill and in this report.
VI. Budget Analysis and Projections
Clause 3(c)(2) of rule XIII of the Rules of the House of
Representatives isinapplicable because the bill does not
provide new budget authority, new spending authority, new credit
authority, or an increase or decrease in revenues or tax expenditures.
VII. Cost Estimate of the Congressional Budget Office
U.S. Congress,
Congressional Budget Office,
Washington, DC, July 26, 2000.
Hon. Dan Burton,
Chairman, Committee on Government Reform,
House of Representatives, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 4049, the Privacy
Commission Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contacts are John R.
Righter (for the federal costs); Susan Sieg Tompkins (for state
and local impact); and Sarah E. Sitarek (for the private-sector
impact).
Sincerely,
Steven M. Lieberman
(For Dan L. Crippen, Director).
Enclosure.
H.R. 4049--Privacy Commission Act
H.R. 4049 would establish the Commission for the
Comprehensive Study of Privacy Protection to study issues
related to the protection of individual privacy. The bill would
direct the commission to discuss potential threats to such
privacy, assess when the sharing of personal information is
appropriate and beneficial to consumers, analyze the
effectiveness of existing statutes and regulations, and
recommend legislative and regulatory changes to improve the
security of personal information. The commission would have 18
months from the time all 17 members are appointed to issue its
report to the Congress and the President. To cover the costs of
the commission, the bill would authorize the appropriation of
$5 million. The commission would terminate 30 days after
submitting its report.
Assuming appropriation of the authorized amount, CBO
estimates that implementing the bill would cost $5 million over
fiscal years 2001 and 2002. Because the bill would not affect
direct spending or receipts, pay-as-you-go procedures would not
apply.
H.R. 4049 would require state, local, or tribal governments
and entities in the private sector, if subpoenaed, to provide
testimony and evidence related to matters the privacy
commission would be empowered to investigate. Such a
requirement would be a federal mandate under the Unfunded
Mandates Reform Act (UMRA). The bill would authorize the
commission to subpoena the attendance of witnesses and the
production of evidence from any place within the United States
and at any specified place of hearing within the United States.
CBO expects that the commission would likely exercise its
subpoena power sparingly and that the costs to comply with a
subpoena would not be significant. Thus, CBO estimates that the
intergovernmental and private-sector costs of the mandate would
be small and well below the relevant thresholds established by
UMRA ($55 million for intergovernmental mandates and $109
million for private-sector mandates in 2000, adjusted annually
for inflation).
The CBO staff contacts for this estimate are John R.
Righter (for the federal costs); Susan Sieg Tompkins (for the
state and local impact); and Sarah E. Sitarek (for the private-
sector impact). The estimate was approved by Robert A.
Sunshine, Assistant Director for Budget Analysis.
VIII. Statement of Constitutional Authority
Pursuant to rule XIII, clause 3(d)(1), the Committee finds
that clauses 14 and 18 of Article I, Section 8 of the U.S.
Constitution grants Congress the power to enact this law.
IX. Committee Recommendation
On Wednesday, June 28, 2000, a quorum being present, the
Committee on Government Reform ordered the bill, as amended,
favorably reported to the House for consideration by voice
vote.
X. Congressional Accountability Act; Public Law 104-1
The Committee finds that the legislation does not relate to
the terms and conditions of employment or access to public
services or accommodations within the meaning of section
102(B)(3) of the Congressional Accountability Act (P.L. 104-1).
XI. Unfunded Mandates Reform Act; Public Law 104-4, Section 423
The Committee finds that the legislation does not impose
any Federal mandates within the meaning of section 423 of the
Unfunded Mandates Reform Act (P.L. 104-4).
XII. Federal Advisory Committee Act (5 U.S.C. App.) Section 5(B)
The functions of the proposed advisory committee authorized
in the bill are not currently being nor could they be performed
by one or more agencies, an advisory committee already in
existence or by enlarging the mandate of an existing advisory
committee.
XIII. Changes in Existing Law Made by the Bill, as Reported
In compliance with clause 3 of rule XIII of the Rules of
the House of Representatives, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in black brackets, new
matter is printed in italic, existing law in which no change is
proposed is shown in Roman):
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Privacy Commission Act''.
SEC. 2. FINDINGS.
The Congress finds the following:
(1) Americans are increasingly concerned about their
civil liberties and the security and use of their
personal information, including medical records,
educational records, library records, magazine
subscription records, records of purchases of goods and
other payments, and driver's license numbers.
(2) Commercial entities are increasingly aware that
consumers expect them to adopt privacy policies and
take all appropriate steps to protect the personal
information of consumers.
(3) There is a growing concern about the
confidentiality of medical records, because there are
inadequate Federal guidelines and a patchwork of
confusing State and local rules regarding privacy
protection for individually identifiable patient
information.
(4) In light of recent changes in financial services
laws allowing for increased sharing of information
between traditional financial institutions and
insurance entities, a coordinated and comprehensive
review is necessary regarding the protections of
personal data compiled by the health care, insurance,
and financial services industries.
(5) The use of Social Security numbers has expanded
beyond the uses originally intended.
(6) Use of the Internet has increased at astounding
rates, with approximately 5 million current Internet
sites and 64 million regular Internet users each month
in the United States alone.
(7) Financial transactions over the Internet have
increased at an astounding rate, with 17 million
American households spending $20 billion shopping on
the Internet last year.
(8) Use of the Internet as a medium for commercial
activities will continue to grow, and it is estimated
that by the end of 2000, 56 percent of the companies in
the United States will sell their products on the
Internet.
(9) There have been reports of surreptitious
collection of consumer data by Internet marketers and
questionable distribution of personal information by
on-line companies.
(10) In 1999, the Federal Trade Commission found that
87 percent of Internet sites provided some form of
privacy notice, which represented an increase from 15
percent in 1998.
(11) The United States is the leading economic and
social force in the global information economy, largely
because of a favorable regulatory climate and the free
flow of information. It is important for the United
States to continue that leadership. As nations and
governing bodies around the world begin to establish
privacy standards, these standards will directly affect
the United States.
(12) The shift from an industry-focused economy to an
information-focused economy calls for a reassessment of
the most effective way to balance personal privacy and
information use, keeping in mind the potential for
unintended effects on technology development,
innovation, the marketplace, and privacy needs.
(13) This Act shall not be construed to prohibit the
enactment of legislation on privacy issues by the
Congress during the existence of the Commission. It is
the responsibility of the Congress to act to protect
the privacy of individuals, including individuals'
medical and financial information. Various committees
of the Congress are currently reviewing legislation in
the area of medical and financial privacy. Further
study by the Commission established by this Act should
not be considered a prerequisite for further
consideration or enactment of financial or medical
privacy legislation by the Congress.
SEC. 3. ESTABLISHMENT.
There is established a commission to be known as the
``Commission for the Comprehensive Study of Privacy
Protection'' (in this Act referred to as the ``Commission'').
SEC. 4. DUTIES OF COMMISSION.
(a) Study.--The Commission shall conduct a study of issues
relating to protection of individual privacy and the
appropriate balance to be achieved between protecting
individual privacy and allowing appropriate uses of
information, including the following:
(1) The monitoring, collection, and distribution of
personal information by Federal, State, and local
governments, including personal information collected
for a decennial census, and such personal information
as a driver's license number.
(2) Current efforts to address the monitoring,
collection, and distribution of personal information by
Federal and State governments, individuals, or
entities, including--
(A) existing statutes and regulations
relating to the protection of individual
privacy, such as section 552a of title 5,
United States Code (commonly referred to as the
Privacy Act of 1974) and section 552 of title 5,
United States Code (commonly referred to as the
Freedom of Information Act);
(B) legislation pending before the Congress;
(C) privacy protection efforts undertaken by
the Federal Government, State governments,
foreign governments, and international
governing bodies;
(D) privacy protection efforts undertaken by
the private sector; and
(E) self-regulatory efforts initiated by the
private sector to respond to privacy issues.
(3) The monitoring, collection, and distribution of
personal information by individuals or entities,
including access to and use of medical records,
financial records (including credit cards, automated
teller machine cards, bank accounts, and Internet
transactions), personal information provided to on-line
sites accessible through the Internet, Social Security
numbers, insurance records, education records, and
driver's license numbers.
(4) Employer practices and policies with respect to
the financial and health information of employees,
including--
(A) whether employers use or disclose
employee financial or health information for
marketing, employment, or insurance
underwriting purposes;
(B) what restrictions employers place on
disclosure or use of employee financial or
health information;
(C) employee rights to access, copy, and
amend their own health records and financial
information;
(D) what type of notice employers provide to
employees regarding employer practices with
respect to employee financial and health
information; and
(E) practices of employer medical departments
with respect to disclosing employee health
information to administrative or other
personnel of the employer.
(5) The extent to which individuals in the United
States can obtain redress for privacy violations.
(6) The extent to which older individuals and
disabled individuals are subject to exploitation
involving the disclosure or use of their financial
information.
(b) Field Hearings.--
(1) In general.--The Commission shall conduct at
least 2 field hearings in each of the 5 geographical
regions of the United States.
(2) Boundaries.--For purposes of this subsection, the
Commission may determine the boundaries of the five
geographical regions of the United States.
(c) Report.--
(1) In general.--Not later than 18 months after
appointment of all members of the Commission--
(A) a majority of the members of the
Commission shall approve a report; and
(B) the Commission shall submit the approved
report to the Congress and the President.
(2) Contents.--The report shall include a detailed
statement of findings, conclusions, and
recommendations, including the following:
(A) Findings on potential threats posed to
individual privacy.
(B) Analysis of purposes for which sharing of
information is appropriate and beneficial to
consumers.
(C) Analysis of the effectiveness of existing
statutes, regulations, private sector self-
regulatory efforts, technology advances, and
market forces in protecting individual privacy.
(D) Recommendations on whether additional
legislation is necessary, and if so, specific
suggestions on proposals to reform or augment
current laws and regulations relating to
individual privacy.
(E) Analysis of purposes for which additional
regulations may impose undue costs or burdens,
or cause unintended consequences in other
policy areas, such as security, law
enforcement, medical research, or critical
infrastructure protection.
(F) Cost analysis of legislative or
regulatory changes proposed in the report.
(G) Recommendations on non-legislative
solutions to individual privacy concerns,
including education, market-based measures,
industry best practices, and new technology.
(H) Review of the effectiveness and utility
of third-party verification of privacy
statements, including specifically with respect
to existing private sector self-regulatory
efforts.
(d) Additional Report.--Together with the report under
subsection (c), the Commission shall submit to the Congress and
the President any additional report of dissenting opinions or
minority views by a member of the Commission.
(e) Interim Report.--The Commission may submit to the
Congress and the President an interim report approved by a
majority of the members of the Commission.
SEC. 5. MEMBERSHIP.
(a) Number and Appointment.--The Commission shall be composed
of 17 members appointed as follows:
(1) 4 members appointed by the President.
(2) 4 members appointed by the majority leader of the
Senate.
(3) 2 members appointed by the minority leader of the
Senate.
(4) 4 members appointed by the Speaker of the House
of Representatives.
(5) 2 members appointed by the minority leader of the
House of Representatives.
(6) 1 member, who shall serve as Chairperson of the
Commission, appointed jointly by the President, the
majority leader of the Senate, and the Speaker of the
House of Representatives.
(b) Diversity of Views.--The appointing authorities under
subsection (a) shall seek to ensure that the membership of the
Commission has a diversity of views and experiences on the
issues to be studied by the Commission, such as views and
experiences of Federal, State, and local governments, the
media, the academic community, consumer groups, public policy
groups and other advocacy organizations, business and industry
(including small business), the medical community, civil
liberties experts, and the financial services industry.
(c) Date of Appointment.--The appointment of the members of
the Commission shall be made not later than 30 days after the
date of the enactment of this Act.
(d) Terms.--Each member of the Commission shall be appointed
for the life of the Commission.
(e) Vacancies.--A vacancy in the Commission shall be filled
in the same manner in which the original appointment was made.
(f) Compensation; Travel Expenses.--Members of the Commission
shall serve without pay, but shall receive travel expenses,
including per diem in lieu of subsistence, in accordance with
sections 5702 and 5703 of title 5, United States Code.
(g) Quorum.--A majority of the members of the Commission
shall constitute a quorum, but a lesser number may hold
hearings.
(h) Meetings.--
(1) In general.--The Commission shall meet at the
call of the Chairperson or a majority of its members.
(2) Initial meeting.--Not later than 45 days after
the date of the enactment of this Act, the Commission
shall hold its initial meeting.
SEC. 6. DIRECTOR; STAFF; EXPERTS AND CONSULTANTS.
(a) Director.--
(1) In general.--On or after October 1, 2000, the
Commission shall appoint a Director without regard to
the provisions of title 5, United States Code,
governing appointments to the competitive service.
(2) Pay.--The Director shall be paid at the rate
payable for level III of the Executive Schedule
established under section 5314 of such title.
(b) Staff.--The Director may appoint staff as the Director
determines appropriate.
(c) Applicability of Certain Civil Service Laws.--
(1) In general.--The staff of the Commission shall be
appointed without regard to the provisions of title 5,
United States Code, governing appointments in the
competitive service.
(2) Pay.--The staff of the Commission shall be paid
in accordance with the provisions of chapter 51 and
subchapter III of chapter 53 of that title relating to
classification and General Schedule pay rates, but at
rates not in excess of the maximum rate for grade GS-15
of the General Schedule under section 5332 of that
title.
(d) Experts and Consultants.--The Director may procure
temporary and intermittent services under section 3109(b) of
title 5, United States Code.
(e) Staff of Federal Agencies.--
(1) In general.--Upon request of the Director, the
head of any Federal department or agency may detail, on
a reimbursable basis, any of the personnel of that
department or agency to the Commission to assist it in
carrying out this Act.
(2) Notification.--Before making a request under this
subsection, the Director shall give notice of the
request to each member of the Commission.
SEC. 7. POWERS OF COMMISSION.
(a) Hearings and Sessions.--The Commission may, for the
purpose of carrying out this Act, hold hearings, sit and act at
times and places, take testimony, and receiveevidence as the
Commission considers appropriate. The Commission may administer oaths
or affirmations to witnesses appearing before it.
(b) Powers of Members and Agents.--Any member or agent of the
Commission may, if authorized by the Commission, take any
action which the Commission is authorized to take by this
section.
(c) Obtaining Official Information.--
(1) In general.--Except as provided in paragraph (2),
if the Chairperson of the Commission submits a request
to a Federal department or agency for information
necessary to enable the Commission to carry out this
Act, the head of that department or agency shall
furnish that information to the Commission.
(2) Exception for national security.--If the head of
that department or agency determines that it is
necessary to guard that information from disclosure to
protect the national security interests of the United
States, the head shall not furnish that information to
the Commission.
(d) Mails.--The Commission may use the United States mails in
the same manner and under the same conditions as other
departments and agencies of the United States.
(e) Administrative Support Services.--Upon the request of the
Director, the Administrator of General Services shall provide
to the Commission, on a reimbursable basis, the administrative
support services necessary for the Commission to carry out this
Act.
(f) Gifts and Donations.--The Commission may accept, use, and
dispose of gifts or donations of services or property to carry
out this Act, but only to the extent or in the amounts provided
in advance in appropriation Acts.
(g) Contracts.--The Commission may contract with and
compensate persons and government agencies for supplies and
services, without regard to section 3709 of the Revised
Statutes (41 U.S.C. 5).
(h) Subpoena Power.--
(1) In general.--The Commission may issue subpoenas
requiring the attendance and testimony of witnesses and
the production of any evidence relating to any matter
that the Commission is empowered to investigate by
section 4. The attendance of witnesses and the
production of evidence may be required by such subpoena
from any place within the United States and at any
specified place of hearing within the United States.
(2) Failure to obey a subpoena.--If a person refuses
to obey a subpoena issued under paragraph(1), the
Commission may apply to a United States district court for an order
requiring that person to appear before the Commission to give
testimony, produce evidence, or both, relating to the matter under
investigation. The application may be made within the judicial district
where the hearing is conducted or where that person is found, resides,
or transacts business. Any failure to obey the order of the court may
be punished by the court as civil contempt.
(3) Service of subpoenas.--The subpoenas of the
Commission shall be served in the manner provided for
subpoenas issued by a United States district court
under the Federal Rules of Civil Procedure for the
United States district courts.
(4) Service of process.--All process of any court to
which application is made under paragraph (2) may be
served in the judicial district in which the person
required to be served resides or may be found.
SEC. 8. TERMINATION.
The Commission shall terminate 30 days after submitting a
report under section 4(c).
SEC. 9. AUTHORIZATION OF APPROPRIATIONS.
(a) In General.--There are authorized to be appropriated to
the Commission $5,000,000 to carry out this Act.
(b) Availability.--Any sums appropriated pursuant to the
authorization in subsection (a) shall remain available until
expended.
SEC. 10. BUDGET ACT COMPLIANCE.
Any new contract authority authorized by this Act shall be
effective only to the extent or in the amounts provided in
advance in appropriation Acts.
SEC. 11. PRIVACY PROTECTIONS.
(a) Destruction or Return of Information Required.--Upon the
conclusion of the matter or need for which individually
identifiable information was disclosed to the Commission, the
Commission shall either destroy the individually identifiable
information or return it to the person or entity from which it
was obtained, unless the individual that is the subject of the
individually identifiable information has authorized its
disclosure.
(b) Disclosure of Information Prohibited.--The Commission--
(1) shall protect individually identifiable
information from improper use; and
(2) may not disclose such information to any person,
including the Congress or the President, unless the
individual that is the subject of the information has
authorized such a disclosure.
(c) Proprietary Business Information and Financial
Information.--The Commission shall protect from improper use,
and may not disclose to any person, proprietary business
information and proprietary financial information that may be
viewed or obtained by the Commission in the course of carrying
out its duties under this Act.
(d) Individually Identifiable Information Defined.--For the
purposes of this Act, the term ``individually identifiable
information'' means any information, whether oral or recorded
in any form or medium, that identifies an individual, or with
respect to which there is a reasonable basis to believe that
the information can be used to identify an individual.
MINORITY VIEWS
We are strongly in favor of protecting the privacy of
consumers' information, including health, financial, and other
personal information. We believe that Congress has an essential
role in protecting privacy, and should act now to pass
meaningful privacy protection legislation.
We have differing views about H.R. 4049. Some of us believe
that a Privacy Commission could contribute to the development
of public policy regarding privacy protections. Others believe
that it may serve to delay privacy protection initiatives.
Indeed, an April 17, 2000, editorial in the National
Underwriter magazine urged support of the bill specifically on
the grounds that a commission could delay privacy protection
measures. The editorial noted that enactment of the bill could
be a ``golden opportunity to forestall highly restrictive
privacy measures that will be introduced both in Congress and
in state legislatures around the country.'' It further stated:
If the financial services industry can make a strong
economic case for the consumer benefits of information
sharing, the bipartisan commission proposed by Reps.
Hutchinson and Moran provides the best forum to do it.
Moreover, the presence of such a commission will
provide a strong argument for Congress and the state
legislatures to wait for the results before enacting
highly restrictive privacy legislation.
We are pleased that the markup process strengthened the
Privacy Commission bill. For example, the legislation now
contains instructions that ensure that the Commission will
examine several important privacy issues, including employer
privacy practices regarding the health and financial
information of employees, the type of redress currently
available regarding privacy violations, exploitation of older
and disabled Americans through the use of their financial
information, and the use of third parties to monitor internet
privacy practices. Amendments also strengthened the legislation
by including consideration of civil liberties experts for
inclusion on the Commission.
It is important to emphasize, however, that further study
by a Commission is not necessary before enactment of
substantive privacy protections. The Privacy Commission should
serve as a complement to ongoing privacy protection
initiatives. Congress should be taking action now to enact
privacy protections regarding consumers' financial and health
information, among other initiatives. The recent breakthrough
in mapping the human genome underscores the need to ensure that
privacy protections are in place immediately for individuals'
genetic information so that insurers, employers, and others
cannot inappropriately access this personal information. For
this reason, we are pleased that an amendment was accepted to
include in the bill's findings that the Commission is not
intended to delay privacy protection initiatives.
We are disappointed, however, that agreement could not be
reached to include in the bill a commitment by Congress to
enact important privacy protections. Rep. Waxman offered an
amendment that focused on financial privacy. It would have set
an 18-month deadline on Congress to enact comprehensive
protections, and would have given relevant regulatory entities
authority to regulate if the deadline was not met. Such a
commitment is important to ensuring that the study of privacy
will not constitute the only action Congress takes on privacy
protection. We regret that the amendment was rejected on a
point of order and not incorporated into the bill.
Henry A. Waxman.
Carolyn B. Maloney.
Major R. Owens.
Danny K. Davis.
John F. Tierney.
Thomas H. Allen.
Dennis J. Kucinich.
Eleanor Holmes Norton.
Rod R. Blagojevich.
Paul E. Kanjorski.
Tom Lantos.
Edolphus Towns.
Janice D. Schakowsky.
Bernard Sanders.
Patsy T. Mink.
Elijah E. Cummings.
Harold E. Ford, Jr.
�