Bill Sponsor
BILLSPONSOR
Bill Sponsor
Politicians
Bills
Senate Bill 2498
115th Congress(2017-2018)
Protecting Children From Identity Theft Act
Introduced
Introduced
Introduced in Senate on Mar 5, 2018
Overview
Text
Introduced in Senate 
Mar 5, 2018
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in Senate(Mar 5, 2018)
Mar 5, 2018
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
S. 2498 (Introduced-in-Senate)


115th CONGRESS
2d Session
S. 2498


To reduce identity fraud.

IN THE SENATE OF THE UNITED STATES

March 5, 2018

Mr. Scott (for himself, Mrs. McCaskill, Mr. Cassidy, and Mr. Peters) introduced the following bill; which was read twice and referred to the Committee on Finance

A BILL

To reduce identity fraud.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Protecting Children From Identity Theft Act”.

SEC. 2. Reducing identity fraud.

(a) Purpose.—The purpose of this section is to reduce the prevalence of synthetic identity fraud, which disproportionally affects vulnerable populations, such as minors and recent immigrants, by facilitating the validation by permitted entities of fraud protection data, pursuant to electronically received consumer consent, through use of a database maintained by the Commissioner.

(b) Definitions.—In this section:

(1) COMMISSIONER.—The term “Commissioner” means the Commissioner of the Social Security Administration.

(2) FINANCIAL INSTITUTION.—The term “financial institution” has the meaning given the term in section 509 of the Gramm-Leach-Bliley Act (15 U.S.C. 6809).

(3) FRAUD PROTECTION DATA.—The term “fraud protection data” means a combination of the following information with respect to an individual:

(A) The name of the individual (including the first name and any family forename or surname of the individual).

(B) The Social Security number of the individual.

(C) The date of birth (including the month, day, and year) of the individual.

(4) PERMITTED ENTITY.—The term “permitted entity” means a financial institution or a service provider, subsidiary, affiliate, agent, subcontractor, or assignee of a financial institution.

(c) Efficiency.—

(1) RELIANCE ON EXISTING METHODS.—The Commissioner shall evaluate the feasibility of making modifications to any database that is in existence as of the date of enactment of this Act or a similar resource such that the database or resource—

(A) is reasonably designed to effectuate the purpose of this section; and

(B) meets the requirements of subsection (d).

(2) EXECUTION.—The Commissioner shall make the modifications necessary to any database that is in existence as of the date of enactment of this Act or similar resource, or develop a database or similar resource, to effectuate the requirements described in paragraph (1).

(d) Protection of vulnerable consumers.—The database or similar resource described in subsection (c) shall—

(1) compare fraud protection data provided in an inquiry by a permitted entity against such information maintained by the Commissioner in order to confirm (or not confirm) the validity of the information provided;

(2) be scalable and accommodate reasonably anticipated volumes of verification requests from permitted entities with commercially reasonable uptime and availability;

(3) allow permitted entities to submit—

(A) one or more individual requests electronically for real-time machine-to-machine (or similar functionality) accurate responses; and

(B) multiple requests electronically, such as those provided in a batch format, for accurate electronic responses within a reasonable period of time from submission, not to exceed 24 hours;

(4) be funded, including any appropriate upgrades, maintenance, and associated direct and indirect administrative costs, by users of the database or similar resource, in a manner consistent with that described in section 1106(b) of the Social Security Act (42 U.S.C. 1306(b)); and

(5) not later than 180 days after the date of enactment of this Act, be fully operational.

(e) Certification required.—Before providing confirmation of fraud protection data to a permitted entity, the Commissioner shall ensure that the Commissioner has a certification from the permitted entity that is dated not more than 2 years before the date on which that confirmation is provided that includes the following declarations:

(1) The entity is a permitted entity.

(2) The entity is in compliance with this section.

(3) The entity is, and will remain, in compliance with its privacy and data security requirements, as described in title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.), with respect to information the entity receives from the Commissioner pursuant to this section.

(4) The entity will retain sufficient records to demonstrate its compliance with its certification and this section for a period of not less than 2 years.

(f) Consumer consent.—

(1) IN GENERAL.—Notwithstanding any other provision of law or regulation, a permitted entity may submit a request to the database or similar resource described in subsection (c) only—

(A) pursuant to the written, including electronic, consent received by a permitted entity from the individual who is the subject of the request; and

(B) in connection with a credit transaction or any circumstance described in section 604 of the Fair Credit Reporting Act (15 U.S.C. 1681b).

(2) ELECTRONIC CONSENT REQUIREMENTS.—For a permitted entity to use the consent of an individual received electronically pursuant to paragraph (1)(A), the permitted entity must obtain the individual’s electronic signature, as defined in section 106 of the Electronic Signatures in Global and National Commerce Act (15 U.S.C. 7006).

(3) EFFECTUATING ELECTRONIC CONSENT.—No provision of law or requirement, including section 552a of title 5, United States Code, shall prevent the use of electronic consent for purposes of this subsection or for use in any other consent based verification under the discretion of the Commissioner.

(g) Compliance and enforcement.—

(1) AUDITS AND MONITORING.—

(A) IN GENERAL.—The Commissioner may—

(i) conduct audits and monitoring to—

(I) ensure proper use by permitted entities of the database or similar resource described in subsection (c); and

(II) deter fraud and misuse by permitted entities with respect to the database or similar resource described in subsection (c); and

(ii) terminate services for any permitted entity that prevents or refuses to allow the Commissioner to carry out the activities described in clause (i).

(2) ENFORCEMENT.—

(A) IN GENERAL.—Notwithstanding any other provision of law, including the matter preceding paragraph (1) of section 505(a) of the Gramm-Leach-Bliley Act (15 U.S.C. 6805(a)), any violation of this section and any certification made under this section shall be enforced in accordance with paragraphs (1) through (7) of such section 505(a) by the agencies described in those paragraphs.

(B) RELEVANT INFORMATION.—Upon discovery by the Commissioner, pursuant to an audit described in paragraph (1)(A), of any violation of this section or any certification made under this section, the Commissioner shall forward any relevant information pertaining to that violation to the appropriate agency described in subparagraph (A) for evaluation by the agency for purposes of enforcing this section.