Consumer Privacy Protection Act of 2017

Consumer Privacy Protection Act of 2017

This bill amends the federal criminal code to make it a crime to intentionally and willfully conceal knowledge of a security breach that results in economic harm of at least $1,000 to any individual.

It imposes criminal penalties on a violator and authorizes the U.S. Secret Service and the Federal Bureau of Investigation to investigate offenses.

The bill authorizes the Department of Justice (DOJ) to file a civil action: (1) to prevent ongoing conduct that damages 100 or more protected computers (e.g., government computers); and (2) to prevent the disposition of unlawfully obtained property.

The bill also adds to the list of money laundering predicate offenses financial transactions that involve proceeds of unlawful manufacturing, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices.

Finally, the bill requires certain commercial entities to implement a comprehensive consumer privacy and data security program.

A commercial entity must notify a U.S. resident whose sensitive personally identifiable information (PII) has been, or is reasonably believed to have been, accessed or acquired. Sensitive PII includes electronic or digital forms of personal, financial, health, and biometric data, geographic location, and password-protected photographs and videos.

It establishes civil penalties for violations and authorizes DOJ, the Federal Trade Commission, and states to enforce compliance.