Consumer Privacy Protection Act of 2017

Consumer Privacy Protection Act of 2017

This bill amends the federal criminal code to make it a crime to intentionally and willfully conceal knowledge of a security breach that results in economic harm of at least $1,000 to any individual.

It imposes criminal penalties on a violator and authorizes the U.S. Secret Service and the Federal Bureau of Investigation to investigate offenses.

The bill authorizes the Department of Justice (DOJ) to file a civil action: (1) to prevent ongoing conduct that damages 100 or more protected computers (e.g., government computers); and (2) to prevent the disposition of unlawfully obtained property.

The bill also adds to the list of money laundering predicate offenses financial transactions that involve proceeds of unlawful manufacturing, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices.

Finally, the bill requires certain commercial entities to implement a comprehensive consumer privacy and data security program.

Following the discovery of a security breach of sensitive personally identifiable information (PII), a commercial entity must notify an affected U.S. resident and provide identify theft prevention and mitigation services. Sensitive PII is information that identifies a particular person, including electronic or digital forms of personal, financial, health, and biometric data, geographic location, and password-protected photographs and videos.

It establishes civil penalties for violations and authorizes DOJ, the Federal Trade Commission, and states to enforce compliance.