Consumer Privacy Protection Act

Consumer Privacy Protection Act - Amends the Privacy Act of 1974 to increase the minimum amount of civil damages against the United States from $1,000 to $2,000 when an agency fails to maintain a record on an individual with accuracy, relevance, timeliness, or completeness in order to assure fairness. Imposes a $20,000 limitation on such recoveries.

Establishes a Privacy Protection Study Commission composed of five members appointed by the President. Requires the Commission to: (1) make a study of the data banks, automated data processing programs, and information systems of public and private organizations to determine standards and procedures in force for the protection of personal information; (2) recommend to the President and the Congress the extent to which provisions of the Privacy Act should be applied to such organizations; and (3) report on other legislative recommendations necessary to protect the privacy of individuals while meeting the legitimate needs of government and society for information.

Authorizes the Commission to research, examine, and analyze: (1) the interstate transfer of information about individuals; (2) data banks and information systems that affect privacy rights; (3) the use of social security numbers and other universal identifiers to gain access to centralized information systems; and (4) the matching and analysis of statistical data.

Permits the Commission to examine personal information activities in the following areas: (1) medical; (2) insurance; (3) education; (4) employment and personnel; (5) credit; (6) commercial reporting industry; (7) cable television; (8) travel and entertainment reservations; and (9) electronic check processing.

Requires the Commission to examine: (1) certain mailing list procedures; (2) whether the Internal Revenue Service should be prohibited from transferring individually identifiable data to other agencies; (3) whether the Federal Government should be liable for damages as a result of certain violations of the Privacy Act; and (4) how standards for confidentiality of records should be applied when records are disclosed to a person other than an agency.

Prohibits the Commission from investigating information systems maintained by religious organizations.

Requires the Commission to: (1) determine what laws, executive orders, and regulations are consistent with the rights of privacy; (2) determine to what extent governmental and private information systems affect Federal-State relations; (3) examine the standards relating to the collection of personal information; and (4) collect reports and recommendations of governmental, legislative, and private bodies which pertain to the study.

Requires the Commission to report to the President and the Congress on its activities in carrying out this Act.

Provides penalties for: (1) any member, officer, or employee of the Commission with access to records (which contain individually identifiable information) who willfully discloses the information to any person or agency not entitled to receive it; and (2) any person who requests or obtains any record concerning an individual from the Commission under false pretenses.