House File 649 - Introduced
HOUSE FILE
BY HEATON, KAUFMANN, LUKAN,
DE BOEF, SCHULTE, STRUYK,
SANDS, SODERBERG, L. MILLER,
and UPMEYER
Passed House, Date Passed Senate, Date
Vote: Ayes Nays Vote: Ayes Nays
Approved
A BILL FOR
1 An Act prohibiting the disclosure of specified consumer
2 information by internet service providers and providing a
3 penalty.
4 BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
5 TLSB 2554YH 83
6 rn/nh/14
PAG LIN
1 1 Section 1. NEW SECTION. 715D.1 DEFINITIONS.
1 2 As used in this chapter, unless the context otherwise
1 3 requires:
1 4 1. "Consumer" means a resident of this state who agrees to
1 5 pay a fee to an internet service provider for access to the
1 6 internet for personal, family, or household purposes, and who
1 7 does not resell that access.
1 8 2. "Internet" means the same as defined in section 4.1.
1 9 3. "Internet service provider" means a person or entity
1 10 who provides consumers authenticated access to, or presence
1 11 on, the internet by means of a switched or dedicated
1 12 telecommunications channel upon which the provider furnishes
1 13 transit routing of internet protocol packets for and on behalf
1 14 of the consumer. "Internet service provider" does not include
1 15 a person or entity who offers, on a common carrier basis,
1 16 telecommunications facilities or telecommunications by means
1 17 of those facilities.
1 18 4. "Ordinary course of business" means debt=collection
1 19 activities, order fulfillment, request processing, or a
1 20 transfer of ownership.
1 21 5. "Personally identifiable information" means any of the
1 22 following information with respect to a consumer:
1 23 a. A home or other physical address including street name.
1 24 b. An electronic mail address.
1 25 c. A telephone number.
1 26 d. Requests for specific materials or services from an
1 27 internet service provider, and the obtaining of such materials
1 28 or services.
1 29 e. Internet or online sites visited by a consumer.
1 30 f. Any of the contents of a consumer's data=storage
1 31 device.
1 32 Sec. 2. NEW SECTION. 715D.2 DISCLOSURE OF PERSONALLY
1 33 IDENTIFIABLE INFORMATION == PROHIBITION.
1 34 1. Except as provided in subsection 2, an internet service
1 35 provider shall not knowingly disclose a consumer's personally
2 1 identifiable information.
2 2 2. An internet service provider may disclose personally
2 3 identifiable information concerning a consumer under any of
2 4 the following circumstances:
2 5 a. Disclosure is incident to the ordinary course of
2 6 business of the internet service provider.
2 7 b. Disclosure is made to another internet service provider
2 8 for purposes of reporting or preventing violations of the
2 9 published acceptable use policy or customer service agreement
2 10 of the internet service provider. An internet service
2 11 provider receiving disclosure pursuant to this paragraph may
2 12 further disclose the personally identifiable information only
2 13 as provided by this chapter.
2 14 c. The consumer has authorized the disclosure pursuant to
2 15 subsection 3.
2 16 3. An internet service provider may obtain a consumer's
2 17 authorization of the disclosure of personally identifiable
2 18 information in writing or by electronic means. The request
2 19 for authorization must reasonably describe the persons to whom
2 20 personally identifiable information may be disclosed and the
2 21 anticipated uses of the information. In order for an
2 22 authorization to be effective, the contract between an
2 23 internet service provider and a consumer must state either
2 24 that the authorization will be obtained by an affirmative act
2 25 of the consumer, or that failure of the consumer to object
2 26 after a request for authorization has been made by the
2 27 internet service provider constitutes authorization of
2 28 disclosure. The provision in the contract shall be
2 29 conspicuously placed. Authorization may alternatively be
2 30 obtained in a manner consistent with self=regulating
2 31 guidelines issued by representatives of the internet service
2 32 provider or internet industries.
2 33 Sec. 3. NEW SECTION. 715D.3 EXCEPTIONS.
2 34 The prohibition against disclosure pursuant to section
2 35 715D.2 shall not apply to the following:
3 1 1. Disclosure pursuant to a court order, warrant, or
3 2 subpoena.
3 3 2. In the course of a civil or criminal investigation
3 4 conducted by a law enforcement officer while acting as
3 5 authorized by law.
3 6 3. Pursuant to a civil action for conversion commenced by
3 7 an internet service provider or a civil action to enforce
3 8 collection of unpaid subscription fees or purchase amounts.
3 9 Disclosure pursuant to this subsection shall be limited to the
3 10 extent necessary to establish the fact of the subscription
3 11 delinquency or purchase agreement, with appropriate safeguards
3 12 against unauthorized disclosure.
3 13 4. To a consumer who is the subject of the personally
3 14 identifiable information, upon written or electronic request
3 15 and upon payment of a fee not to exceed the actual cost of
3 16 retrieving the information.
3 17 Sec. 4. NEW SECTION. 715D.4 SECURITY OF INFORMATION ==
3 18 EXCLUSION FROM EVIDENCE.
3 19 1. An internet service provider shall take reasonable
3 20 steps to maintain the security and privacy of a consumer's
3 21 personally identifiable information.
3 22 2. Except for purposes of establishing a violation of this
3 23 chapter, personally identifiable information obtained in any
3 24 manner other than as provided pursuant to this chapter may not
3 25 be received in evidence in a civil action.
3 26 Sec. 5. NEW SECTION. 715D.5 ENFORCEMENT.
3 27 A violation of this chapter is a violation of section
3 28 714.16, subsection 2, paragraph "a". All powers conferred
3 29 upon the attorney general to accomplish the objectives and
3 30 carry out the duties prescribed in section 714.16 are also
3 31 conferred upon the attorney general to enforce this chapter
3 32 including but not limited to the power to issue subpoenas,
3 33 adopt rules, and seek injunctive relief and a monetary award
3 34 for civil penalties, attorney fees, and costs. Additionally,
3 35 the attorney general may seek and recover the greater of five
4 1 hundred dollars or actual damages for each consumer injured by
4 2 a violation of this chapter.
4 3 EXPLANATION
4 4 This bill prohibits disclosure of personally identifying
4 5 consumer information by internet service providers, as these
4 6 terms are defined in the bill.
4 7 The bill provides that it is unlawful for an internet
4 8 service provider to knowingly disclose a consumer's personally
4 9 identifiable information, unless the disclosure is incident to
4 10 the ordinary course of business of the internet service
4 11 provider, or made to another internet service provider for
4 12 purposes of reporting or preventing violations of the
4 13 published acceptable use policy or customer service agreement
4 14 of the internet service provider, or the consumer has
4 15 authorized the disclosure. The bill specifies a procedure
4 16 whereby a consumer's authorization of the disclosure of
4 17 personally identifiable information can be obtained by an
4 18 internet service provider either in writing or by electronic
4 19 means.
4 20 The bill specifies exceptions to the prohibition against
4 21 disclosure, if disclosure is made pursuant to a court order,
4 22 warrant, or subpoena; in the course of a civil or criminal
4 23 investigation; pursuant to a civil action for conversion
4 24 commenced by an internet service provider or a civil action to
4 25 enforce collection of unpaid subscription fees or purchase
4 26 amounts; or to a consumer who is the subject of the personally
4 27 identifiable information upon the consumer's request.
4 28 The bill requires an internet service provider to take
4 29 reasonable steps to maintain the security and privacy of a
4 30 consumer's personally identifiable information, and provides
4 31 that except for purposes of establishing a violation of the
4 32 bill's provisions, personally identifiable information
4 33 obtained in an unauthorized manner may not be received in
4 34 evidence in a civil action.
4 35 The bill provides that a violation of the bill's provisions
5 1 constitutes a consumer fraud under Code section 714.16,
5 2 subsection 2, paragraph "a", punishable by a civil penalty of
5 3 up to $40,000 per violation and $5,000 per day for a violation
5 4 of an injunction. Additionally, the attorney general may seek
5 5 and recover the greater of $500 or actual damages for each
5 6 consumer injured by a violation of this Code chapter.
5 7 LSB 2554YH 83
5 8 rn/nh/14