79(R) HB 1130 - Senate Committee Report version


                                                                                


By:  Cook of Navarro, et al.                                      H.B. No. 1130
 
    (Senate Sponsor - Ellis)                                                 
	(In the Senate - Received from the House April 14, 2005; 
April 18, 2005, read first time and referred to Committee on 
Business and Commerce; May 6, 2005, reported adversely, with 
favorable Committee Substitute by the following vote:  Yeas 8, 
Nays 0; May 6, 2005, sent to printer.)


COMMITTEE SUBSTITUTE FOR H.B. No. 1130                                   By:  Lucio


A BILL TO BE ENTITLED

AN ACT


relating to the adoption of a privacy policy by a person who 
requires the disclosure of an individual's social security number; 
providing a civil penalty.
	BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:                        
	SECTION 1.  Subchapter D, Chapter 35, Business & Commerce 
Code, is amended by adding Section 35.581 to read as follows:
	Sec. 35.581.  PRIVACY POLICY NECESSARY TO REQUIRE DISCLOSURE 
OF SOCIAL SECURITY NUMBER.  (a)  A person may not require an 
individual to disclose the individual's social security number to 
obtain goods or services from or enter into a business transaction 
with the person, unless the person;
		(1)  adopts a privacy policy;                                          
		(2)  makes the privacy policy available to the 
individual; and       
		(3)  maintains under the privacy policy the 
confidentiality and security of a social security number disclosed 
to the person.
	(b)  A privacy policy adopted under this section must include 
how personal information is collected, how and when the personal 
information is used, how the personal information is protected, who 
has access to the personal information, and how the personal 
information is disposed.
	(c)  This section does not apply to:                                    
		(1)  a person who is required to maintain and 
disseminate a privacy policy under the Gramm-Leach-Bliley Act (15 
U.S.C. Sections 6801 to 6809), the Family Educational Rights and 
Privacy Act (20 U.S.C. Section 1232g), or the Health Insurance 
Profitability and Accountability Act of 1996 (42 U.S.C. Section 
1320d et seq.);
		(2)  a covered entity under rules adopted by the 
commissioner of insurance relating to insurance consumer health 
information privacy or insurance consumer financial information 
privacy;
		(3)  a governmental body, as defined by Section 
552.003, Government Code, other than a municipally owned utility; 
or 
		(4)  a person with respect to a loan transaction, if the 
person is not engaged in the business of making loans.
	(d)  A person who violates Subsection (a) is liable to the 
state for a civil penalty in the amount not to exceed $500 for each 
calendar month during which a violation occurs.  The civil penalty 
may not be imposed for more than one violation that occurs in a 
month.  The attorney general or the prosecuting attorney in the 
county in which the violation occurs may bring suit to recover the 
civil penalty imposed under this section.
	(e)  The attorney general may bring an action in the name of 
the state to restrain or enjoin a person from violating Subsection 
(a).
	SECTION 2.  This Act takes effect September 1, 2005.                           



* * * * *