in Congressional Research Service Reports
Identity Theft: Trends and Issues
(R40599, February 2012) (32pp | 419kb | PDF) — “This report first provides a brief federal legislative history of identity theft laws. It analyzes the current trends in identity theft, including prevalent identity theft-related crimes, the federal agencies involved in combating identity theft, and the trends in identity theft complaints and prosecutions. The report also discusses the relationship between data breaches and identity theft as well as possible effects of the FTC’s Identity Theft Red Flags Rule, effective December 31, 2010. It also examines possible issues for Congress to consider.”
Privacy Protections for Personal Information Online
(R41765, April 2011) (15pp | 187kb | PDF) — “There is no comprehensive federal privacy statute that protects personal information. Instead, a patchwork of federal laws and regulations govern the collection and disclosure of personal information and has been addressed by Congress on a sector-by-sector basis. Federal laws and regulations extend protection to consumer credit reports, electronic communications, federal agency records, education records, bank records, cable subscriber information, video rental records, motor vehicle records, health information, telecommunications subscriber information, children’s online information, and customer financial information. Some contend that this patchwork of laws and regulations is insufficient to meet the demands of today’s technology. Congress, the Obama Administration, businesses, public interest groups, and citizens are all involved in the discussion of privacy solutions. This report examines some of those efforts with respect to the protection of personal information. This report provides a brief overview of selected recent developments in the area of federal privacy law. This report does not cover workplace privacy laws or state privacy laws.”
The Protection of Classified Information: The Legal Framework
(RS21900, January 2011) (15pp | 318kb | PDF)— "This report provides an overview of the relationship between executive and legislative authority over national security information, and summarizes the current laws that form the legal framework protecting classified information, including current executive orders and some agency regulations pertaining to the handling of unauthorized disclosures of classified information by government officers and employees. The report also summarizes criminal laws that pertain specifically to the unauthorized disclosure of classified information."
Federal Information Security and Data Breach Notification Laws
(RL34120, January 2010) (26pp | 264 kb | PDF) — "The following report describes information security and data breach notification requirements…Information security laws are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations where unauthorized persons have access or potential access to such information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and include requirements for incident reporting and handling and external breach notification."
"Sensitive But Unclassified" Information and Other Controls: Policy and Options for Scientific and Technical Information
(RL33303, December 2006) (93pp | 481kb | PDF) - Federal agencies do not have uniform definitions of SBU or consistent policies to safeguard or release it, raising questions about how to identify SBU information, especially S&T information; how to keep it from terrorists, while allowing access for those who need to use it; and how to develop uniform nondisclosure policies and penalties."