Us Congress 2025-2026 Regular Session

Us Congress Senate Bill SB1287 Compare Versions

Only one version of the bill is available at this time.

Old	New	Differences
1	1	II
2	2	119THCONGRESS
3	3	1
4	4	STSESSION S. 1287
5	5	To establish a centralized system to allow individuals to request the simulta-
6	6	neous deletion of their personal information across all data brokers,
7	7	and for other purposes.
8	8	IN THE SENATE OF THE UNITED STATES
9	9	APRIL3, 2025
10	10	Mr. C
11	11	ASSIDY(for himself, Mr. OSSOFF, and Mr. LUJA´N) introduced the fol-
12	12	lowing bill; which was read twice and referred to the Committee on Com-
13	13	merce, Science, and Transportation
14	14	A BILL
15	15	To establish a centralized system to allow individuals to
16	16	request the simultaneous deletion of their personal infor-
17	17	mation across all data brokers, and for other purposes.
18	18	Be it enacted by the Senate and House of Representa-1
19	19	tives of the United States of America in Congress assembled, 2
20	20	SECTION 1. SHORT TITLE. 3
21	21	This Act may be cited as the ‘‘Data Elimination and 4
22	22	Limiting Extensive Tracking and Exchange Act’’ or the 5
23	23	‘‘DELETE Act’’. 6
24	24	SEC. 2. DATA DELETION REQUIREMENTS. 7
25	25	(a) D
26	26	ATABROKERANNUALREGISTRATION.— 8
27	27	(1) I
28	28	N GENERAL.— 9
29	29	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
30	30	mprince on LAP1J3WLY3PROD with $$_JOB 2
31	31	•S 1287 IS
32	32	(A) REGULATIONS.—Not later than 1 year 1
33	33	after the date of enactment of this section, the 2
34	34	Commission shall promulgate regulations to re-3
35	35	quire any data broker to— 4
36	36	(i) not later than 18 months after the 5
37	37	date of enactment of this section, and an-6
38	38	nually thereafter, register with the Com-7
39	39	mission; and 8
40	40	(ii) subject to subparagraph (B), pro-9
41	41	vide the following information with such 10
42	42	registration: 11
43	43	(I) The name and primary phys-12
44	44	ical, email, and uniform resource loca-13
45	45	tor (URL) addresses of the data 14
46	46	broker. 15
47	47	(II) If the data broker permits 16
48	48	an individual to opt out of the data 17
49	49	broker’s collection or use of personal 18
50	50	information, certain sales of such in-19
51	51	formation, or its databases— 20
52	52	(aa) the method for request-21
53	53	ing an opt-out; 22
54	54	(bb) any limitations on the 23
55	55	type of data collection, uses, or 24
56	56	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
57	57	mprince on LAP1J3WLY3PROD with $$_JOB 3
58	58	•S 1287 IS
59	59	sales for which an individual may 1
60	60	opt-out; and 2
61	61	(cc) whether the data broker 3
62	62	permits an individual to author-4
63	63	ize a third party to perform the 5
64	64	opt-out on the individual’s behalf. 6
65	65	(III) A response to a standard-7
66	66	ized form (as issued by the Commis-8
67	67	sion) specifying the types of informa-9
68	68	tion the data broker collects or ob-10
69	69	tains and the sources from which the 11
70	70	data broker obtains data. 12
71	71	(IV) A statement as to whether 13
72	72	the data broker implements a 14
73	73	credentialing process and, if so, a de-15
74	74	scription of that process. 16
75	75	(V) Any additional information 17
76	76	or explanation the data broker chooses 18
77	77	to provide concerning its data collec-19
78	78	tion practices. 20
79	79	(VI) Any other information de-21
80	80	termined appropriate by the Commis-22
81	81	sion. 23
82	82	(B) C
83	83	ONSTRUCTION.—Nothing in this 24
84	84	paragraph shall be construed as requiring a 25
85	85	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
86	86	mprince on LAP1J3WLY3PROD with $$_JOB 4
87	87	•S 1287 IS
88	88	data broker to disclose any information that is 1
89	89	a trade secret or confidential information de-2
90	90	scribed in section 552(b)(4) of title 5, United 3
91	91	States Code. 4
92	92	(2) P
93	93	UBLIC AVAILABILITY.— 5
94	94	(A) I
95	95	N GENERAL.—The Commission shall 6
96	96	make the information described in paragraph 7
97	97	(1)(A) publicly available in a downloadable and 8
98	98	machine-readable format, except in the event 9
99	99	that the Commission— 10
100	100	(i) determines that the risk of making 11
101	101	such information available is not in the in-12
102	102	terest of public safety or welfare; and 13
103	103	(ii) provides a justification for such 14
104	104	determination. 15
105	105	(B) D
106	106	ISCLAIMER.—The Commission shall 16
107	107	include on the website of the Commission a dis-17
108	108	claimer that— 18
109	109	(i) the Commission cannot confirm 19
110	110	the accuracy of the responses provided by 20
111	111	the data brokers in the registration de-21
112	112	scribed in paragraph (1)(A); and 22
113	113	(ii) individuals may contact such data 23
114	114	brokers at their own risk. 24
115	115	(b) C
116	116	ENTRALIZEDDATADELETIONSYSTEM.— 25
117	117	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
118	118	mprince on LAP1J3WLY3PROD with $$_JOB 5
119	119	•S 1287 IS
120	120	(1) ESTABLISHMENT.— 1
121	121	(A) I
122	122	N GENERAL.—Not later than 1 year 2
123	123	after the date of enactment of this section, the 3
124	124	Commission shall promulgate regulations to es-4
125	125	tablish a centralized system that— 5
126	126	(i) implements and maintains reason-6
127	127	able security procedures and practices (in-7
128	128	cluding administrative, physical, and tech-8
129	129	nical safeguards) appropriate to the nature 9
130	130	of the information and the purposes for 10
131	131	which the personal information will be 11
132	132	used, to protect individuals’ personal infor-12
133	133	mation from unauthorized use, disclosure, 13
134	134	access, destruction, or modification; 14
135	135	(ii) allows an individual, through a 15
136	136	single submission, to request that every 16
137	137	data broker who is registered under sub-17
138	138	section (a) and who maintains any per-18
139	139	sistent identifiers (as described in subpara-19
140	140	graph (B)(iii))— 20
141	141	(I) delete any personal informa-21
142	142	tion related to such individual held by 22
143	143	such data broker or affiliated legal en-23
144	144	tity of the data broker; and 24
145	145	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
146	146	mprince on LAP1J3WLY3PROD with $$_JOB 6
147	147	•S 1287 IS
148	148	(II) unless otherwise specified by 1
149	149	the individual, discontinue any present 2
150	150	or future collection of personal infor-3
151	151	mation related to such individual; and 4
152	152	(iii) allows a registered data broker, 5
153	153	prior to the collection of any personal in-6
154	154	formation that is tied to a persistent iden-7
155	155	tifier for which a registry exists, to submit 8
156	156	a query to the centralized system to con-9
157	157	firm that the persistent identifier is not 10
158	158	subject to a deletion request described in 11
159	159	clause (ii). 12
160	160	(B) R
161	161	EQUIREMENTS.—The centralized sys-13
162	162	tem established in subparagraph (A) shall meet 14
163	163	the following requirements: 15
164	164	(i) The centralized system shall allow 16
165	165	an individual to request the deletion of all 17
166	166	personal information related to such indi-18
167	167	vidual and the discontinuation of any col-19
168	168	lection of such personal information related 20
169	169	to such individual through a single deletion 21
170	170	request. 22
171	171	(ii) The centralized system shall pro-23
172	172	vide a standardized form to allow an indi-24
173	173	vidual to make such request. 25
174	174	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
175	175	mprince on LAP1J3WLY3PROD with $$_JOB 7
176	176	•S 1287 IS
177	177	(iii) Such standardized form shall in-1
178	178	clude the individual’s email, phone number, 2
179	179	physical address, and any other persistent 3
180	180	identifier determined by the Commission to 4
181	181	aid in the deletion request. 5
182	182	(iv) The centralized system shall auto-6
183	183	matically salt and hash all submitted infor-7
184	184	mation and allow the Commission to main-8
185	185	tain independent hashed registries of each 9
186	186	type of information obtained through such 10
187	187	form. 11
188	188	(v) The centralized system shall only 12
189	189	permit data brokers who are registered 13
190	190	with the Commission to submit hashed 14
191	191	queries to the independent hashed reg-15
192	192	istries described in clause (iv). 16
193	193	(vi) With respect to the independent 17
194	194	hashed registries described in clause (iv), 18
195	195	the salt shall be different for each such 19
196	196	registry and shall be made available to all 20
197	197	registered data brokers for the purposes of 21
198	198	submitting hashed queries, as described in 22
199	199	clause (v). 23
200	200	(vii) The centralized system shall 24
201	201	allow an individual to make such request 25
202	202	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
203	203	mprince on LAP1J3WLY3PROD with $$_JOB 8
204	204	•S 1287 IS
205	205	using an internet website operated by the 1
206	206	Commission. 2
207	207	(viii) The centralized system shall not 3
208	208	charge the individual to make such re-4
209	209	quest. 5
210	210	(C) T
211	211	RANSITION.— 6
212	212	(i) I
213	213	N GENERAL.—Not later than 8 7
214	214	months after the effective date of the regu-8
215	215	lations promulgated under subparagraph 9
216	216	(A), each data broker shall— 10
217	217	(I) not less than once every 31 11
218	218	days, access the hashed registries 12
219	219	maintained by the Commission as de-13
220	220	scribed in subparagraph (B)(iv); and 14
221	221	(II) process any deletion request 15
222	222	associated with a match between such 16
223	223	hashed registries and the records of 17
224	224	the data broker. 18
225	225	(ii) FTC
226	226	GUIDANCE.—Not later than 19
227	227	6 months after the effective date of the 20
228	228	regulations promulgated under subpara-21
229	229	graph (A), the Commission shall publish 22
230	230	guidance on the process and standards to 23
231	231	which a data broker must adhere in car-24
232	232	rying out clause (i). 25
233	233	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
234	234	mprince on LAP1J3WLY3PROD with $$_JOB 9
235	235	•S 1287 IS
236	236	(2) DELETION.— 1
237	237	(A) I
238	238	NFORMATION DELETION .— 2
239	239	(i) I
240	240	N GENERAL.—Subject to clause 3
241	241	(ii), not later than 31 days after accessing 4
242	242	the hashed registries described in para-5
243	243	graph (1)(B)(iv), a data broker and any 6
244	244	associated legal entity shall delete all per-7
245	245	sonal information in its possession related 8
246	246	to the individual making the request and 9
247	247	discontinue the collection of personal infor-10
248	248	mation related to such individual. Imme-11
249	249	diately following the deletion, the data 12
250	250	broker shall send an affirmative represen-13
251	251	tation to the Commission with the number 14
252	252	of records deleted pursuant to each match 15
253	253	with a value in the hashed registries. 16
254	254	(ii) E
255	255	XCLUSIONS.—In carrying out 17
256	256	clause (i), a data broker may retain, where 18
257	257	required, the following information: 19
258	258	(I) Any personal information that 20
259	259	is processed or maintained solely as 21
260	260	part of human subjects research con-22
261	261	ducted in compliance with any legal 23
262	262	requirements for the protection of 24
263	263	human subjects. 25
264	264	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
265	265	mprince on LAP1J3WLY3PROD with $$_JOB 10
266	266	•S 1287 IS
267	267	(II) Any personal information 1
268	268	necessary to comply with a warrant, 2
269	269	subpoena, court order, rule, or other 3
270	270	applicable law. 4
271	271	(III) Any information necessary 5
272	272	for an activity described in subsection 6
273	273	(f)(3)(B), provided that the retained 7
274	274	information is used solely for any 8
275	275	such activity. 9
276	276	(iii) U
277	277	SE OF INFORMATION.—Any per-10
278	278	sonal information excluded under clause 11
279	279	(ii) may only be used for the purpose de-12
280	280	scribed in the applicable subclause of 13
281	281	clause (ii), and may not be used for any 14
282	282	other purpose, including marketing pur-15
283	283	poses. 16
284	284	(B) A
285	285	NNUAL REPORT.—Each data broker 17
286	286	registered under subsection (a) shall submit to 18
287	287	the Commission, on an annual basis, a report 19
288	288	on the completion rate with respect to the com-20
289	289	pletion of deletion requests under subparagraph 21
290	290	(A). 22
291	291	(C) A
292	292	UDIT.— 23
293	293	(i) I
294	294	N GENERAL.—Not later than 3 24
295	295	years after the date of enactment of this 25
296	296	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00010 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
297	297	mprince on LAP1J3WLY3PROD with $$_JOB 11
298	298	•S 1287 IS
299	299	section, and every 3 years thereafter, each 1
300	300	data broker registered under subsection (a) 2
301	301	shall undergo an independent third party 3
302	302	audit to determine compliance with this 4
303	303	subsection. 5
304	304	(ii) A
305	305	UDIT REPORT.—Not later than 6 6
306	306	months after the completion of any audit 7
307	307	under clause (i), each such data broker 8
308	308	shall submit to the Commission any report 9
309	309	produced as a result of the audit, along 10
310	310	with any related materials. 11
311	311	(iii) M
312	312	AINTAIN RECORDS.—Each such 12
313	313	data broker shall maintain the materials 13
314	314	described in clause (ii) for a period of not 14
315	315	less than 6 years. 15
316	316	(3) A
317	317	NNUAL FEE.— 16
318	318	(A) I
319	319	N GENERAL.—Subject to subpara-17
320	320	graph (B), each data broker registered under 18
321	321	subsection (a) and who maintains any per-19
322	322	sistent identifiers (as described in paragraph 20
323	323	(1)(B)(iii)) shall pay to the Commission, on an 21
324	324	annual basis, a subscription fee determined by 22
325	325	the Commission to access the database. 23
326	326	(B) L
327	327	IMIT.—The amount of the subscrip-24
328	328	tion fee under subparagraph (A) may not ex-25
329	329	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00011 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
330	330	mprince on LAP1J3WLY3PROD with $$_JOB 12
331	331	•S 1287 IS
332	332	ceed 1 percent of the expected annual cost of 1
333	333	operating the centralized system and hashed 2
334	334	registries described in paragraph (1), as deter-3
335	335	mined by the Commission. 4
336	336	(C) A
337	337	VAILABILITY.—Any amounts col-5
338	338	lected by the Commission pursuant to this 6
339	339	paragraph shall be available without further ap-7
340	340	propriation to the Commission for the exclusive 8
341	341	purpose of enforcing and administering this 9
342	342	Act, including the implementation and mainte-10
343	343	nance of such centralized system and hashed 11
344	344	registries and the promotion of public aware-12
345	345	ness of the centralized system. 13
346	346	(c) E
347	347	NFORCEMENT BY THE COMMISSION.— 14
348	348	(1) U
349	349	NFAIR OR DECEPTIVE ACTS OR PRAC -15
350	350	TICES.—A violation of subsection (a) or (b) or a reg-16
351	351	ulation promulgated under this Act shall be treated 17
352	352	as a violation of a rule defining an unfair or decep-18
353	353	tive act or practice under section 18(a)(1)(B) of the 19
354	354	Federal Trade Commission Act (15 U.S.C. 20
355	355	57a(a)(1)(B)). 21
356	356	(2) P
357	357	OWERS OF THE COMMISSION .— 22
358	358	(A) I
359	359	N GENERAL.—The Commission shall 23
360	360	enforce this section in the same manner, by the 24
361	361	same means, and with the same jurisdiction, 25
362	362	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00012 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
363	363	mprince on LAP1J3WLY3PROD with $$_JOB 13
364	364	•S 1287 IS
365	365	powers, and duties as though all applicable 1
366	366	terms and provisions of the Federal Trade 2
367	367	Commission Act (15 U.S.C. 41 et seq.) were in-3
368	368	corporated into and made a part of this Act. 4
369	369	(B) P
370	370	RIVILEGES AND IMMUNITIES .—Any 5
371	371	person who violates subsection (a) or (b) or a 6
372	372	regulation promulgated under this Act shall be 7
373	373	subject to the penalties and entitled to the 8
374	374	privileges and immunities provided in the Fed-9
375	375	eral Trade Commission Act (15 U.S.C. 41 et 10
376	376	seq.). 11
377	377	(C) A
378	378	UTHORITY PRESERVED .—Nothing in 12
379	379	this section shall be construed to limit the au-13
380	380	thority of the Commission under any other pro-14
381	381	vision of law. 15
382	382	(D) R
383	383	ULEMAKING.—The Commission shall 16
384	384	promulgate in accordance with section 553 of 17
385	385	title 5, United States Code, such rules as may 18
386	386	be necessary to carry out this section. 19
387	387	(d) S
388	388	TUDY ANDREPORT.— 20
389	389	(1) S
390	390	TUDY.—The Commission shall conduct a 21
391	391	study on the implementation and enforcement of this 22
392	392	section. Such study shall include— 23
393	393	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00013 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
394	394	mprince on LAP1J3WLY3PROD with $$_JOB 14
395	395	•S 1287 IS
396	396	(A) an analysis of the effectiveness of the 1
397	397	centralized system established in subsection 2
398	398	(b)(1)(A); 3
399	399	(B) the number deletion requests sub-4
400	400	mitted annually using such centralized system; 5
401	401	(C) an analysis of the progress of coordi-6
402	402	nating the operation and enforcement of such 7
403	403	requests with similar systems established and 8
404	404	maintained by the various States; and 9
405	405	(D) any other area determined appropriate 10
406	406	by the Commission. 11
407	407	(2) R
408	408	EPORT.—Not later than 3 years after the 12
409	409	date of enactment of this section, and annually 13
410	410	thereafter for each of the next 4 years, the Commis-14
411	411	sion shall submit to the Committee on Commerce, 15
412	412	Science, and Transportation of the Senate and the 16
413	413	Committee on Energy and Commerce of the House 17
414	414	of Representatives a report containing— 18
415	415	(A) the results of the study conducted 19
416	416	under paragraph (1); 20
417	417	(B) a summary of any enforcement actions 21
418	418	taken pursuant to this Act; and 22
419	419	(C) recommendations for such legislation 23
420	420	and administrative action as the Commission 24
421	421	determines appropriate. 25
422	422	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00014 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
423	423	mprince on LAP1J3WLY3PROD with $$_JOB 15
424	424	•S 1287 IS
425	425	(e) PREEMPTION.— 1
426	426	(1) I
427	427	N GENERAL.—The provisions of this Act 2
428	428	shall preempt any State privacy law only to the ex-3
429	429	tent that such State law is inconsistent with the pro-4
430	430	visions of this Act. 5
431	431	(2) G
432	432	REATER PROTECTION UNDER STATE 6
433	433	LAW.—For purposes of paragraph (1), a State pri-7
434	434	vacy law is not inconsistent with the provisions of 8
435	435	this Act if the protection such law affords any per-9
436	436	son is greater than the protection provided under 10
437	437	this Act, as determined by the Commission. 11
438	438	(f) D
439	439	EFINITIONS.—In this section: 12
440	440	(1) C
441	441	OMMISSION.—The term ‘‘Commission’’ 13
442	442	means the Federal Trade Commission. 14
443	443	(2) C
444	444	REDENTIALING PROCESS .—The term 15
445	445	‘‘credentialing process’’ means the practice of taking 16
446	446	reasonable steps to confirm— 17
447	447	(A) the identity of the entity with whom 18
448	448	the data broker has a direct relationship; 19
449	449	(B) that any data disclosed to the entity 20
450	450	by such data broker will be used for the de-21
451	451	scribed purpose of such disclosure; and 22
452	452	(C) that such data will not be used for un-23
453	453	lawful purposes. 24
454	454	(3) D
455	455	ATA BROKER.— 25
456	456	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00015 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
457	457	mprince on LAP1J3WLY3PROD with $$_JOB 16
458	458	•S 1287 IS
459	459	(A) IN GENERAL .—The term ‘‘data 1
460	460	broker’’ means an entity that knowingly collects 2
461	461	or obtains the personal information of an indi-3
462	462	vidual with whom the entity does not have a di-4
463	463	rect relationship and then— 5
464	464	(i) uses the personal information to 6
465	465	perform a service for a third party; or 7
466	466	(ii) sells, licenses, trades, provides for 8
467	467	consideration, or is otherwise compensated 9
468	468	for disclosing personal information to a 10
469	469	third party. 11
470	470	(B) E
471	471	XCLUSION.—The term ‘‘data broker’’ 12
472	472	does not include an entity who solely uses, sells, 13
473	473	licenses, trades, provides for consideration, or is 14
474	474	otherwise compensated for disclosing personal 15
475	475	information for one or more of the following ac-16
476	476	tivities: 17
477	477	(i) Providing 411 directory assistance 18
478	478	or directory information services, including 19
479	479	name, address, and telephone number, on 20
480	480	behalf of or as a function of a tele-21
481	481	communications carrier. 22
482	482	(ii) Providing an individual’s publicly 23
483	483	available information if the information is 24
484	484	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00016 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
485	485	mprince on LAP1J3WLY3PROD with $$_JOB 17
486	486	•S 1287 IS
487	487	being used by the recipient as it relates to 1
488	488	that individual’s business or profession. 2
489	489	(iii) Providing personal information to 3
490	490	a third party at the express direction of 4
491	491	the individual for a clearly disclosed single- 5
492	492	use purpose. 6
493	493	(iv) Providing or using personal infor-7
494	494	mation for assessing, verifying, or authen-8
495	495	ticating an individual’s identity, or for in-9
496	496	vestigating or preventing actual or poten-10
497	497	tial fraud. 11
498	498	(v) Gathering, preparing, collecting, 12
499	499	photographing, recording, writing, editing, 13
500	500	reporting, or publishing news or informa-14
501	501	tion that concerns local, national, or inter-15
502	502	national events or other matters of public 16
503	503	interest (as determined by the Commis-17
504	504	sion) for dissemination to the public. 18
505	505	(vi) Acting as a consumer reporting 19
506	506	agency (as defined in section 603(f) of the 20
507	507	Fair Credit Reporting Act (15 U.S.C. 21
508	508	1681a(f))). 22
509	509	(C) E
510	510	XCLUSION FROM SALE.— 23
511	511	(i) I
512	512	N GENERAL.—For purposes of 24
513	513	this paragraph, the term ‘‘sells’’ does not 25
514	514	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00017 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
515	515	mprince on LAP1J3WLY3PROD with $$_JOB 18
516	516	•S 1287 IS
517	517	include a one-time or occasional sale of as-1
518	518	sets of an entity as part of a transfer of 2
519	519	control of those assets that is not part of 3
520	520	the ordinary conduct of the entity. 4
521	521	(ii) N
522	522	OTICE REQUIRED.—To meet the 5
523	523	exclusion criteria described in clause (i), an 6
524	524	entity must provide notice to the Commis-7
525	525	sion, in the manner determined appro-8
526	526	priate by the Commission, of any such one- 9
527	527	time or occasional sale of assets. 10
528	528	(4) D
529	529	ELETE.—The term ‘‘delete’’ means to re-11
530	530	move or destroy information such that the informa-12
531	531	tion is not maintained in human- or machine-read-13
532	532	able form and cannot be retrieved or utilized in such 14
533	533	form in the normal course of business. 15
534	534	(5) D
535	535	IRECT RELATIONSHIP.— 16
536	536	(A) I
537	537	N GENERAL.—The term ‘‘direct rela-17
538	538	tionship’’ means a relationship between an indi-18
539	539	vidual and an entity where the individual— 19
540	540	(i) is a current customer; 20
541	541	(ii) has obtained a good or service 21
542	542	from the entity within the prior 18 22
543	543	months; or 23
544	544	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00018 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
545	545	mprince on LAP1J3WLY3PROD with $$_JOB 19
546	546	•S 1287 IS
547	547	(iii) has made an inquiry about the 1
548	548	products or services of the entity within 2
549	549	the prior 90 days. 3
550	550	(B) E
551	551	XCLUSION.—The term ‘‘direct rela-4
552	552	tionship’’ does not include a relationship— 5
553	553	(i) between an individual and a data 6
554	554	broker where the individual’s only connec-7
555	555	tion to the data broker is based on the in-8
556	556	dividual’s request— 9
557	557	(I) for the data broker to delete 10
558	558	the personal information of the indi-11
559	559	vidual; or 12
560	560	(II) to opt-out of the data bro-13
561	561	ker’s collection or use of personal in-14
562	562	formation, certain sales of such infor-15
563	563	mation, or its databases; or 16
564	564	(ii) required under any State or Fed-17
565	565	eral law related to the use of personal in-18
566	566	formation. 19
567	567	(6) H
568	568	ASH.—The term ‘‘hash’’ means to input 20
569	569	data to a cryptographic, one-way, collision resistant 21
570	570	function that maps a bit string of arbitrary length 22
571	571	to a fixed-length bit string to produce a cryp-23
572	572	tographically secure value. 24
573	573	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00019 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
574	574	mprince on LAP1J3WLY3PROD with $$_JOB 20
575	575	•S 1287 IS
576	576	(7) HASHED.—The term ‘‘hashed’’ means the 1
577	577	type of value produced by hashing data. 2
578	578	(8) H
579	579	UMAN SUBJECTS RESEARCH .—The term 3
580	580	‘‘human subjects research’’ means research that— 4
581	581	(A) an investigator (whether professional 5
582	582	or student) conducts on a living individual; and 6
583	583	(B) either— 7
584	584	(i) obtains information or biospeci-8
585	585	mens through intervention or interaction 9
586	586	with the individual, and uses, studies, or 10
587	587	analyzes the information or biospecimens; 11
588	588	or 12
589	589	(ii) obtains, uses, studies, analyzes, or 13
590	590	generates personal information or identifi-14
591	591	able biospecimens. 15
592	592	(9) P
593	593	ERSONAL INFORMATION .— 16
594	594	(A) I
595	595	N GENERAL.—The term ‘‘personal in-17
596	596	formation’’ means any information held by a 18
597	597	data broker, regardless of how the information 19
598	598	is collected, inferred, created, or obtained, that 20
599	599	is linked or reasonably linkable by the data 21
600	600	broker to a particular individual or consumer 22
601	601	device, including the following information: 23
602	602	(i) Financial information, including 24
603	603	any bank account number, credit card 25
604	604	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00020 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
605	605	mprince on LAP1J3WLY3PROD with $$_JOB 21
606	606	•S 1287 IS
607	607	number, debit card number, or insurance 1
608	608	policy number. 2
609	609	(ii) A name, alias, home or other 3
610	610	physical address, online identifier, Internet 4
611	611	Protocol address, email address, phone 5
612	612	number, account name, State identification 6
613	613	card number, driver’s license number, 7
614	614	passport number, or an identifying number 8
615	615	on a government-issued identification. 9
616	616	(iii) Geolocation information. 10
617	617	(iv) Biometric information. 11
618	618	(v) The contents of, attachments to, 12
619	619	or parties to information, including with 13
620	620	respect to email, text messages, picture 14
621	621	messages, voicemails, audio conversations, 15
622	622	or video conversations. 16
623	623	(vi) Web browsing history, including 17
624	624	any search query. 18
625	625	(vii) Genetic sequencing information. 19
626	626	(viii) A device identifier, online identi-20
627	627	fier, persistent identifier, or digital 21
628	628	fingerprinting information. 22
629	629	(ix) Any inference drawn from any of 23
630	630	the information described in this para-24
631	631	graph that is used to create a profile about 25
632	632	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00021 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
633	633	mprince on LAP1J3WLY3PROD with $$_JOB 22
634	634	•S 1287 IS
635	635	an individual that reflects such individual’s 1
636	636	preferences, characteristics, psychological 2
637	637	trends, predispositions, behavior, attitudes, 3
638	638	intelligence, abilities, or aptitudes. 4
639	639	(x) Any other information determined 5
640	640	appropriate by the Commission. 6
641	641	(B) L
642	642	INKED OR REASONABLY LINKABLE .— 7
643	643	For purposes of subparagraph (A), information 8
644	644	is ‘‘linked or reasonably linkable’’ to a par-9
645	645	ticular individual or consumer device if the in-10
646	646	formation can be used on its own or in com-11
647	647	bination with other information held by or read-12
648	648	ily accessible to a data broker to identify a par-13
649	649	ticular individual or consumer device. 14
650	650	(10) P
651	651	ROCESS.—The term ‘‘process’’ means to 15
652	652	perform or direct the performance of an operation 16
653	653	on personal information, including the collection, 17
654	654	transmission, use, disclosure, analysis, prediction, or 18
655	655	modification of such personal information, whether 19
656	656	or not by automated means. 20
657	657	(11) S
658	658	ALT.—The term ‘‘salt’’ means to add a 21
659	659	random string of data to the input of a hash func-22
660	660	tion. 23
661	661	(12) U
662	662	NIFORM RESOURCE LOCATOR ; URL.—The 24
663	663	term ‘‘uniform resource locator’’ or ‘‘URL’’ means a 25
664	664	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00022 Fmt 6652 Sfmt 6201 E:\BILLS\S1287.IS S1287
665	665	mprince on LAP1J3WLY3PROD with $$_JOB 23
666	666	•S 1287 IS
667	667	short string containing an address that refers to an 1
668	668	object on the web. 2
669	669	Æ
670	670	VerDate Sep 11 2014 10:18 Apr 14, 2025 Jkt 000000 PO 00000 Frm 00023 Fmt 6652 Sfmt 6301 E:\BILLS\S1287.IS S1287
671	671	mprince on LAP1J3WLY3PROD with $$_JOB