Pub.L. 110–326, Title II, § 209, Sept. 26, 2008, 122 Stat. 3564, provided:
Pursuant to its authority under section 994(p) of title 28, United States Code, and in accordance with this section, the United States Sentencing Commission shall review its guidelines and policy statements applicable to persons convicted of offenses under sections 1028, 1028A, 1030, 2511, and 2701 of title 18, United States Code, and any other relevant provisions of law, in order to reflect the intent of Congress that such penalties be increased in comparison to those currently provided by such guidelines and policy statements.
In determining its guidelines and policy statements on the appropriate sentence for the crimes enumerated in subsection (a), the United States Sentencing Commission shall consider the extent to which the guidelines and policy statements may or may not account for the following factors in order to create an effective deterrent to computer crime and the theft or misuse of personally identifiable data:
(1) The level of sophistication and planning involved in such offense.
(2) Whether such offense was committed for purpose of commercial advantage or private financial benefit.
(3) The potential and actual loss resulting from the offense including—
(A) the value of information obtained from a protected computer, regardless of whether the owner was deprived of use of the information; and
(B) where the information obtained constitutes a trade secret or other proprietary information, the cost the victim incurred developing or compiling the information.
(4) Whether the defendant acted with intent to cause either physical or property harm in committing the offense.
(5) The extent to which the offense violated the privacy rights of individuals.
(6) The effect of the offense upon the operations of an agency of the United States Government, or of a State or local government.
(7) Whether the offense involved a computer used by the United States Government, a State, or a local government in furtherance of national defense, national security, or the administration of justice.
(8) Whether the offense was intended to, or had the effect of, significantly interfering with or disrupting a critical infrastructure.
(9) Whether the offense was intended to, or had the effect of, creating a threat to public health or safety, causing injury to any person, or causing death.
(10) Whether the defendant purposefully involved a juvenile in the commission of the offense.
(11) Whether the defendant’s intent to cause damage or intent to obtain personal information should be disaggregated and considered separately from the other factors set forth in USSG 2B1.1(b)(14).
(12) Whether the term “victim” as used in USSG 2B1.1, should include individuals whose privacy was violated as a result of the offense in addition to individuals who suffered monetary harm as a result of the offense.
(13) Whether the defendant disclosed personal information obtained during the commission of the offense.
In carrying out this section, the United States Sentencing Commission shall—
(1) assure reasonable consistency with other relevant directives and with other sentencing guidelines;
(2) account for any additional aggravating or mitigating circumstances that might justify exceptions to the generally applicable sentencing ranges;
(3) make any conforming changes to the sentencing guidelines; and
(4) assure that the guidelines adequately meet the purposes of sentencing as set forth in section 3553(a)(2) of title 18, United States Code.”
* * *