Privacy Legislation Enacted in 2004
Unless otherwise noted, all laws go into effect January 1, 2005
Data Collection/Use Limits
AB 2840 (Corbett) - Electronic Surveillance in Rental Cars: This bill prohibits vehicle rental companies from using, accessing, or obtaining information relating to a renter's use of a rental vehicle obtained using onboard electronic surveillance technology, except in certain limited circumstances. It requires rental companies to obtain a renter's consent before using or disclosing information about the renter's use of the vehicle.
AB 3016 (Pavley) - Social Security Numbers: This bill deletes an exception in existing law that allowed a person or business to continue the use of an individual's SSN in otherwise prohibited ways when the such has been continuous since July of 2002. Effective 7/1/06.
SB 58 (Johnson) - Confidentiality of Police Reports: This bill requires the district attorney and the courts in each county to establish a mutually agreeable procedure, as specified, to protect confidential personal information, as defined, regarding any witness or victim contained in a police report, arrest report, or investigative report submitted to a court by a prosecutor in support of a criminal complaint, indictment, or information, or by a prosecutor or law enforcement officer in support of a search warrant or an arrest warrant. Effective immediately.
SB 1618 (Battin) - SSNs on Pay Stubs: This bill amends an existing law to require pay stubs or itemized statements issued by employers, including state and local government, to carry either no more than the last four digits of an employee's SSN or to use an employee ID number other than the SSN. Employers must comply by January 1, 2008.
Health Information Privacy
SB 1633 (Figueroa) - Medical Information Privacy: This bill prohibits a business from seeking to obtain medical information from an individual for direct marketing purposes without clearly disclosing how it will use and share that information and getting the individual's consent.
AB 1950 (Wiggins) - Personal Information Security: This bill requires specified businesses to use safeguards to ensure the security of Californians' personal information (defined as name plus SSN, driver's license/state ID, or financial account number) and to contractually require third parties to do the same. It does not apply to businesses that are subject to other information security laws, such as the federal financial and medical information security rules and the CMIA.
AB 2075 (Benoit) - DMV Employee Fingerprinting: This bill authorizes DMV to require fingerprints and associated information from current or prospective employees whose duties include or will include the following: (1) access to certain confidential information, including credit card numbers and SSNs; (2) access to cash, checks or other accountable items; (3) responsibility for developing or maintaining a critical automated system; (4) responsibility for making decisions on the issuance or denial of a license, endorsement, certificate or indicia. It authorizes DMV to furnish the information to DOJ in order to obtain any records of convictions and specified arrests.
SB 1436 (Murray) - Computer Spyware: This bill prohibits an unauthorized person from knowingly installing or providing software that performs certain function on or to another user's computer located in California. The prohibited software functions are (1) taking control of the computer, (2) modifying certain settings on the computer, (3) collecting personally identifiable information, (4) preventing a user's reasonable efforts to block its installation or disable it, (5) misrepresenting that it will be uninstalled or disabled by a user's action, or (6) removing or rendering inoperative security, anti-spyware or anti-virus software on the computer.
AB 1733 (Reyes) - Wireless Telephone Numbers: This bill requires a subscriber's express permission before a cell phone service provider can list the subscriber's number in a directory.
SB 1457 (Murray) - Spam: This bill amends recently enacted state law banning spam to conform to the federal CAN-SPAM Act. It creates a "stand-alone" code section for unsolicited commercial e-mails with misleading or falsified headers or information, including penalties. It applies to e-mail sent to or from a California e-mail address. The bill authorizes the recipient, an e-mail service provider, or the AG to bring an action for actual damages and liquidated damages of $1,000 per e-mail ad sent in violation, up to $1 million per incident. It also authorizes attorney's fees and costs to a prevailing plaintiff.