Bill Text: CA SB1348 | 2013-2014 | Regular Session | Amended

Bill Title: Data brokers: sale of personal information.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Engrossed - Dead) 2014-06-26 - Joint Rule 62(a) file notice suspended. (Ayes 53. Noes 22. Page 5692.) Set, first hearing. Held in committee without recommendation. [SB1348 Detail]

Download: California-2013-SB1348-Amended.html
BILL NUMBER: SB 1348	AMENDED
	BILL TEXT

	AMENDED IN ASSEMBLY  JUNE 23, 2014
	AMENDED IN ASSEMBLY  JUNE 15, 2014
	AMENDED IN SENATE  APRIL 29, 2014
	AMENDED IN SENATE  APRIL 8, 2014
	AMENDED IN SENATE  MARCH 26, 2014

INTRODUCED BY   Senator DeSaulnier

                        FEBRUARY 21, 2014

   An act to add Chapter 22.3 (commencing with Section 22590) to
Division 8 of the Business and Professions Code, relating to personal
information.



	LEGISLATIVE COUNSEL'S DIGEST


   SB 1348, as amended, DeSaulnier. Data brokers: sale of personal
information.
   Existing law protects the privacy of personal information,
including customer records, and requires a business that owns or
licenses personal information about a California resident to
implement and maintain reasonable security procedures and practices
appropriate to the nature of the information, in order to protect the
personal information from unauthorized access, destruction, use,
modification, or disclosure.
   Existing law requires an operator of a commercial Internet Web
site or online service that collects personally identifiable
information through the Internet about consumers residing in
California who use or visit its commercial Internet Web site or
online service to conspicuously post its privacy policy on its
Internet Web site or online service and to comply with that policy.
   Unless  prohibited by federal or state law,  
required or authorized by federal or state law to share the personal
information with a 3rd party or prohibited by federal or state law
from providing access to the personal information,  this bill
would require a data broker, as defined, that sells or offers for
sale to a 3rd party the personal information of any resident of
California, to  (1)  permit a subject individual, as
defined, to review his or her personal information  , as
specified. The bill would require a data broker, unless prohibited by
federal or state law, to   and (2)  conspicuously
post an opt-out notice on its Internet Web site that would include
specific and easily understood instructions for  permanently
removing personal information from the online data broker's database
by making a demand requesting that his or her personal information
not be shared with or sold to third parties.   the
subject individual to make a demand on the data broker's Internet Web
site that his or her personal information not be shared with or sold
to a 3rd party.  The bill would require a data broker that
receives a demand from a subject individual pursuant to these
provisions  , unless prohibited by federal or state law,
 to cease sharing or selling that information with 
third parties   a 3rd party  as soon as is
reasonably possible, and thereafter to only retain as much personal
information as is reasonably necessary to comply with the subject
individual's demand.
    This bill would also make it unlawful for a data broker to
solicit or accept the payment of a fee or other consideration to
review or permanently remove personal information from the data
broker's database  , and   . The bill 
would authorize a subject individual to bring a civil action against
any person in violation of these provisions  for specified
damages  .
   Vote: majority. Appropriation: no. Fiscal committee: no.
State-mandated local program: no.


THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

  SECTION 1.  Chapter 22.3 (commencing with Section 22590) is added
to Division 8 of the Business and Professions Code, to read:
      CHAPTER 22.3.  DATA BROKERS


   22590.  The following definitions apply to this chapter:
   (a) "Conspicuously post," with respect to an opt-out notice, means
to post through any of the following:
   (1) An Internet Web page on which the actual opt-out notice is
posted if the Internet Web page is the homepage or first significant
page after entering the Internet Web site.
   (2) An icon that hyperlinks to an Internet Web page on which the
actual opt-out notice is posted, if the icon is located on the
homepage or the first significant page after entering the Internet
Web site, and if the icon contains the term "opt out" or "opt-out."
The icon shall also use a color that contrasts with the background
color of the Internet Web page or is otherwise distinguishable.
   (3) A text link that hyperlinks to an Internet Web page on which
the actual opt-out notice is posted, if the text link is located on
the homepage or first significant page after entering the Internet
Web site, and if the text link does one of the following:
   (A) Includes the term "opt out" or "opt-out."
   (B) Is written in capital letters equal to or greater in size than
the surrounding text.
   (C) Is written in larger type than the surrounding text, or in
contrasting type, font, or color to the surrounding text of the same
size, or set off from the surrounding text of the same size by
symbols or other marks that call attention to the language.
   (4) Any other functional hyperlink that is so displayed that a
reasonable person would notice it and understand it to be a hyperlink
to the actual opt-out notice.
   (b) (1) "Data broker" means a commercial entity that collects,
assembles, or maintains personal information concerning individuals
residing in California who are not customers or employees of that
entity  or who had no previous contact with that entity prior to
contacting the entity pursuant to Section 22591 , for the
purposes of selling or offering for sale, or other consideration, the
personal information to a third party.
   (2) "Data broker" does not include any of the following:
   (A) A commercial entity that sells personal information to the
subject individual or his or her representative.
   (B) A commercial entity engaging in the activities of a "consumer
reporting agency" pursuant to the Fair Credit Reporting Act (15
U.S.C. Sec. 1681 et seq.)
   (C) A commercial entity engaging in the activities of a "consumer
credit reporting agency" pursuant to the Consumer Credit Reporting
Agencies Act Title 1.6 (commencing with Section 1785.1) of Part 4 of
Division 3 of the Civil Code.
   (D) A commercial entity selling or providing for sale personal
information to other commercial or nonprofit entities or government
agencies that will use the information for purposes permitted to be
used or disclosed pursuant to any applicable provision of Title V of
the Gramm-Leach-Bliley Act (15 U.S.C. Sec. 6801 et seq.), including
purposes such as identity confirmation and fraud prevention. 
   (E) A person or entity enumerated in subdivision (b) of Section 2
of Article I of the California Constitution or Section 1070 of the
Evidence Code that publishes or broadcasts information obtained or
prepared in gathering, receiving, or processing of information for
the purpose of communicating information to the public. 
   (c) "Personal information" means any information that identifies,
relates to, describes, or is capable of being associated with, a
particular individual, including, but not limited to, his or her
name, signature, social security number, physical characteristics or
description, address, telephone number, passport number, driver's
license or state identification card number, insurance policy number,
education, employment, employment history, bank account number,
credit card number, debit card number, or any other financial
information, medical information, or health insurance information.
"Personal information" does not include information that is lawfully
made available to the general public from federal, state, or local
government records.
   (d) "Subject individual" means the person to whom personal
information pertains.
   22591.   Unless prohibited by federal or state law,
  Unless the data broker is required or authorized by
federal or state law to share the personal information with a third
party   or is prohibited by federal or state law from
providing access to the personal information,  a data broker
that sells or offers for sale the personal information of any
resident of California to a third party shall do both of the
following:
   (a) Permit a subject individual to review his or her personal
information that has been collected, assembled, or maintained by the
data broker by submitting an electronic demand through a secure
online system.
   (b) (1)  The data broker shall conspicuously 
 Conspicuously  post an opt-out notice on its Internet Web
site, which shall include specific and easily understood instructions
for the subject individual to make a demand on the  data broker'
s  Internet Web site that his or her personal information not be
shared with or sold to  a  third  parties 
 party  .
   (2) If a subject individual makes a demand on the  data broker'
s  Internet Web site that his or her personal information not be
shared with or sold to  a  third  parties 
 party  , the data broker shall cease sharing or selling
that information with  a  third  parties 
 party  as soon as is reasonably possible, and in no event
later than  10   30  days after receipt of
the notice, and the data broker shall thereafter retain only as much
personal information as is reasonably necessary to comply with the
subject individual's demand.
   (3) After receiving a subject individual's demand, the data broker
shall not transfer the subject individual's personal information to
any other person, business, or association  through any other
medium  .
   (4) Any information collected by a data broker to confirm the
identity of a subject individual who has made a demand to remove his
or her personal information from a database pursuant to this chapter
shall be deleted after the identity of the subject individual has
been confirmed and shall not be used for any other purpose.
   22592.  (a) It is unlawful for a data broker to solicit or accept
the payment of a fee or other consideration to review or permanently
remove personal information from the data broker's database.
   (b) Each payment solicited or accepted in violation of this
section constitutes a separate violation.
   22593.  In addition to any other sanction, penalty, or remedy
provided by law, a subject individual may bring a civil action in any
court of competent jurisdiction against any person in violation of
this chapter for damages in an amount equal to the greater of one
thousand dollars ($1,000) per violation or the actual damages
suffered by the subject individual as a result, along with costs,
reasonable attorney's fees, and any other legal or equitable relief.

LegiScan Search

View Top 50 Searches

Select area of search.
Find an exact bill number.
Search bill text and data. [help]
Reset

LegiScan Trends

View Top 50 National

CA AB2308 Domestic violence: protective orders.
CA AB2231 Pawnbrokers: education.
IL SB3455 IDOR-PROP TX STUDY
US SB5124 A bill to require the United States Secret Service to provide protection...
US HB3227 Ensuring Seniors’ Access to Quality Care Act
CA AB1784 Primary elections: candidate withdrawals.
MI HB5965 Environmental protection: other; grant program for farmers affected by...
IL SB3207 CHILD CARE-DAY CARE CENTER
IL SB2697 INS CD-CANCER-GENETIC TESTING
NY A05729 Requires insurers to provide coverage for tattooing of the nipple-areolar...
feedback