Bill Text: CA SB1348 | 2013-2014 | Regular Session | Amended

NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Data brokers: sale of personal information.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Engrossed - Dead) 2014-06-26 - Joint Rule 62(a) file notice suspended. (Ayes 53. Noes 22. Page 5692.) Set, first hearing. Held in committee without recommendation. [SB1348 Detail]

Download: California-2013-SB1348-Amended.html
BILL NUMBER: SB 1348	AMENDED
	BILL TEXT

	AMENDED IN SENATE  MARCH 26, 2014

INTRODUCED BY   Senator DeSaulnier

                        FEBRUARY 21, 2014

   An act to add Chapter 22.3 (commencing with Section 22590)
 of   to  Division 8 of the Business and
Professions Code, relating to personal information.



	LEGISLATIVE COUNSEL'S DIGEST


   SB 1348, as amended, DeSaulnier. Online  Data 
 data  brokers: sale of personal information: notice.
   Existing law protects the privacy of personal information,
including customer records, and requires a business that owns or
licenses personal information about a California resident to
implement and maintain reasonable security procedures and practices
appropriate to the nature of the information, in order to protect the
personal information from unauthorized access, destruction, use,
modification, or disclosure.
   Existing law requires an operator of a commercial Internet Web
site or online service that collects personally identifiable
information through the Internet about consumers residing in
California who use or visit its commercial  Internet  Web
site or online service to conspicuously post its privacy policy on
its  Internet  Web site or online service and to comply with
that policy.
   This bill would require an online data broker, as defined,
 that conducts business in California, and  that
sells to a 3rd party the personal information of any resident of
California, to  notify the individual to whom personal
information pertains when the online data broker sells that
information to a 3rd party, and to inform the individual of the
content of the information sold and the identity of the purchaser.
  allow an individual to review his or her personal
information, either pursuant to a written request or by means of an
  electronic search through a secure online system. The bill
would require an online data   broker to conspicuously post
an opt-out notice on its Internet Web site, as specified, that would
provide specific instructions for permanently removing personal
information from the online data broker's database by making a
written demand requesting to have the information permanently
removed. The bill would require an online data broker that receives a
written demand from an individual pursuant to these provisions to
remove the individual's personal information from public display on
the Internet within 10 days of delivery of the written demand, and to
take specified additional steps to ensure that the information is
not reposted. 
   Vote: majority. Appropriation: no. Fiscal committee: no.
State-mandated local program: no.


THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

  SECTION 1.  Chapter 22.3 (commencing with Section 22590) is added
to Division 8 of the Business and Professions Code, to read:
      CHAPTER 22.3.   ONLINE DATA BROKERS  
ONLINE DATA BROKERS 


   22590.  The following definitions apply to this chapter: 
   (a) "Conspicuously post," with respect to an opt-out notice, means
to post through any of the following:  
   (1) An Internet Web page on which the actual opt-out notice is
posted if the Internet Web page is the homepage or first significant
page after entering the Internet Web site.  
   (2) An icon that hyperlinks to an Internet Web page on which the
actual opt-out notice is posted, if the icon is located on the
homepage or the first significant page after entering the Internet
Web site, and if the icon contains the term "opt out" or "opt-out."
The icon shall also use a color that contrasts with the background
color of the Internet Web page or is otherwise distinguishable. 

   (3) A text link that hyperlinks to an Internet Web page on which
the actual opt-out notice is posted, if the text link is located on
the homepage or first significant page after entering the Internet
Web site, and if the text link does one of the following:  
   (A) Includes the term "opt out" or "opt-out."  
   (B) Is written in capital letters equal to or greater in size than
the surrounding text.  
   (C) Is written in larger type than the surrounding text, or in
contrasting type, font, or color to the surrounding text of the same
size, or set off from the surrounding text of the same size by
symbols or other marks that call attention to the language. 

   (4) Any other functional hyperlink that is so displayed that a
reasonable person would notice it.  
   (a) 
    (b)  "Online data broker" means a  person or
business that conducts business in California, and that owns,
licenses, compiles, or accesses computerized data that includes
individuals' personal information, for the purpose of selling the
personal information upon the request of a third party  
commercial entity that collects, assembles, or maintains personal
information concerning individuals residing in California who are not
customers or employees of that entity, for the purposes of selling
the personal information or providing a third party with access to
the information  . 
   (b) 
    (c)  "Personal information" means any information that
identifies, relates to, describes, or is capable of being associated
with, a particular individual, including, but not limited to, his or
her name, signature, social security number, physical characteristics
or description, address, telephone number, passport number, driver's
license or state identification card number, insurance policy
number, education, employment, employment history, bank account
number, credit card number, debit card number, or any other financial
information, medical information, or health insurance information.
"Personal information" does not include publicly available
information that is lawfully made available to the general public
from federal, state, or local government records. 
   (d) "Publicly post" or "publicly display" means to intentionally
communicate or otherwise make available to the general public. 

   (c) 
    (e)  "Subject individual" means the person to whom
personal information pertains. 
   22592.  (a) An online data broker that conducts business in
California, and that sells to a third party the personal information
of any resident of California, shall inform the subject individual of
all of the following:
   (1) That the online data broker has sold the subject individual's
personal information to a third party.
   (2) The content of the personal information sold.
   (3) The identity of the third party to whom the online data broker
sold the subject individual's personal information.
   (b) The online data broker shall provide the information described
in paragraphs (1) to (3), inclusive, of subdivision (a) by
forwarding the information to each e-mail address for the subject
individual to which the online data broker has access, at the same
time that the online data broker provides the personal information to
the third party. If the online data broker does not have access to
any e-mail address for the subject individual, the online data broker
shall mail a copy of the information to the most recent physical
address for the subject individual to which the online data broker
has access, within ___ working days after the online data broker
provides the personal information to the third party.  
   22592.  An online data broker that sells or provides to a third
party the personal information of any resident of California, shall
permit an individual to review his or her personal information that
has been collected, assembled, or maintained by the online data
broker, either by submitting a written request or by means of an
electronic search through a secure online system.  
   22594.  (a) (1) An online data broker shall conspicuously post an
opt-out notice on its Internet Web site, which shall include specific
instructions for permanently removing personal information from the
online data broker's database, by making a written demand requesting
to have the information removed.
   (2) If an individual makes a written demand to remove his or her
personal information from an online data broker's database pursuant
to this subdivision, the online data broker shall permanently remove
an individual's personal information from its database, in accordance
with subdivision (b).
   (b) (1) An online data broker that receives a written demand from
an individual pursuant to this section shall remove the individual's
personal information from public display on the Internet within 10
days of delivery of the written demand, and shall continue to ensure
that this information is not reposted on the same Internet Web site,
a subsidiary site, or any other Internet Web site maintained by the
online data broker receiving the written demand.
   (2) After receiving the individual's written demand, the online
data broker shall not transfer an individual's personal information
to any other person, business, or association through any other
medium.

LegiScan Search

View Top 50 Searches

Select area of search.
Find an exact bill number.
Search bill text and data. [help]
Reset

LegiScan Trends

View Top 50 National

CA AB2308 Domestic violence: protective orders.
CA AB2231 Pawnbrokers: education.
IL SB3455 IDOR-PROP TX STUDY
US SB5124 A bill to require the United States Secret Service to provide protection...
US HB3227 Ensuring Seniors’ Access to Quality Care Act
CA AB1784 Primary elections: candidate withdrawals.
MI HB5965 Environmental protection: other; grant program for farmers affected by...
IL SB3207 CHILD CARE-DAY CARE CENTER
IL SB2697 INS CD-CANCER-GENETIC TESTING
NY A05729 Requires insurers to provide coverage for tattooing of the nipple-areolar...
feedback