Wednesday, April 29, 2009

Important 2009 California Privacy Bills

I'm going to take a little break from the national "privacy scene" today and give an update on the progress of some of the California specific bills we (Consumer Federation of California) are working on this year.

The most notable news is the State Senate's recent approval of SB 20 (Simitian) - Security Breach Notification - by a vote of 26 AYES to just 7 NOES. The bill now moves on to the State Assembly.

SB 20 would amend California's security breach notification law stating that any public agency, person or business required to issue a security breach notification to more than 500 residents must submit the notification electronically to the Attorney General.

This measure also requires that the notification be written in plain language and include contact information regarding the breach, the types of information breached, and the date, estimated date, or date range of the breach.

Additionally, SB 20 would amend the substitute notice provisions of California's security breach notification law to require that an entity providing substitute notice also provide notice to the Office of Information Security and Privacy Protection.

California’s current security breach notification law does not require public agencies, businesses, or persons subject to that law to provide any standard set of information about the breach to consumers. As a result, security breach notification letters often lack important information - such as the time of the breach or type of information that was breached - or are confusing to consumers.

This leaves consumers uncertain about how to respond to the breach or protect themselves from identity theft. SB 20 makes relatively modest but helpful changes to the current security breach notification statutes to enhance consumer knowledge about, and understanding of, security breaches.

Click here to read the article on the bills passage in the California Chronicle.

OTHER IMPORTANT 2009 PRIVACY BILLS

AB 1094 (Conway) - Protecting Abandoned Records:

CFC Position: Support

AB 1094 would institute stricter regulations of abandoned records which will ultimately improve protection of an individual’s privacy. Currently, when a business which ceases to operate, it is free to dispose of its records with little restriction even if these records contain personal information of its employees such as social security numbers.

AB 1094 would address this problem by requiring a business to treat abandoned records containing employee information with as much care as those records of consumers. An employer would have to ensure that all personal information is made unreadable before disposal.

This bill goes even further and creates incentives for entities such as storage facilities to also dispose of records containing personal information in a manner that is designed to protect a person's privacy.

Bill Status: AB 1094 was re-referred to the Assembly Business and Professions Committee on April 13th, and is scheduled to be heard this week.

Click here to read an article on this bill in today's Visalia Times Delta.

SB 437 (Pavley) - Prohibit Charges for Unlisted Telephone Numbers

CFC Position: Support

This bill would prohibit a subscriber from being charged for making the choice to not have his or her name or telephone number listed in a directory or publicly available directory assistance database.

In May, 2007, AT&T raised the charge for maintaining an unlisted telephone number from 28 cents per month to $1.25 per month. Under deregulation, AT&T does not need to provide any justification for this increase, nor are there any laws or regulations in place to prevent AT&T or other telephone companies from raising the charge continually.

Cell phone companies are already prohibited from charging for an unlisted cell phone number. SB 437 extends the same right to privacy to residential phone subscribers. Telephone companies should not be allowed to profit from something that is a right guaranteed in California’s Constitution—our right to privacy.

Of course, taking on the telecom industry is always an incredibly tough task and uphill battle...no matter how fair, logical and just the legislation.

Bill Status: SB 437 is scheduled to be heard on May 5, 2009 in the Senate Energy, Utilities, and Communications Committee.

These three bills are CFC's "privacy priorities" this year in the state legislature, but only represent a few of the many bills we're tracking and will take formal positions on.

No comments: