Mixed results on privacy legislation in 2013

Governor Brown has signed into law several privacy bills, including the “eraser button” law that gives teens the right to delete social media posts and prohibits certain types of advertising from targeting them; the “revenge porn” measure to prohibit people from posting intimate photos or videos of others online; and another law requires websites to detail how they respond to Do Not Track signals sent from users’ browsers.

CFC-supported data-breach bills were also signed into law: SB 46 (Corbett) strengthens computer account privacy protections by requiring the state and businesses operating in California to provide real-time notification when there is reason to believe someone may have obtained a California resident’s password, username, or answers to security questions. This will make it possible to immediately change access information and prevent or limit financial losses and theft of personal data. AB 1149 (Campos) helps to stop identity theft by requiring all local government agencies to notify their workers and constituents if their electronic data has been hacked, as the state and the private sector are already required to do.

Another CFC-supported bill, SB 658 (Calderon), signed into law, closes the loophole in the existing protection of Confidentiality of Medical Information Act (CMIA) rules and protects privacy of people using mobile apps for medical purposes.

Internet companies and their lobbyists fought hard against key consumer privacy bills that we support.

SB 383 (Jackson), sponsored by CFC, ran into ferocious opposition by industry lobbyists, with Apple leading the charge. SB 383 restores online credit card privacy protections. It would permit online businesses to collect only a customer’s zip code and other limited information necessary to combat fraud or identity theft, or to complete a customer-initiated transaction. A recent State Supreme Court decision exempted online merchants from credit card privacy protections that have been the law for over two decades. Online databases are highly vulnerable to hacking and reports allege that iTunes and other Apple databases are a favorite for identity thieves. Apple gathers personally identifiable information alongside credit card numbers, from customers downloading iTunes, and uses this information for marketing purposes. SB 383 is eligible for a Senate Floor vote in January.

AB 1291 (Lowenthal) requires companies to disclose to users, upon request, all of the personal that has been information collected about them, and how that data was shared with other businesses. Despite commitments to transparency from companies like Facebook, Google, and Microsoft, industry groups that represent them heavily lobbied against the bill. AB 1291 is a two-year bill.

CFC keeps fighting for consumer privacy and data protection – and we appreciate our supporters who continue to assist us in our efforts. Your voice is critical and makes a difference.