BILL NUMBER: AB 1811 AMENDED
BILL TEXT
AMENDED IN ASSEMBLY APRIL 12, 2004
AMENDED IN ASSEMBLY MARCH 8, 2004
INTRODUCED BY Assembly Member Bogh
JANUARY 13, 2004
An act to amend Section 1798.85 of the Civil Code, relating to
privacy.
LEGISLATIVE COUNSEL'S DIGEST
AB 1811, as amended, Bogh. Privacy: social security numbers.
Existing law prohibits a person or entity, with specified
exceptions, from publicly posting or displaying an individual's
social security number. Existing law defines publicly posting or
publicly displaying, in this context, as intentionally communicating
or otherwise making available to the general public.
This bill would additionally prohibit the public posting or
displaying of any portion of an individual's social security number
consisting of 4 or more consecutive digits ,
as specified . The bill would also make nonsubstantive,
technical changes.
Vote: majority. Appropriation: no. Fiscal committee: no.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 1798.85 of the Civil Code is amended to read:
1798.85. (a) Except as provided in subdivisions (b), (h), and
(i), a person or entity may not do any of the following:
(1) Publicly post or publicly display in any manner an individual'
s social security number, or any portion of that number
consisting of four or more consecutive digits with the
knowledge that it is a portion thereof . "Publicly post" or
"publicly display" means to intentionally communicate or otherwise
make available to the general public.
(2) Print an individual's social security number on any card
required for the individual to access products or services provided
by the person or entity.
(3) Require an individual to transmit his or her social security
number over the Internet, unless the connection is secure or the
social security number is encrypted.
(4) Require an individual to use his or her social security number
to access an Internet Web site, unless a password or unique personal
identification number or other authentication device is also
required to access the Internet Web site.
(5) Print an individual's social security number on any materials
that are mailed to the individual, unless state or federal law
requires the social security number to be on the document to be
mailed. Notwithstanding this paragraph, social security numbers may
be included in applications and forms sent by mail, including
documents sent as part of an application or enrollment process, or to
establish, amend or terminate an account, contract or policy, or to
confirm the accuracy of the social security number. A social
security number that is permitted to be mailed under this section may
not be printed, in whole or in part, on a postcard or other mailer
not requiring an envelope, or visible on the envelope or without the
envelope having been opened.
(b) Except as provided in subdivision (e), a person or entity that
has used, prior to July 1, 2002, an individual's social security
number in a manner inconsistent with subdivision (a), may continue
using that individual's social security number in that manner on or
after July 1, 2002, and a state or local agency that has used, prior
to January 1, 2004, an individual's social security number in a
manner inconsistent with subdivision (a), may continue using that
individual's social security number in that manner on or after
January 1, 2004, if all of the following conditions are met:
(1) The use of the social security number is continuous. If the
use is stopped for any reason, subdivision (a) shall apply.
(2) The individual is provided an annual disclosure, that informs
the individual that he or she has the right to stop the use of his or
her social security number in a manner prohibited by subdivision
(a).
(3) A written request by an individual to stop the use of his or
her social security number in a manner prohibited by subdivision (a)
is implemented within 30 days of the receipt of the request. There
may not be a fee or charge for implementing the request.
(4) The person or entity does not deny services to an individual
because the individual makes a written request pursuant to this
subdivision.
(c) This section does not prevent the collection, use, or release
of a social security number as required by state or federal law or
the use of a social security number for internal verification or
administrative purposes.
(d) This section does not apply to documents that are recorded or
required to be open to the public pursuant to Chapter 3.5 (commencing
with Section 6250), Chapter 14 (commencing with Section 7150) or
Chapter 14.5 (commencing with Section 7220) of Division 7 of Title 1
of, Article 9 (commencing with Section 11120) of Chapter 1 of Part 1
of Division 3 of Title 2 of, or Chapter 9 (commencing with Section
54950) of Part 1 of Division 2 of Title 5 of, the Government Code.
This section does not apply to records that are required by statute,
case law, or California Rule of Court, to be made available to the
public by entities provided for in Article VI of the California
Constitution.
(e) (1) In the case of a health care service plan, a provider of
health care, an insurer or a pharmacy benefits manager, a contractor
as defined in Section 56.05, or the provision by any person or entity
of administrative or other services relative to health care or
insurance products or services, including third-party administration
or administrative services only, this section shall become operative
in the following manner:
(A) On or before January 1, 2003, the entities listed in paragraph
(1) shall comply with paragraphs (1), (3), (4), and (5) of
subdivision (a) as these requirements pertain to individual
policyholders or individual contractholders.
(B) On or before January 1, 2004, the entities listed in paragraph
(1) shall comply with paragraphs (1) to (5), inclusive, of
subdivision (a) as these requirements pertain to new individual
policyholders or new individual contractholders and new groups,
including new groups administered or issued on or after January 1,
2004.
(C) On or before July 1, 2004, the entities listed in paragraph
(1) shall comply with paragraphs (1) to (5), inclusive, of
subdivision (a) for all individual policyholders and individual
contractholders, for all groups, and for all enrollees of the Healthy
Families and Medi-Cal programs, except that for individual
policyholders, individual contractholders and groups in existence
prior to January 1, 2004, the entities listed in paragraph (1) shall
comply upon the renewal date of the policy, contract, or group on or
after July 1, 2004, but no later than July 1, 2005.
(2) A health care service plan, a provider of health care, an
insurer or a pharmacy benefits manager, a contractor, or another
person or entity as described in paragraph (1) shall make reasonable
efforts to cooperate, through systems testing and other means, to
ensure that the requirements of this article are implemented on or
before the dates specified in this section.
(3) Notwithstanding paragraph (2), the Director of the Department
of Managed Health Care, pursuant to the authority granted under
Section 1346 of the Health and Safety Code, or the Insurance
Commissioner, pursuant to the authority granted under Section 12921
of the Insurance Code, and upon a determination of good cause, may
grant extensions not to exceed six months for compliance by health
care service plans and insurers with the requirements of this section
when requested by the health care service plan or insurer. Any
extension granted shall apply to the health care service plan or
insurer's affected providers, pharmacy benefits manager, and
contractors.
(f) If a federal law takes effect requiring the United States
Department of Health and Human Services to establish a national
unique patient health identifier program, a provider of health care,
a health care service plan, a licensed health care professional, or a
contractor, as those terms are defined in Section 56.05, that
complies with the federal law shall be deemed in compliance with this
section.
(g) A person or entity may not encode or embed a social security
number in or on a card or document, including, but not limited to,
using a bar code, chip, magnetic strip, or other technology, in place
of removing the social security number, as required by this section.
(h) This section shall become operative, with respect to the
University of California, in the following manner:
(1) On or before January 1, 2004, the University of California
shall comply with paragraphs (1), (2), and (3) of subdivision (a).
(2) On or before January 1, 2005, the University of California
shall comply with paragraphs (4) and (5) of subdivision (a).
(i) This section shall become operative with respect to the
Franchise Tax Board on January 1, 2007.
(j) This section shall become operative with respect to the
California Community College districts on January 1, 2007.
(k) This section shall become operative with respect to the
California State University system on July 1, 2005.
(l) This section shall become operative, with respect to the
California Student Aid Commission and its auxiliary organization, in
the following manner:
(1) On or before January 1, 2004, the commission and its auxiliary
organization shall comply with paragraphs (1), (2), and (3) of
subdivision (a).
(2) On or before January 1, 2005, the commission and its auxiliary
organization shall comply with paragraphs (4) and (5) of subdivision
(a).