BILL NUMBER: SB 1451 ENROLLED
BILL TEXT
PASSED THE SENATE AUGUST 23, 2004
PASSED THE ASSEMBLY AUGUST 9, 2004
AMENDED IN ASSEMBLY JULY 2, 2004
AMENDED IN ASSEMBLY JUNE 15, 2004
AMENDED IN ASSEMBLY JUNE 3, 2004
AMENDED IN SENATE MAY 11, 2004
AMENDED IN SENATE APRIL 26, 2004
AMENDED IN SENATE APRIL 12, 2004
INTRODUCED BY Senator Figueroa
FEBRUARY 19, 2004
An act to add Title 1.81.4 (commencing with Section 1798.98) to
Part 4 of Division 3 of the Civil Code, relating to privacy.
LEGISLATIVE COUNSEL'S DIGEST
SB 1451, Figueroa. Privacy guarantees.
Existing law requires a business to ensure the privacy of a
customer's records and personal information, as defined. Existing
law also prohibits a person or entity from publicly posting or
displaying an individual's social security number. Existing federal
law, the Gramm-Leach-Bliley Act, requires financial institutions to
provide a notice to consumers relative to the use by the financial
institution of nonpublic personal information, and in that regard
authorizes consumers to direct that the information not be shared
with nonaffiliated 3rd parties. The California Financial Information
Privacy Act requires a financial institution, as defined, to provide
a specified written form to a consumer relative to the sharing of
the consumer's nonpublic personal information and authorizes a
consumer to direct that the information not be shared with certain
entities. Existing law also establishes standards for the
collection, use, and disclosure of information gathered in connection
with insurance transactions.
This bill would prohibit a person who receives protected
information, as specified, from sharing or disclosing the information
in a manner that would be prohibited by a privacy law, as specified.
The bill would also provide that the person would be civilly liable
for sharing or disclosing that information, as specified.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. It is the intent of the Legislature to do all of the
following:
(a) Reaffirm the importance of the laws of this state and federal
laws protecting the privacy of confidential, personal information.
(b) Ensure that confidential information regarding a California
resident that is legally protected within California will be
protected when it is used by parties located outside the State of
California.
(c) Ensure that any person located outside the State of California
who has access to legally protected confidential information
regarding a resident of California and who violates a law governing
the confidentiality of that information shall be subject to legal
action in the courts of this state for the violation of that law.
SEC. 2. Title 1.81.4 (commencing with Section 1798.98) is added to
Part 4 of Division 3 of the Civil Code, to read:
TITLE 1.81.4. PRIVACY GUARANTEES
1798.98. (a) For purposes of this section, "privacy law" means
any of the following:
(1) Part 2.6 (commencing with Section 56) of Division 1.
(2) Title 1.81.1 (commencing with Section 1798.85).
(3) Title 1.82 (commencing with Section 1799).
(4) Division 1.2 (commencing with Section 4050) of the Financial
Code.
(5) Article 6.6 (commencing with Section 791) of Chapter 1 of Part
2 of Division 1 of the Insurance Code.
(b) The following shall apply to any person who receives protected
information as part of a transaction that originated with an entity
required to comply with a privacy law listed in subdivision (a) and
who is not subject to any of those provisions:
(1) That person shall not share or otherwise disclose the
information in a manner that would be prohibited by a privacy law as
applicable to the party from whom the information is received.
(2) That person shall be liable in an action for civil damages
under this section in the courts of this state, brought by a resident
of this state who has been harmed by a violation of this
subdivision, regardless of where the violation occurs. For purposes
of this paragraph, that person shall be deemed to consent to
jurisdiction in the courts of this state.
(c) The provisions of this section are severable. If any
provision of this section or its application is held invalid, that
invalidity shall not affect other provisions or applications that can
be given effect without the invalid provision or application.
(d) Nothing in this section shall modify the application of a
privacy law to a person or entity that is already subject to that
privacy law.