BILL NUMBER: SB 355 CHAPTERED
BILL TEXT
CHAPTER 437
FILED WITH SECRETARY OF STATE SEPTEMBER 30, 2005
APPROVED BY GOVERNOR SEPTEMBER 30, 2005
PASSED THE SENATE AUGUST 30, 2005
PASSED THE ASSEMBLY AUGUST 25, 2005
AMENDED IN ASSEMBLY JULY 5, 2005
AMENDED IN ASSEMBLY JUNE 15, 2005
AMENDED IN SENATE MAY 24, 2005
AMENDED IN SENATE APRIL 12, 2005
AMENDED IN SENATE MARCH 29, 2005
INTRODUCED BY Senator Murray
FEBRUARY 16, 2005
An act to add Chapter 33 (commencing with Section 22948) to
Division 8 of the Business and Professions Code, relating to the
Internet.
LEGISLATIVE COUNSEL'S DIGEST
SB 355, Murray Internet regulation.
Existing law, the Consumer Protection Against Computer Spyware
Act, provides specified protections for the computers of consumers in
this state against certain types of computer software.
This bill would enact the Anti-Phishing Act of 2005. The bill
would make it unlawful for any person, through the Internet or other
electronic means, to solicit, request, or take any action to induce
another person to provide identifying information by representing
itself to be a business without the approval or authority of the
business. The bill would provide certain civil remedies and civil
penalties for a violation in that regard.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Chapter 33 (commencing with Section 22948) is added to
Division 8 of the Business and Professions Code, to read:
CHAPTER 33. ANTI-PHISHING ACT OF 2005
22948. This chapter shall be known and may be cited as the
Anti-Phishing Act of 2005.
22948.1. For the purposes of this chapter, the following terms
have the following meanings:
(a) "Electronic mail message" means a message sent to a unique
destination, commonly expressed as a string of characters, consisting
of a unique user name or mailbox (commonly referred to as the "local
part") and a reference to an Internet domain (commonly referred to
as the "domain part"), whether or not displayed, to which an
electronic message can be sent or delivered.
(b) "Identifying information" means, with respect to an
individual, any of the following:
(1) Social security number.
(2) Driver's license number.
(3) Bank account number.
(4) Credit card or debit card number.
(5) Personal identification number (PIN).
(6) Automated or electronic signature.
(7) Unique biometric data.
(8) Account password.
(9) Any other piece of information that can be used to access an
individual's financial accounts or to obtain goods or services.
(c) "Internet" shall have the meaning as defined in paragraph (6)
of subdivision (f) of Section 17538.
(d) "Web page" means a location that has a single uniform resource
locator or other single location with respect to the Internet.
22948.2. It shall be unlawful for any person, by means of a Web
page, electronic mail message, or otherwise through use of the
Internet, to solicit, request, or take any action to induce another
person to provide identifying information by representing itself to
be a business without the authority or approval of the business.
22948.3. (a) The following persons may bring an action against a
person who violates or is in violation of Section 22948.2:
(1) A person who (A) is engaged in the business of providing
Internet access service to the public, owns a Web page, or owns a
trademark, and (B) is adversely affected by a violation of Section
22948.2.
An action brought under this paragraph may seek to recover the
greater of actual damages or five hundred thousand dollars
($500,000).
(2) An individual who is adversely affected by a violation of
Section 22948.2 may bring an action, but only against a person who
has directly violated Section 22948.2.
An action brought under this paragraph may seek to enjoin further
violations of Section 22948.2 and to recover the greater of three
times the amount of actual damages or five thousand dollars ($5,000)
per violation.
(b) The Attorney General or a district attorney may bring an
action against a person who violates or is in violation of Section
22948.2 to enjoin further violations of Section 22948.2 and to
recover a civil penalty of up to two thousand five hundred dollars
($2,500) per violation.
(c) In an action pursuant to this section, a court may, in
addition, do either or both of the following:
(1) Increase the recoverable damages to an amount up to three
times the damages otherwise recoverable under subdivision (a) in
cases in which the defendant has engaged in a pattern and practice of
violating Section 22948.2.
(2) Award costs of suit and reasonable attorney's fees to a
prevailing plaintiff.
(d) The remedies provided in this section do not preclude the
seeking of remedies, including criminal remedies, under any other
applicable provision of law.
(e) For purposes of paragraph (1) of subdivision (a), multiple
violations of Section 22948.2 resulting from any single action or
conduct shall constitute one violation.