BILL NUMBER: SB 31 AMENDED
BILL TEXT
AMENDED IN SENATE JANUARY 7, 2008
AMENDED IN SENATE APRIL 17, 2007
AMENDED IN SENATE MARCH 20, 2007
INTRODUCED BY Senator Simitian
DECEMBER 4, 2006
An act to add Title 1.80 (commencing with Section 1798.79) and
Title 1.81.4 (commencing with Section 1798.98) to Part 4 of Division
3 of the Civil Code, relating to privacy.
LEGISLATIVE COUNSEL'S DIGEST
SB 31, as amended, Simitian. Identification documents.
The Information Practices Act of 1977 regulates the collection and
disclosure of personal information regarding individuals by state
agencies, except as specified. Existing law also prohibits certain
business entities, as defined, from making specified disclosures in
relation to individual consumer records.
This bill would provide that a person or entity that intentionally
remotely reads or attempts to remotely read a person's
identification document, as defined, using radio waves without his or
her knowledge and prior consent, as described, shall be punished by
imprisonment in a county jail for up to one year, a fine of not more
than $5,000 $1,500 , or both that fine
and imprisonment. The bill would also provide that a person or entity
who knowingly discloses, or causes to be disclosed, specified
operational system keys shall be punished by imprisonment in a county
jail for up to one year, a fine of not more than $5,000
$1,500 , or both that fine and imprisonment. The
bill would provide that the provisions regarding knowing disclosure
of operational system keys is to become operative only if SB 30 of
the 2007-08 Regular Session is also enacted and becomes effective on
or before January 1, 2008 2009 .
By creating a new crime, this bill would result in a
state-mandated local program.
The California Constitution requires the state to reimburse local
agencies and school districts for certain costs mandated by the
state. Statutory provisions establish procedures for making that
reimbursement.
This bill would provide that no reimbursement is required by this
act for a specified reason.
Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: yes.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. The Legislature hereby finds and declares all of the
following:
(a) The right to privacy is a personal and fundamental right
protected by Section 1 of Article I of the California Constitution
and by the United States Constitution. All individuals have a right
of privacy in information pertaining to them.
(b) This state has previously recognized the importance of
protecting the confidentiality and privacy of an individual's
personal information contained in identification documents such as
drivers' licenses.
SEC. 2. Title 1.80 (commencing with Section 1798.79) is added to
Part 4 of Division 3 of the Civil Code, to read:
TITLE 1.80. Identification Documents
1798.79. (a) Except as provided in subdivisions (b) and (c), a
person or entity that intentionally remotely reads or attempts to
remotely read a person's identification document using radio waves,
for the purpose of reading that person's identification document
without that person's knowledge and prior consent, shall be punished
by imprisonment in a county jail for up to one year, a fine of not
more than five thousand dollars ($5,000) one
thousand five hundred dollars ($1,500) , or both that fine and
imprisonment.
(b) Subdivision (a) shall not apply to:
(1) The reading of a person's identification document for triage
or medical care during a disaster and immediate hospitalization or
immediate outpatient care directly related to a disaster, as defined
by the local emergency medical services agency organized under
Section 1797.200 of the Health and Safety Code.
(2) The reading of a person's identification document by a health
care professional for reasons relating to the health or safety of
that person or an identification document issued to a patient by
emergency services.
(3) The reading of an identification document of a person who is
incarcerated in the state prison or a county jail, detained in a
juvenile facility operated by the Division of Juvenile Facilities in
the Department of Corrections and Rehabilitation, or housing in a
mental health facility, pursuant to a court order after having been
charged with a crime, or to a person pursuant to a court-ordered
electronic monitoring.
(4) Law enforcement or government personnel who need to read a
lost identification document when the owner is unavailable for
notice, knowledge, or consent, or those parties specifically
authorized by law enforcement or government personnel for the limited
purpose of reading a lost identification document when the owner is
unavailable for notice, knowledge, or consent.
(5) Law enforcement personnel who need to read a person's
identification document after an accident in which the person is
unavailable for notice, knowledge, or consent.
(6) Law enforcement personnel who need to read a person's
identification document pursuant to a search warrant.
(7) A person or entity that in the course of operating its own
contactless identification document system inadvertently reads or
collects data from another contactless identification document
system, provided that the inadvertently received data comports with
all of the following:
(A) The data is not disclosed to any other party.
(B) The data is not used for any purpose.
(C) The data is not stored or is promptly destroyed.
(8) The reading of a person's identification document in the
course of an act of good faith security research, experimentation, or
scientific inquiry, including, but not limited to, activities useful
in identifying and analyzing security flaws and vulnerabilities.
(c) Nothing in this section shall affect the existing rights of
law enforcement to access data stored electronically on drivers'
licenses.
(d) The penalties set forth in subdivision (a) are independent of,
and do not supersede, any other penalties provided by state law, and
in the case of any conflict, the greater penalties shall apply.
1798.795. For purposes of this title, the following definitions
shall apply:
(a) "Contactless identification document system" means a group of
identification documents issued and operated under a single authority
that use radio waves to transmit data remotely to readers intended
to read that data. In a contactless identification document system,
every reader must be able to read every identification document in
the system.
(b) "Data" means information stored on an identification document
in machine-readable form including, but not limited to, personal
information and other unique personal identifier numbers.
(c) "Identification document" means any document containing data
that is issued to an individual and which that individual, and only
that individual, uses alone or in conjunction with any other
information for the primary purpose of establishing his or her
identity. Identification documents specifically include, but are not
limited to, the following:
(1) Driver's licenses or identification cards issued pursuant to
Section 13000 of the Vehicle Code.
(2) Identification cards for employees or contractors.
(3) Identification cards issued by educational institutions.
(4) Health insurance or benefit cards.
(5) Benefit cards issued in conjunction with any
government-supported aid program.
(6) Licenses, certificates, registration, or other means to engage
in a business or profession regulated by the Business and
Professions Code.
(7) Library cards issued by any public library.
(d) "Key" means a string of bits of information used as part of a
cryptographic algorithm used in encryption.
(e) "Personal information" includes any of the following data
elements to the extent that they are used alone or in conjunction
with any other information to identify an individual:
(1) First or last name.
(2) Address.
(3) Telephone number.
(4) E-mail address.
(5) Date of birth.
(6) Driver's license number or California identification card
number.
(7) Any unique personal identifier number contained or encoded on
a driver's license or identification card issued pursuant to Section
13000 of the Vehicle Code.
(8) Bank, credit card, or other financial institution account
number.
(9) Credit or debit card number.
(10) Any unique personal identifier number contained or encoded on
a health insurance, health benefit, or benefit card issued in
conjunction with any government-supported aid program.
(11) Religion.
(12) Ethnicity or nationality.
(13) Photograph.
(14) Fingerprint or other biometric identification.
(15) Social security number.
(16) Any unique personal identifier.
(f) "Reader" means a scanning device that is capable of using
radio waves to communicate with an identification document and read
the data transmitted by that identification document.
(g) "Remotely" means that no physical contact between the
identification document and a reader is necessary in order to
transmit data using radio waves.
(h) "Unique personal identifier number" means a randomly assigned
string of numbers or symbols that is encoded onto the identification
document and is intended to identify the identification document that
has been issued to a particular individual.
SEC. 3. Title 1.81.4 (commencing with Section 1798.98) is added to
Part 4 of Division 3 of the Civil Code, to read:
TITLE 1.81.4. Operational System Keys
1798.98. (a) A person or entity who knowingly discloses, or
causes to be disclosed, the operational system keys described in
Section 1798.11 in violation of Section 1798.11 shall be punished by
imprisonment in a county jail for up to one year, a fine of not more
than five thousand dollars ($5,000) one
thousand five hundred dollars ($1,500) , or both that fine and
imprisonment.
(b) The definitions described in Section 1798.795 shall apply to
this title.
1798.99. This title shall become operative on January 1,
2008 2009 , only if Senate Bill 30 of the
2007-08 Regular Session is enacted and becomes effective on or before
January 1, 2008 2009 .
SEC. 4. No reimbursement is required by this act pursuant to
Section 6 of Article XIII B of the California Constitution because
the only costs that may be incurred by a local agency or school
district will be incurred because this act creates a new crime or
infraction, eliminates a crime or infraction, or changes the penalty
for a crime or infraction, within the meaning of Section 17556 of the
Government Code, or changes the definition of a crime within the
meaning of Section 6 of Article XIII B of the California
Constitution.