BILL ANALYSIS �
SB 1268
Page 1
Date of Hearing: June 21, 2010
ASSEMBLY COMMITTEE ON TRANSPORTATION
Bonnie Lowenthal, Chair
SB 1268 (Simitian) - As Amended: May 28, 2010
SENATE VOTE : 24-10
SUBJECT : Electronic toll collection systems: privacy
SUMMARY : Prohibits transportation agencies from selling or
disseminating personal information of their subscribers, with
exceptions; imposes penalties for breaching this restriction.
Specifically, this bill :
1)Prohibits transportation agencies from selling or
disseminating personal information about persons who subscribe
to electronic toll or fare payment systems.
2)Requires transportation agencies that use electronic toll
collection systems to establish privacy policies and provide
those policies to subscribers.
3)Requires privacy policies to address, at a minimum, the
following:
a) The type of information collected by the transportation
agency;
b) The types of third-party persons or entities with whom
the transportation agency may share personal information;
c) The process by which subscribers are informed of changes
in the privacy policy;
d) The effective date of the privacy policy; and,
e) The process by which a subscriber may review their own
personal information.
4)Authorizes transportation agencies to store specific account
related information such as an account holder's name, credit
card number, and billing addresses; beginning July 1, 2011,
all other information must be discarded six months after the
closure date of a billing cycle or 60 days after the bill has
�
SB 1268
Page 2
been paid, whichever occurs last.
5)Beginning July 1, 2011, requires transportation agencies to
make every effort to purge data on closed accounts within 60
days; in no case may data be stored longer than 150 days after
an account has been closed or terminated.
6)Allows transportation agencies to make personally identifiable
information available to law enforcement agencies, pursuant to
a search warrant; generally requires a law enforcement agency
to notify, within five days, a person that their information
has been obtained from the transportation agency.
7)Allows peace officers conducting criminal or traffic collision
investigations to obtain personally identifiable information
of subscribers if the officer has good cause to believe that a
delay in obtaining the information via a search warrant may
result in an imminent danger to the health or safety of a
member of the public; requires that notice of obtaining the
data be given to the subscriber, with exceptions.
8)Allows transportation agencies to provide aggregated traveler
information that relates to a group or category of
subscribers, provided that personally identifiable information
has been removed.
9)Allows the sharing of data among transportation agencies, in
order to comply with state inter-operability requirements for
electronic toll collection systems.
10)Allows transportation agencies to communicate to their
subscribers exclusively about their products and services
through contracted third party vendors using the subscribers'
names and addresses, provided that the transportation agency
has received the subscriber's express written consent to
receive the communication.
11)For purposes of these provisions, defines "transportation
agency" as the Department of Transportation (Caltrans), the
Bay Area Toll Authority, any entity operating a toll bridge,
toll lane, or toll highway, or any entity operating under
contract with such an agency.
12)Defines other key terms.
�
SB 1268
Page 3
13)Provides that a breach in the use of personal information may
result in an action to recover actual damages or $2,500,
whichever is greater, for each individual violation, in
addition to attorney's fees.
14)If a person's information has been knowingly sold or
otherwise provided three or more times, the penalty increases
to actual damages or $4,000, whichever is greater, in addition
to attorney's fees.
15)Stipulates that this bill's provisions do not preclude
compliance with a specific court-ordered settlement agreement.
16)Authorizes a transportation agency to impose an
administrative fee to cover costs associated with implementing
these privacy requirements.
EXISTING LAW: Authorizes Caltrans, cities, counties, public
transit agencies, and special districts, to assess tolls and
fares for the use of transportation facilities under their
respective jurisdictions.
FISCAL EFFECT: Unknown
COMMENTS: According to the author, SB 1268 is intended to
protect the privacy of motorists in California by controlling
the use of personal information that is collected and stored by
electronic toll collection systems. The author states that SB
1268 provides important privacy protections to drivers by: 1)
prohibiting a transportation agency that operates a toll
facility from releasing or selling personal identifying
information of subscribers to an automatic toll collecting
service: and, 2) establishing a data retention period for how
long agencies can retain personal information in their systems.
Supporters of this bill suggest that California has witnessed a
growing trend of attorneys, law enforcement agencies, and other
entities requesting and obtaining data on electronic toll
collection system users via a subpoena. They support the
personal information protections provided for in SB 1268.
Transportation agencies generally support this bill's provisions
related to privacy protections for their toll customers,
�
SB 1268
Page 4
including the inclusion of penalties for violating these privacy
protections. However, these agencies are strongly opposed to
provisions in the bill that require that personal data be purged
within 60 days of closing or terminating an account. They argue
that, under an existing four-year statute of limitations for
civil actions, the bill's purging requirements would allow
consumers to question their toll charges for up to four years
after the date of the activity but would remove the opportunity
for toll operators to retain information to support charging the
tolls or to otherwise provide documental evidence to establish a
defense in a civil action.
Transportation agencies have also expressed operational concerns
with this bill's purging requirements that could require
significant modifications to their business systems to have to
purge data on a rolling basis, such as daily or weekly. The
agencies would prefer the latitude to purge data within a
routine that fits their existing business systems but no longer
than 5 years.
Suggested amendments: The committee is concerned that overly
aggressive purge requirements could leave transportation
agencies defenseless in civil actions. The bill's purge
requirements should mirror the timeframes set forth in the
statute of limitations. This will provide a regular, routine
purging of personal data but within timeframes that do not
invite jeopardy for transportation agencies in civil actions.
Double-referral: This bill is double-referred to the Assembly
Judiciary Committee.
REGISTERED SUPPORT / OPPOSITION :
Support
American Civil Liberties Union
Consumer Action
Consumer Federation of California
Electronic Frontier Foundation
Privacy Rights Clearinghouse
Opposition
Orange County Transportation Authority
San Diego Association of Governments
�
SB 1268
Page 5
South Bay Expressway
Transportation Corridor Agencies
Analysis Prepared by : Janet Dawson / TRANS. / (916) 319-2093