BILL ANALYSIS Ó SENATE JUDICIARY COMMITTEE Senator Noreen Evans, Chair 2013-2014 Regular Session AB 179 (Bocanegra) As Amended June 19, 2013 Hearing Date: June 25, 2013 Fiscal: Yes Urgency: No TH SUBJECT Public Transit: Disclosure of Personal Information DESCRIPTION Under existing law, transportation agencies and other entities that operate toll bridges, toll highways, and toll lanes are prohibited from selling or providing to third parties any personally identifiable information obtained through a person's participation in an electronic toll collection system (ETC) or use of a toll facility, with certain exceptions. Existing law requires these entities to establish a privacy policy that must be provided to users and subscribers, and prohibits these entities from revealing personally identifiable information to law enforcement agencies absent a search warrant. These entities are required to discard collected personally identifiable information no more than 4 years after a subscriber's account is closed or settled. This bill would extend these existing privacy protections to transportation agencies and entities that employ an electronic transit fare collection system (ETFC) for the payment of transit fares. BACKGROUND In 2010, the Legislature passed SB 1268 (Simitian, Ch. 489, Stats. 2010) which prohibited transportation agencies from selling or otherwise disclosing to third parties any personally identifiable information collected about subscribers to electronic toll collection systems (ETC) or users of toll bridges, lanes, or highways that employed ETC systems. SB 1268 (more) AB 179 (Bocanegra) Page 2 of ? features a number of privacy protections in addition to these broad disclosure prohibitions, including a requirement to discard retained personally identifiable information no later than 4 years after an ETC subscriber's account is closed or settled, and a requirement to establish a privacy policy regarding the collection and use of personally identifiable information. The provisions in SB 1268 addressed stated concerns that the collection of toll information could be used to analyze a user's driving patterns or locational data, by codifying certain privacy protections in statute and replacing any agency-based privacy policies that may have existed before its enactment. Shortly after SB 1268 was passed, similar concerns began to surface about electronic transit fare collection systems (ETFC). Generally speaking, these systems permit public transit users to purchase or acquire a stored value card which, after the user adds funds to his or her card, can be used at payment points on transit systems in lieu of cash or fare vouchers. The Transit Access Pass Card (TAP Card) used by transit agencies in Los Angeles describes its functionality as follows: While not a pass in itself, the TAP card is an important innovation for L.A. County transit riders. The durable plastic card contains a smart chip that allows you to buy and electronically load Metro passes, participating regional and local transit line passes, electronic cash, or any combination of the three. In other words, TAP becomes your "transit fare wallet" - holding your passes and cash, paying fares to the exact penny, and freeing you up from carrying around loose change. It even recognizes free transfers! (Welcome to TAP < http://taptogo.net> [as of June 21, 2013].) Like electronic toll collection systems, data collected through the use of an EFTC system could be used to analyze a user's travel patterns or locational history. One newspaper articulated the privacy concerns associated with the use of the Clipper card, an EFTC system for the San Francisco Bay Area, as follows: As the use of the Clipper card increases, what many people may be unaware of is that technology in the card allows local transit agencies to collect data on a passenger's whereabouts and travel habits from a chip in each card. . . . As riders swipe the cards to ride busses or trains, a AB 179 (Bocanegra) Page 3 of ? unique identification number is logged. Passengers who register their card with Clipper - a process that is optional but offers perks - have personal information linked to the data that is collected at each fare gate they enter. . . . With new technology comes major concerns over privacy . . . [Just as with] FasTrak [ETC] information, which could pinpoint when and where a person was driving, had become so personal and specific that divorce lawyers were subpoenaing the information to prove infidelity[, the] very same thing could happen with public transportation . . . While there have been no reports of serious infringements of privacy by [transportation agencies], civil rights groups warn that pervasive technology that can track the movements of citizens could one day be used to track political activities and personal movements. (Brent Begin, Clipping Privacy, The San Francisco Examiner, Sunday, November 7, 2010, pp. 14-15.) This bill would extend privacy protections in existing law that currently apply to ETC users and transit agencies to transportation agencies and entities that employ an ETFC for the payment of transit fares. CHANGES TO EXISTING LAW Existing law provides that, among other rights, all people have an inalienable right to pursue and obtain privacy. (Cal. Const., art. I, Sec. 1.) Existing case law permits a person to bring an action in tort for the invasion of privacy, and provides that in order to state a claim for violation of the constitutional right to privacy a plaintiff must establish the following three elements: (1) a legally protected privacy interest; (2) a reasonable expectation of privacy in the circumstances; and (3) conduct by the defendant that constitutes a serious invasion of privacy. (Hill v. National Collegiate Athletic Assn. (1994) 7 Cal.4th 1.) Existing law recognizes four types of activities considered to be an invasion of privacy giving rise to civil liability, including the public disclosure of private facts. (Id.) Existing law prohibits transportation agencies, as defined, from selling or otherwise providing to any other person or entity personally identifiable information of any person who subscribes to an electronic toll collection system or who uses a toll bridge, toll lane, or toll highway that employs an electronic AB 179 (Bocanegra) Page 4 of ? toll collection system. (Sts. & Hy. Code Sec. 31490(a).) Existing law requires a transportation agency that employs an electronic toll collection system to establish a privacy policy regarding the collection and use of personally identifiable information, and to provide to subscribers of that system a copy of the privacy policy in a manner that is conspicuous and meaningful, such as by providing a copy to the subscriber with the transponder or other device used as an electronic toll collection mechanism, or, if the system does not use a mechanism, with the application materials. (Sts. & Hy. Code Sec. 31490(b).) Existing law requires a transportation agency to conspicuously post its privacy policy on its Internet Web site. The policy shall include, but need not be limited to, a description of the following: the types of personally identifiable information that is collected by the agency; the categories of third-party persons or entities with whom the agency may share personally identifiable information; the process by which a transportation agency notifies subscribers of material changes to its privacy policy; the effective date of the privacy policy; and the process by which a subscriber may review and request changes to any of his or her personally identifiable information. (Sts. & Hy. Code Sec. 31490(b).) Existing law permits a transportation agency, within practical business and cost constraints, to store only personally identifiable information of a person such as the account name, credit card number, billing address, vehicle information, and other basic account information required to perform account functions such as billing, account settlement, or enforcement activities. All other information shall be discarded no more than four years and six months after the closure date of the billing cycle and the bill has been paid and all toll violations, if applicable, have been resolved. (Sts. & Hy. Code Sec. 31490(c).) Existing law provides that a transportation agency shall take every effort, within practical business and cost constraints, to purge the personal account information of an account that is closed or terminated. In no case shall a transportation agency maintain personal information more than four years and six months after the date an account is closed or terminated. (Sts. AB 179 (Bocanegra) Page 5 of ? & Hy. Code Sec. 31490(d).) Existing law states that a transportation agency may make personally identifiable information of a person available to a law enforcement agency only pursuant to a search warrant. Absent a provision in the search warrant to the contrary, the law enforcement agency shall immediately, but in any event within no more than five days, notify the person that his or her records have been obtained and shall provide the person with a copy of the search warrant and the identity of the law enforcement agency or peace officer to whom the records were provided. (Sts. & Hy. Code Sec. 31490 (e)(1).) Existing law permits a peace officer, when conducting a criminal or traffic collision investigation, to obtain the personally identifiable information of a person from a transportation agency if the officer has good cause to believe that a delay in obtaining this information by seeking a search warrant would cause an adverse result, as specified. (Sts. & Hy. Code Sec. 31490 (e)(2).) Existing law permits a transportation agency to use an individual's personally identifiable information for the following purposes: to provide aggregated traveler information derived from collective data that relates to a group or category of persons from which personally identifiable information has been removed; to provide the license plate number of an intermodal chassis to the owner of the chassis for purposes of locating the driver of the chassis in the event the driver fails to pay the toll; to share data with another transportation agency solely to comply with interoperability specifications and standards, as specified, regarding electronic toll collection devices and technologies; to perform financial and accounting functions such as billing, account settlement, enforcement, or other financial activities required to operate and manage the toll facilities; and to communicate about products and services offered by itself, a business partner, or the agency with which it contracts, to subscribers of the transportation agency through a contracted third-party vendor using personally identifiable information limited to the subscriber's name, address, and electronic mail address, provided that the transportation agency has received the subscriber's express written consent to receive the AB 179 (Bocanegra) Page 6 of ? communications. (Sts. & Hy. Code Sec. 31490 (f)-(j).) Existing law prohibits a transportation agency from using a nonsubscriber's personally identifiable information obtained through an electronic toll collection system to market products or services to that nonsubscriber, but does not prohibit a transportation agency from using such information to communicate about toll-related products or services in a notice of toll evasion, as specified. (Sts. & Hy. Code Sec. 31490 (k).) Existing law defines "transportation agency" to mean the Department of Transportation, the Bay Area Toll Authority, any entity operating a toll bridge, toll lane, or toll highway within the state, or any entity under contract with any of the above entities. (Sts. & Hy. Code Sec. 31490 (l).) Existing law defines "electronic toll collection system" as a system where a transponder, camera-based vehicle identification system, or other electronic medium is used to deduct payment of a toll from a subscriber's account or to establish an obligation to pay a toll. (Sts. & Hy. Code Sec. 31490 (m).) Existing law defines "person" to mean any person who subscribes to an electronic toll collection system or any person who uses a toll bridge, toll lane, or toll road that employs an electronic toll collection system. (Sts. & Hy. Code Sec. 31490 (n).) Existing law defines "personally identifiable information" to mean any information that identifies or describes a person including, but not limited to, travel pattern data, address, telephone number, e-mail address, license plate number, photograph, bank account information, or credit card number. (Sts. & Hy. Code Sec. 31490 (o).) Existing law provides that, in addition to any other remedies provided by law, a person whose personally identifiable information has been knowingly sold or otherwise provided in violation of this section may bring an action to recover either actual damages or two thousand five hundred dollars ($2,500) for each individual violation, whichever is greater, and may also recover reasonable costs and attorney's fees. Existing law also provides that a person whose personally identifiable information has been knowingly sold or otherwise provided three or more times in violation of this section may bring an action to recover either actual damages or four thousand dollars ($4,000) for each individual violation, whichever is greater, and may also recover reasonable costs and attorney's fees. (Sts. & Hy. AB 179 (Bocanegra) Page 7 of ? Code Sec. 31490 (p).) Existing law permits a transportation agency that employs an electronic toll collection system to impose an administrative fee on persons who use that system in an amount sufficient to cover the cost of implementing this section. (Sts. & Hy. Code Sec. 31490 (r).) This bill would apply the above provisions to a transportation agency that employs an electronic transit fare collection system, as well as to any person who subscribes to such a system. This bill would permit the sharing of data between transportation agencies, with respect to electronic transit fare collection systems, for the purpose of interoperability between those agencies. This bill would permit a transportation agency to communicate, either directly or through a contracted third-party vendor, to subscribers of an electronic toll collection system or an electronic transit fare collection system about products and services offered by the agency, a business partner, or the entity with which it contracts for the system, using personally identifiable information limited to the subscriber's name, address, and electronic mail address, provided that the transportation agency has received the subscriber's express written or oral consent to receive the communications. This bill would re-define "transportation agency" to mean the Department of Transportation, the Bay Area Toll Authority, any entity operating a toll bridge, toll lane, or toll highway within the state, any entity administering an electronic transit fare collection system and any transit operator participating in that system, or any entity under contract with any of the above entities. This bill would re-define "electronic transit fare collection system" to mean a system for issuing an electronic transit pass that enables a transit passenger subscriber to use the transit systems of one or more participating transit operators without having to pay individual fares, where fares are instead deducted from the subscriber's account as loaded onto the electronic transit pass. This bill would re-define "person" to mean any person who AB 179 (Bocanegra) Page 8 of ? subscribes to an electronic toll collection or electronic transit fare collection system or any person who uses a toll bridge, toll lane, or toll road that employs an electronic toll collection system. This bill would re-define "personally identifiable information" to mean any information that identifies or describes a person including, but not limited to, travel pattern data, address, telephone number, email address, license plate number, photograph, bank account information, or credit card number. However, "personally identifiable information" would not include photographic or video footage unless that information is used for purposes of assessing a toll or fare. COMMENT 1. Stated need for the bill The author writes: A hole in SB 1268 is that it did not include electronic transit fare collection systems which allow public transportation users to link their checking or banking account to an electronic transit pass so all they have to do is tap or swipe the card to a reader and their fare is automatically deducted from their account. These systems can create an even more robust profile of a subscriber's everyday travels, where they got on public transportation, where they got off, what time of day, how often they traveled a particular route, and so forth. AB 179 will ensure that folks who subscribe to these electronic transit fare collection systems will have the same privacy protections that subscribers of electronic toll collection systems currently enjoy. AB 179 extends the current privacy protections afforded to users of electronic toll collection systems such as FasTrak to users of electronic transit fare collection systems such as the TAP Card in Los Angeles or the Clipper Card in the San Francisco Bay Area. The bill controls the use of personal information that is collected and stored by electronic transit fare collection systems (i.e., travel pattern data, location, time of day, address, telephone number, e-mail address, bank account information, credit card number, etc.). AB 179 (Bocanegra) Page 9 of ? The bill provides four significant privacy protections: [p]rohibits the sale or dissemination of personal data collected by transportation agencies; [l]imits how long personal data can be retained; [r]equires conspicuous and meaningful notice to subscribers of transportation agencies' privacy policies; and [p]rovides a civil remedy for drivers whose personal information is improperly released to recover damages, reasonable costs and attorney's fees. 2. Protection of user privacy Staff notes that the right to privacy is a fundamental right protected by Section 1 of Article I of the Constitution of California. This bill builds upon that fundamental right by extending existing statutory privacy protections for users of electronic toll collection systems (ETC) to users of electronic transit fare collection systems (ETFC). The data and personal information collected by each payment system raises similar privacy concerns regarding a transit agency or third party's ability to analyze this information and discern an individual subscriber's locational or usage patterns. The Privacy Rights Clearinghouse, in support, states: AB 179 would protect the privacy of public transportation patrons who use an electronic transit pass by controlling the use of personal information that is collected every time the pass is swiped, or tapped. Such data elements include travel patterns, location, time of day, address, telephone number, bank account information, credit card number, and so on. AB 179 would extend the privacy protections that users of electronic toll collection systems currently enjoy to users of the TAP Card, Clipper Card or any other electronic transit fare collection system. As is required for transit agencies that operate ETC systems, this bill would require ETFC operators to establish a privacy policy regarding the collection and use of personally identifiable information. That policy must contain specified information, including the types of personally identifiable information collected by the agency, the categories of third-party persons or entities with whom the agency may share personally identifiable information, the process by which a transportation agency notifies subscribers of material changes AB 179 (Bocanegra) Page 10 of ? to its privacy policy, the effective date of the privacy policy, and the process by which a subscriber may review and request changes to any of his or her personally identifiable information. This bill would also prohibit transportation agencies that operate ETFC systems from selling or providing to third parties the personally identifiable information of system patrons including, but not limited to, an individual's travel pattern data, address, telephone number, bank account information, or credit card number. As in existing law governing ETC operators, transportation agencies operating ETFC systems would be permitted to communicate with subscribers about products and services offered by the agency, a business partner, or the entity with which it contracts for the system, by using certain collected personally identifiable information, provided the subscriber has given express written consent to receive such communications. This bill would slightly alter this requirement, allowing subscribers to orally consent to receiving these communications as well. This bill would also apply to ETFC operators the existing restriction making personally identifiable information available to a law enforcement agency only pursuant to a search warrant, except where a peace officer who is conducting a criminal or traffic collision investigation requests such information and has good cause to believe that a delay in obtaining this information by seeking a search warrant would cause an adverse result. As with ETC operators, this bill would permit a person whose personally identifiable information has been knowingly sold or otherwise provided in violation of the bill by an ETFC transportation agency or third-party contractor to bring an action to recover either actual damages or $2,500 for each individual violation, whichever is greater, and reasonable costs and attorney's fees. For a person whose personally identifiable information has been knowingly sold or otherwise provided three or more times in violation of this bill, the statutory damages amount increases to $4,000 per violation. 3. Video surveillance Several interested parties expressed concern that the bill, as introduced, would have hindered a transportation agency's ability to disclose photographic or videographic information collected as part of an agency's physical security system. They suggested that the breadth of personal identifying information AB 179 (Bocanegra) Page 11 of ? covered by the bill could inadvertently impact a transportation agency's ability to disclose, for example, videographic evidence collected from a bus equipped with video recording devices that documented an assault on a passenger or employee. In response to these concerns, the author has amended the definition of "personally identifiable information" to not include photographic or video footage unless that information is used for purposes of assessing a toll or fare, so that if a passenger were assaulted on a bus, the passenger would be able to obtain copies of relevant footage from the transportation agency for later use in a civil case against the assailant. 4. Prior opposition Staff notes that several transportation agencies were opposed to prior versions of this bill. As the author explains: Prior to amendments taken in [the] Assembly Transportation Committee, several transportation agencies were concerned about the legal implications of requiring a subscriber's personal identifiable information to be purged after 6 months. Opponents claimed that a 6 month data retention period would conflict with the 4 years statute of limitations to bring suit under California's Unfair Competition law (UCL), Business & Professions Code Section 17200 et seq. While public entities are exempt from the UCL, opponents argued that a private entity that is under contract with a public transportation agency to manage a toll facility, transit fare collection facility or the data collected thereof, would be subject to the UCL. While we do not believe that such a private entity would be subject to the UCL as they do not exercise autonomy over fines and fee schedules and as such cannot engage in "unfair competition" given that they work under the direction of a transportation agency, we nevertheless amended the bill to restore the 4.5 [year] data retention period . . . established by SB 1268 (Simitian, 2010). The Metropolitan Transportation Commission, which was among the transportation agencies in opposition, noted that "[b]ased on standard accounting requirements, the timeframe it takes for a toll violation to wind its way through the DMV-hold process and our review of the circumstances when records dating back several years have been needed to resolve disputes," the shortened data retention period originally proposed "would impose unworkable restrictions on the retention of account information for AB 179 (Bocanegra) Page 12 of ? electronic transit fare collection systems." However, following the amendments taken on April 24, 2013, Metropolitan Transportation Commission and the other opposed transportation agencies removed their opposition to this bill. Support : American Civil Liberties Union of California; Consumer Federation of California; Los Angeles County Metropolitan Transportation Authority; Privacy Rights Clearinghouse Opposition : None Known HISTORY Source : Author Related Pending Legislation : None Known Prior Legislation : SB 1268 (Simitian, Chapter 489, Statutes of 2010) imposed privacy restrictions on transportation agencies, such as the California Department of Transportation, the Bay Area Toll Authority, and any entity that operates a toll bridge, lane, or highway, by prohibiting these entities from selling, or providing to any other person, the personally identifiable information of either subscribers of an electronic toll collection system or anyone who uses a toll bridge, lane, or highway that utilizes an electronic toll collection system, except as provided. This bill also required these entities to provide a privacy policy to subscribers, as specified. AB 539 (Williams, 2011) would have permitted a transportation agency or its designee to share certain data regarding a vehicle's use of toll facilities with another transportation agency, whether in the state or not, solely as part of a nationwide interoperability toll collection program. This bill died in the Senate Committee on Transportation and Housing. Prior Vote : Assembly Transportation Committee (Ayes 16, Noes 0) Assembly Appropriations Committee (Ayes 16, Noes 0) Assembly Floor (Ayes 70, Noes 1) Senate Transportation and Housing Committee (Ayes 10, Noes 0) ************** AB 179 (Bocanegra) Page 13 of ?