BILL ANALYSIS �Ó
AB 2399
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB 2399 (John A. Pérez)
As Amended August 21, 2014
Majority vote
-----------------------------------------------------------------
|ASSEMBLY: |76-0 |(May 19, 2014) |SENATE: |33-0 |(August 25, |
| | | | | |2014) |
-----------------------------------------------------------------
Original Committee Reference: JUD.
SUMMARY : Authorizes an organ procurement organization to swipe
a driver's license or identification card to transmit a donor's
personal information to the organ and tissue donor register, as
specified. Specifically, this bill :
1)Provides that an organ procurement organization may swipe a
driver's license or identification card issued by the
Department of Motor Vehicles (DMV) in an electronic device to
transmit information to the Donate Life California Organ and
Tissue Donor Registry for the purposes of allowing an
individual to identify himself or herself as a registered
organ donor.
2)Requires that information gathered or transmitted by the
procurement organization comply with the DMV Information
Security Agreement.
3)Requires the organ procurement organization to provide
specified notice to the donor applicant prior to swiping the
driver's license or identification card and specifies the
procedure by which information shall be submitted.
4)Prohibits an organ procurement organization from retaining or
using any of the information obtained by electronic means for
any purpose other than operating the organ and donor registry.
5)Defines "organ procurement organization" to mean a person
designated by the Secretary of the United States Department of
Health and Human Services as an organ procurement
organization.
The Senate amendments :
�
AB 2399
Page 2
1)Require the organ procurement organization to provide
specified notice to the donor applicant prior to swiping the
driver's license or identification card and specifies the
procedure by which information shall be submitted.
2)Change the term "aggregated data" to "nonidentifiable
information" to clarify the meaning and be consistent with
other provisions of the Vehicle Code.
FISCAL EFFECT : According to the Senate Appropriations
Committee, pursuant to Senate Rule 28.8, negligible state costs.
COMMENTS : The Uniform Anatomical Gift Act allows a person to
make a gift of his or her body (or any part, organ, or tissue)
for the purpose of performing transplants or for medical
research or education purposes. Since the Uniform Anatomical
Gift Act was first enacted in 1988, most donor registrations
have occurred through the DMV when someone applies for, or
renews, a driver's license or identification card. In 2003, SB
112 (Speier), Chapter 405, authorized four non-profit "organ
procurement organizations" to establish and maintain the Donate
Life California (DLC) Organ and Tissue Donor Registry
(Registry). As in the past, most donor registrations occur at
the time of license application or renewal. Online registration
is also available, but apparently seldom used. Donor
procurement organizations also proactively register donors
through outreach at a variety of community events, often by
setting up informational tables, collecting information from
voluntary donors, and recording information on paper forms.
Information collected is then subsequently entered into the
Registry. These outreach events give the organizations the
opportunity to reach people during the five years before a
license or identification card must be renewed.
However, this existing paper-form system has its drawbacks. To
begin with, paper forms take more time to complete, and the
information may be recorded illegibly or inaccurately. Paper
forms must then be transported to a place where the information
on the form can be entered into the Registry (which is not only
time-consuming but also presents another opportunity for error).
Allowing the use of electronic swiping and transmission, DLC
believes, will be faster and more accurate, and it will avoid
the need to transport paper forms. Information scanned from the
magnetic stripe - the same information that is on the front of
�
AB 2399
Page 3
the license - can be encrypted and sent to the Registry in real
time. The device that swipes information from the magnetic
stripe can be easily attached to a smart phone, making
collection and transmission all the easier.
DLC, as an official state partner of DMV, must adhere to the DMV
Information Security Agreement, which incorporates information
security standards promulgated by the National Institute of
Standards and Technology (NIST). NIST standards represent
current "best practices" in information system management and
technical safeguards that are designed to protect the
confidentiality, integrity, and availability of the system and
its information. These standards cover everything from training
and access authentication to technical safeguards such as
encryption. Under existing law, the NIST standards already
protect the integrity and security of the Registry itself. This
bill will require that the DMV Information Security Agreement
and the NIST standards also apply to the gathering and
transmission of the information to the Registry. In particular,
information collected by electronic devices - most likely
attached to smart phones - will be encrypted. Once submitted to
the Registry, the sponsor states, any information remaining on
the device will be deleted. Indeed the bill prohibits the organ
procurement organizations from maintaining or using the
information for any purpose beyond those authorized by this bill
- that is, to submit the information to the Registry, and
nothing else. There is, of course, no perfectly secure means of
collecting and transmitting digitized data, just as there is no
perfectly secure means of handling paper forms containing the
same information.
Analysis Prepared by : Thomas Clark / JUD. / (916) 319-2334
FN: 0005359