BILL ANALYSIS �Ó
AB 1541
Page 1
Date of Hearing: May 5, 2015
ASSEMBLY COMMITTEE ON PRIVACY AND CONSUMER PROTECTION
Mike Gatto, Chair
AB 1541
(Committee on Privacy and Consumer Protection) - As Amended
April 29, 2015
SUBJECT: Privacy: personal information
SUMMARY: Makes technical or nonsubstantive corrections and
clarification to existing privacy-related law. Specifically,
this bill updates the definition of "personal information" in
the information security law.
EXISTING LAW:
1)Establishes the Data Breach Notification Law (DBNL), which
defines "personal information" to include the individual's
first name or first initial and last name in combination with
one or more of the following data elements, when either the
name or the data elements are not encrypted: Social Security
number; driver's license number or California Identification
Card number; account number, credit or debit card number, in
combination with any required security code, access code, or
password that would permit access to an individual's financial
account; medical information; or health insurance information.
(Civil Code (CC) Sections 1798.29(g), (h), 1798.82(h), (i))
�
AB 1541
Page 2
2)Establishes the information security law, which requires a
business that owns, licenses, or maintains personal
information about a California resident to implement and
maintain reasonable security procedures and practices
appropriate to the nature of the information, to protect the
personal information from unauthorized access, destruction,
use, modification, or disclosure, and which defines "personal
information" as an individual's first name or first initial
and his or her last name in combination with any one or more
of the following data elements, when either the name or the
data elements are not encrypted or redacted: Social security
number; driver's license number or California identification
card number; account number, credit or debit card number, in
combination with any required security code, access code, or
password that would permit access to an individual's financial
account; medical information, but does not include health
insurance information or a username or email address, in
combination with a password or security question and answer
that would permit access to an online account. (CC 1798.81.5)
FISCAL EFFECT: None. This bill has been keyed non-fiscal by the
Legislative Counsel.
COMMENTS:
1)Purpose of this bill . This omnibus bill makes technical or
nonsubstantive corrections and clarification to existing law
within the Committee's jurisdiction. This bill is sponsored
by the Assembly Privacy and Consumer Protection Committee.
2)Author's statement . This bill is the Committee "omnibus"
bill, intended to make clarifying and non-controversial
changes to the state's privacy protection laws.
3)Updating the definition of "personal information." This bill
updates the definition of "personal information" in the
�
AB 1541
Page 3
information security law. The law requires businesses to use
reasonable security measures to protect personal information.
Historically, the definition of "personal information" in this
law has mirrored the definition found in the DBNL.
However, in recent years, the Legislature has expanded the
definition of "personal information" in the DBNL to include
health insurance information as well as a user name and
password (or related information allowing access to an online
account).
This bill adds health insurance information and a username or
email address, in combination with a password or security
question and answer that would permit access to an online
account to the definition of "personal information" in the
information security law to keep the statutes consistent.
REGISTERED SUPPORT / OPPOSITION:
Support
None on file.
Opposition
None on file.
�
AB 1541
Page 4
Analysis Prepared by:Jennie Bretschneider / P. & C.P. / (916)
319-2200