as amended, Gordon.
begin deleteno end delete.
State-mandated local program: no.
The people of the State of California do enact as follows:
On or before February
begin delete 1, 2011, and annually each state agency and state entity subject
5to Section 11546.1, shall submit, as instructed by the Department
6of Technology, a summary of its actual and projected information
7technology and telecommunications costs,
begin delete includingend delete personnel, for the immediately preceding fiscal
9year and current fiscal year, showing current expenses and
10projected expenses for the current fiscal year, in a format prescribed
11by the Department of Technology in order to capture statewide
12information technology expenditures.
Section 22575.5 is added to the Business and
4Professions Code, to read:
(a) An operator of a commercial Internet Web site
6or online service that is required to post or make available its
10service provides the consumer with a user licensing agreement or
11terms of service, at the beginning of the agreement or terms.
12(b) The short form required by subdivision (a) shall do all of
14(1) List the categories of personally identifiable information
16subdivision (b) of Section 22575, using the following specific
18(A) For information described in paragraphs (1) to (6), inclusive,
19of subdivision (a) of Section 22577, the descriptions used in those
21(B) For information described in paragraph (7) of subdivision
22(a) of Section 22577, the following descriptions:
23(i) Browser history.
24(ii) Phone or text logs.
25(iii) Contact lists.
27(v) Financial information.
28(vi) Health, medical, or therapeutic information.
30(viii) User files.
31(2) (A) List the categories of third-party persons or entities
33subdivision (b) of Section 22575, using the following specific
35(i) Advertising networks.
36(ii) Telecommunication carriers.
37(iii) Commercial data resellers.
38(iv) Data analytics providers.
39(v) Operating systems and platforms.
40(vi) Social networks.
P4 1(B) Compliance with subparagraph (A) is not required when a
2contract between the commercial Internet Web site or online service
3and the third party explicitly does both of the following:
4(i) Limits the uses of the information provided by the
5commercial Internet Web site or online service to the third party
6solely to provide a service to, or on behalf of, the commercial
7Internet Web site or online service.
8(ii) Prohibits the sharing of the consumer information by that
9third party with subsequent third parties.
10(3) State whether or not the operator maintains a process that,
11if maintained, would be required to be described by the privacy
12policy pursuant to paragraph (2) of subdivision (b) of Section
14(4) If the operator satisfies the requirements of paragraph (5)
15of subdivision (b) of Section 22575 by providing a hyperlink
16pursuant to paragraph (7) of subdivision (b) of Section 22575,
17include a hyperlink to the same online location.
18(c) An operator shall be in violation of this section only if the
19operator knowingly and willfully fails to comply with this section
2130 days after being notified of noncompliance.