BILL ANALYSIS �Ó
AB 2636
Page 1
Date of Hearing: March 29, 2016
ASSEMBLY COMMITTEE ON HEALTH
Jim Wood, Chair
AB 2636
Linder - As Amended March 16, 2016
SUBJECT: Certified copies of marriage, birth, and death
certificates: electronic application.
SUMMARY: Allows an official, if an electronic request for a
certified copy of a birth, death, or marriage record is made, to
accept an electronic acknowledgment verifying the identity of
the requester using a remote identity proofing process to ensure
the requester is an authorized person, as specified.
Specifically, this bill:
1)Authorizes the State Registrar, or a local registrar or county
recorder to accept electronic acknowledgement, sworn under
penalty of perjury, that the requester of a marriage, birth,
or death certificate is an authorized person.
2)Requires the electronic request for vital records to utilize a
method for the official to establish the identity of the
requester using a remote identity proofing process, as
specified.
3)Requires that the method to process electronic requests and to
establish the requester's identity meet all the following
�
AB 2636
Page 2
requirements:
a) Be aligned with federal guidelines for security and
privacy;
b) Include, at minimum, dynamic knowledge-based
authentication or an identity proofing method consistent
with the electronic authentication guidelines of the
National Institute of Standards and Technology (NIST);
c) Comply with the provisions of the California Uniform
Electronic Transactions Act; and,
d) Comply with all other applicable state and federal laws
and regulations to protect the personal information of the
requester and guard against identity theft.
4)Provides that if a requester's identity cannot be established
electronically pursuant to 3) above, the requester may
accompany his or her request with a notarized statement of
identity.
EXISTING LAW:
1)Charges the Office of Vital Records, within the California
�
AB 2636
Page 3
Department of Public Health, with the responsibility of
maintaining a uniform system for registration and a permanent
central registry with a comprehensive and continuous index for
all birth, death, fetal death, marriage, and dissolution
certificates registered for vital events which occur in
California.
2)Allows the State Registrar, local registrar, or county
recorder to furnish a certified copy of birth, death, or
marriage to applicants upon request if:
a) The request is written, faxed, or a digitized image and
accompanied by a notarized statement that is written,
faxed, or a digitized image, sworn under penalty of
perjury, that the requester is an authorized person, as
defined; or,
b) The request is made in person, and the official takes a
statement, sworn under penalty of perjury, that the
requester is signing his or her own legal name and is an
"authorized person."
3)Defines "authorized person," for purposes of obtaining
certified copies of birth, death, or marriage records, as any
of the following:
a) The person who is the subject of the record or the
parent or legal guardian of that person;
b) A party who is entitled to receive the record as a
result of a court order;
�
AB 2636
Page 4
c) Law enforcement or governmental agency personnel
conducting official business;
d) A child, grandchild, sibling, spouse, domestic partner,
or grandparent of the person who is the subject of the
record;
e) An attorney or other person empowered to act on behalf
of the person who is the subject of the record; or,
f) An agent or employee of a funeral establishment who
orders death certificates when acting on behalf of
specified individuals.
4)Provides that, in all other cases in which the requester does
not meet the requirements of an authorized person, a certified
copy may be provided to the requester but the document shall
be an informational certified copy and shall be redacted to
remove any signatures that appear on the document. Requires
the certified copy to contain the statement "INFORMATIONAL,
NOT A VALID DOCUMENT TO ESTABLISH IDENTITY."
FISCAL EFFECT: This bill has not been analyzed by a fiscal
committee.
COMMENTS:
�
AB 2636
Page 5
1)PURPOSE OF THIS BILL. According to the author, individuals
seeking vital records in California suffer longer wait times
and pay significantly higher fees than individuals seeking
records in most other states due to outdated statutes that
govern vital records request policies. The author states that
county and local staff are significantly burdened by current
policies that dictate that a vital records request may only be
partially competed online, followed by a notarized affidavit
submitted on paper. This hybrid system of online requesting
means, practically, that a vital records request cannot be
processed without countless of hours of county staff time
wasted because staff must manually attach related documents
for each individual request as supporting documentation is
submitted. The author further asserts that California's
policies are drastically out of step with national trends to
increase access to vital government services through online
technologies, as 34 other states and 171 local jurisdictions
allow for digital authentication of vital records requests
online as a standard matter of practice.
2)BACKGROUND. The Office of Vital Records is charged with the
responsibility of maintaining a uniform system for
registration and a permanent central registry with a
comprehensive and continuous index for all birth, death, fetal
death, marriage, and dissolution certificates registered for
vital events which occur in California. Certified copies of
these records are available from the State Registrar, the 58
county recorders, and 61 local health jurisdictions.
3)ELECTRONIC AUTHENTICATION GUIDELINES. Electronic
authentication (e-authentication) is the process of
establishing confidence in user identities electronically
presented to an information system. E-authentication presents
a technical challenge when this process involves the remote
authentication of individual people over an open network (i.e.
�
AB 2636
Page 6
the internet), for the purpose of electronic government and
commerce. The NIST, under the U.S. Department of Commerce,
released guidelines in 2013 to provide technical guidance to
agencies to allow an individual to remotely authenticate his
or her identity to a federal IT system. These guidelines
address only traditional, widely implemented methods for
remote authentication based on secrets. With these methods,
the individual whose identity is authenticated proves that he
or she knows or possesses some secret information.
4)EXECUTIVE ORDER ON SECURING CONSUMER DATA ONLINE. In response
to several high profile consumer data breaches, potentially
leading to credit card fraud and identity crimes, President
Obama issued an executive order on October 17, 2014, aimed at
improving the security of consumer financial transactions.
The Executive Order states that "given that identity crimes,
including credit, debit, and other payment card fraud,
continue to be a risk to U.S. economic activity, and given the
economic consequences of data breaches, the United States must
take further action to enhance the security of data in the
financial marketplace. While the U.S. Government's credit,
debit, and other payment card programs already include
protections against fraud, the Government must further
strengthen the security of consumer data and encourage the
adoption of enhanced safeguards nationwide in a manner that
protects privacy and confidentiality while maintaining an
efficient and innovative financial system." In part, the
order directed the National Security Council staff, the Office
of Science and Technology Policy, and Office of Management and
Budget to present to the President by March, 2016 a plan to
ensure that all agencies making personal data accessible to
citizens through digital applications require the use of
multiple factors of authentication and an effective identity
proofing process, as appropriate.
5)SUPPORT. The Urban Counties Caucus, cosponsor of this bill,
writes in support that counties process thousands of these
�
AB 2636
Page 7
types of requests which can be very time consuming for both
county staff and consumers. This bill would provide a more
user-friendly way to get access to these records through
established systems that verify the user's identity which
could provide significant cost savings to counties and provide
better customer service. The California State Association of
Counties, cosponsor of the bill, states that updating vital
records requests could also reduce the overall cost for
consumers when obtaining vital records. The current fee for a
certified copy of a birth certificate in Los Angeles County
ranges from $23 to $28, and the average notary fee is an
additional $20.
6)OPPOSITION. Privacy Rights Clearinghouse (PRC) opposes on the
grounds that substitution of an electronic acknowledgement for
a notarized affidavit will facilitate the ability of identity
thieves and other fraudsters to obtain vital records that can
then be used to engage in criminal acts against Californians.
Vital records contain a wealth of personal information, which
if inappropriately released to the wrong person can result in
significant privacy violations. PRC further states that any
legislation expanding the ability to obtain vital records
online much have sufficient protections in place to protect
Californians' sensitive personal information and prevent
identity theft and other fraudulent activity.
7)PREVIOUS LEGISLATION.
a) AB 1238 (Linder) of 2015, substantially similar to this
bill, was held in the Assembly Appropriations Committee
suspense file.
b) AB 2275 (Ridley-Thomas) of 2014 was identical to this
bill and failed passage in the Senate Judiciary Committee.
�
AB 2636
Page 8
c) AB 464 (Daly), Chapter 78, Statutes of 2013, allows
digitized images, as defined, to be included as part of a
request for a certified copy of a birth, death, or marriage
record.
d) AB 130 (Jeffries), Chapter 412, Statutes of 2009,
extends the existing limitations on the release and access
of birth and death records to marriage records in order to
prevent the unauthorized use of personal information.
e) SB 471 (Margett) of 2007 would have required any
individual, authorized by law to obtain a certified copy of
a birth or death certificate, to show proof of
identification when the request is made in person, except
when the individual has been a victim of identity theft.
SB 471 died in the Senate Health Committee.
f) AB 247 (Speier), Chapter 914, Statutes of 2002,
authorizes the State Registrar, local registrar, or county
recorder to provide a certified copy of a birth or death
record to an authorized person who submits a statement
sworn under penalty of perjury that the requester is
signing his or her own legal name and is an authorized
person.
8)DOUBLE REFERRAL. This bill is double referred. Upon passage
of this Committee, this bill will be referred to the Assembly
Committee on Privacy and Consumer Protection.
�
AB 2636
Page 9
9)POLICY COMMENT. Vital records contain a wealth of personal
information, which if inappropriately released to the wrong
person could result in a significant violation of privacy.
Privacy is protected by California's Constitution, and must be
protected with the highest possible standards. Certified
copies of birth certificates can be used to fraudulently
obtain many other important documents such as passports,
driver's licenses, and identification cards. Certified copies
of death certificates can be used to fraudulently obtain
decedents' death benefits, including life insurance proceeds
and investment accounts. Given the inherent difficulties in
verifying the identity of an individual over the Internet, and
the countless opportunities for identity theft that vital
records in the wrong hands could create, very strong
protections must be in place to ensure that vital records are
safely maintained. The committee may wish to consider whether
the security standards set forth in this bill are sufficient
to protect against identity theft.
�
AB 2636
Page 10
REGISTERED SUPPORT / OPPOSITION:
Support
California State Association of Counties (cosponsor)
Urban Counties Caucus (cosponsor)
California Association of Clerks and Election Officials
California Association of County Veteran Service Officers
Computing Technology Industry Association
County Health Executives Association of California
County of San Bernardino
Little Hoover Commission
Los Angeles County Board of Supervisors
Riverside County Board of Supervisors
�
AB 2636
Page 11
Rural County Representatives of California
TechNet
Opposition
Privacy Rights Clearinghouse
Analysis Prepared by:Dharia McGrew / HEALTH / (916) 319-2097