BILL ANALYSIS �Ó
SENATE JUDICIARY COMMITTEE
Senator Hannah-Beth Jackson, Chair
2015-2016 Regular Session
AB 2636 (Linder)
Version: April 12, 2016
Hearing Date: June 28, 2016
Fiscal: Yes
Urgency: No
NR
SUBJECT
Certified copies of marriage, birth, and death certificates:
electronic application
DESCRIPTION
This bill would, if the request for a certified copy of a birth,
death, or marriage record is made electronically, authorize the
official to accept electronic acknowledgment verifying the
identity of the applicant using a multilayered remote identity
proofing process, as specified.
BACKGROUND
The Office of Vital Records is charged with the responsibility
of maintaining a uniform system for registration and a permanent
central registry with a comprehensive and continuous index for
all birth, death, fetal death, marriage, and dissolution
certificates registered for vital events which occur in
California. Certified copies of these records are available
from the State Registrar, the 58 county recorders, and 61 local
health jurisdictions.
In November 2001, it was reported that the state had sold the
birth records of more than 24 million Californians which were
then posted on the Internet. The Senate Insurance Committee held
an informational hearing in response, "Personal Privacy at
Risk," which demonstrated the ease with which identity thieves
could obtain personal information about others. The
informational hearing also revealed that the State Registrar
routinely sold electronic compilations of public record
information to anyone who could pay for the records with no
�
AB 2636 (Linder)
Page 2 of ?
restrictions on their use. The records sold covered births from
1905 to 1995, and included the county of birth, the person's
full name, date of birth, and the person's mother's maiden name.
A mother's maiden name and date of birth are common personal
identifiers used by financial institutions to determine if a
person may have access to an individual account.
In order to prevent fraud and identity theft, the Legislature
has since enacted a number of protective measures with regard to
vital records, including AB 247 (Speier, Ch. 914, Stats. 2002)
and AB 1614 (Speier, Ch. 712, Stats. 2002) which established
controls for the release of, and access to, birth and death
records. AB 130 (Jeffries, Ch. 412, Stats. 2009) extended the
existing limitations on release and access of birth and death
records to marriage records in order to prevent the unauthorized
use of personal information. Recently, AB 464 (Daly, Ch. 78,
Stats. 2013) updated the law regarding vital records to allow
digitized images to be used, in addition to written or faxed
documents, as part of a request for a certified copy of a vital
record. Existing law requires that these requests be
accompanied by a notarized statement, sworn under penalty of
perjury, that the requester is an authorized person. Instead of
requiring a notarized statement, which may also be scanned and
mailed electronically, this bill, which is substantially similar
to AB 2275 (Ridley-Thomas, 2014), would allow a registrar or
county recorder to accept electronic acknowledgment that the
requester of a record is an authorized person.
CHANGES TO EXISTING LAW
Existing law allows the State Registrar, local registrar, or
county recorder to furnish a certified copy of birth, death, or
marriage to applicants upon request if:
the request is written, faxed, or a digitized image and
accompanied by a notarized statement that is written, faxed,
or a digitized image, sworn under penalty of perjury, that the
requester is an authorized person, as defined; or
the request is made in person, and the official takes a
statement, sworn under penalty of perjury, that the requester
is signing his or her own legal name and is an "authorized
person." (Health & Saf. Code Sec. 103526.)
Existing law defines "authorized person," for purposes of
obtaining certified copies of birth, death, or marriage records,
as any of the following:
�
AB 2636 (Linder)
Page 3 of ?
the person who is the subject of the record or the parent or
legal guardian of that person;
a party who is entitled to receive the record as a result of a
court order;
law enforcement or governmental agency personnel conducting
official business;
a child, grandchild, sibling, spouse, domestic partner, or
grandparent of the person who is the subject of the record;
an attorney or other person empowered to act on behalf of the
person who is the subject of the record; or
an agent or employee of a funeral establishment who orders
death certificates when acting on behalf of specified
individuals. (Health & Saf. Code Sec. 103526 (c).)
Existing law provides that, in all other cases in which the
requester does not meet the requirements of an authorized
person, a certified copy may be provided to the requester, but
the document shall be an informational certified copy and shall
be redacted to remove any signatures that appear on the
document. Existing law requires the certified copy to contain
the statement "INFORMATIONAL, NOT A VALID DOCUMENT TO ESTABLISH
IDENTITY." (Health & Saf. Code Sec. 103526 (b).)
This bill would authorize the State Registrar, or a local
registrar or county recorder to accept electronic
acknowledgement, if the applicant's identity is verified using a
multilayered remote identity proofing process that complies with
the following requirements:
meets or exceeds the National Institute of Standards and
Technology (NIST) electronic authentication guideline for
multilayered remote identity proofing; and
verifies a valid government-issued identification number, and
a financial or utility account number.
This bill would require that the verification must occur through
record checks with the state or local agency or a credit
reporting agency or similar database and shall confirm that the
name, date of birth, address, or other personal information in
the record checks are consistent with the information provided
by the applicant.
COMMENT
1.Stated need for the bill
�
AB 2636 (Linder)
Page 4 of ?
According to the author:
Unfortunately, individuals seeking vital records in California
suffer longer wait times and pay significantly higher fees
than individuals seeking records in almost every other state
due to outdated statutes that govern vital records requesting
policies in California. [?]Vital records (typically birth,
death, marriage and divorce records) are critical documents
which are required for many of life's most significant events.
This is particularly true for birth and death records. For
example, birth certificates are necessary for school
enrollment, participation in youth sports, obtaining a
driver's license, obtaining a passport, and applying for
Social Security or Medicaid benefits. Death certificates are
documents often needed by loved ones in order to obtain life
insurance benefits, and close out financial accounts and
investments, etc. Each of these documents is frequently needed
expeditiously and more often than not, the individual needing
them does not live in the city, county, or even state where
the birth or death occurred. [?]
AB 2636 brings California into conformity with all other
states in the country, except for Minnesota, that do not
require a separate notarized statement of identity when making
a remote request for vital records. The bill follows the
findings of the Little Hoover Commission's 2015 Report seeking
a more customer-centric delivery of California government
services by allowing for secure online processing of vital
records requests benefitting both county staff and California
citizens at large.
The California State Association of Counties, sponsor, writes:
California and Minnesota are the only two states in the nation
which currently require a notarized statement in conjunction
with the online request. The option of being able to fully
submit an electronic request will significantly reduce
processing time for customers. This process will also reduce
the overall cost for obtaining copies of vital records. For
example, the current fee for a certified copy of a birth
certificate in Los Angeles County ranges from $23 to $28. The
average notary fee for an affidavit is as much as $20. The
total fee for someone requesting this record under the current
system of a partial online request could be as much as $50.
Contra Costa County processed 5,628 electronic orders last
�
AB 2636 (Linder)
Page 5 of ?
year - the staff time involved in document matching would have
saved the county 1,426 staff hours or approximately 35 weeks
of work.
2.Potential for identity theft
This bill would eliminate the requirement that a person submit a
notarized statement of identification when he or she
electronically requests vital records. The author argues that
this is necessary because "in 2012, Los Angeles County's
Registrar received more than 64,000 online requests for vital
records. This accounted for 22% of all requests for vital
records that year. The average wait time for a customer who
submits a vital records request under the current system, that
is partially an electronic submission, is 6 to 8 weeks. [?]This
is not to mention the additional price of the notary fee on
consumers which adds an additional average of $10 to $15 to the
existing cost of a copy of a vital record. In Los Angeles, the
cost of a vital record is $28, meaning that consumers are paying
over a third of the cost for a fee that no other state charges
except for Minnesota and is not necessary as identities can be
confirmed online as evidenced by California's voter registration
system."
The requirement that a person requesting a certified copy of a
vital record must include a notarized statement of identity was
created as a security precaution to protect against fraud and
identity theft. In opposition to this bill, the Privacy Rights
Clearinghouse (PRC) argues that such protections continue to be
necessary. PRC writes:
The substitution of an electronic acknowledgement for a
notarized affidavit will facilitate the ability of identity
thieves and other fraudsters to obtain vital records that can
then be used to engage in criminal acts against Californians.
Certified copies of birth certificates can be used to
fraudulently obtain many other important documents such as
passports, driver's licenses, and identification cards.
Certified copies of death certificates can be used to
fraudulently obtain decedents' death benefits, including life
insurance proceeds and investment accounts.
Vital records contain a wealth of personal information, which
if inappropriately released to the wrong person can result in
a significant violation of privacy. Privacy is protected by
�
AB 2636 (Linder)
Page 6 of ?
California's Constitution, and should not be set aside merely
to facilitate the issuance of vital records.
Arguably, an electronic identity verification process offers
little assurance that identity thieves will not receive
documents that can, by their nature, be used to establish
identity. The sponsor and the author argue that the high cost
associated with obtaining a vital record justifies a more
affordable, elctronic process, but the costs associated with
identity theft are arguably much higher. It should be noted
that individuals can always request vital records without the
use of a notary, but those documents are for informational
purposes only and not to establish identity. If a person wishes
to use the document for identification purposes, the request
must be notarized or the individual must submit the request in
person. This bill seeks to instead allow individuals to request
vital records that can be used for identification purposes
without the use of a notary. Given the inherent difficulties in
verifying the identity of an individual over the Internet, and
the countless opportunities for identity theft that vital
records in the wrong hands create, strong protections must be in
place to ensure that vital records are safely maintained.
3.Security measures
AB 2275 (Ridley-Thomas, 2014), which was substantially similar
to this bill, failed passage in the Senate Judiciary Committee
in 2014. The Committee analysis noted that the bill lacked
adequate security measures and that the increased risk of
identity theft outweighed the benefits of the bill.
AB 2275 required that an electronic request for a vital record
to provide a method for the official to establish the identity
of the requester electronically. The method established to
process electronic requests and establish the requester's
identitywas required to comply with the provisions of the
California Uniform Electronic Transactions Act (Act). (Civ.
Code Secs. 1633.1-1633.17.) The purpose of the Act is to
standardize state laws regarding retention of paper records
(namely checks) and electronic signatures, in an effort to
facilitate the validity of electronic contracts and
transactions.
The Committee analysis noted that the Act does little in the way
of providing security against fraud. It allows for electronic
notarization of signatures and provides that the requirement of
�
AB 2636 (Linder)
Page 7 of ?
an electronic signature under penalty of perjury is satisfied if
the "electronic record includes, in addition to the electronic
signature, all of the information as to which the declaration
pertains together with a declaration under penalty of perjury by
the person who submits the electronic signature that the
information is true and correct." (Civ. Code Sec. 1633.11(a) -
(b).) Further, the Act does not require any standard of
security, but merely defines a security procedure as "a
procedure employed for the purpose of verifying that an
electronic signature, record, or performance is that of a
specific person or for detecting changes or errors in the
information in an electronic record. The term includes a
procedure that requires the use of algorithms or other codes,
identifying words or numbers, encryption, or callback or other
acknowledgment procedures." (Civ. Code Sec. 1633.2(n).)
Accordingly, this bill includes additional security provisions
than those included in AB 2275. In addition to compliance with
the Act, this bill requires a "multilayered remote identity
proofing process" that "meets or exceeds the National Institute
of Standards and Technology (NIST) electronic authentication
guideline." This includes that a valid government-issued
identification number and a financial or utility account number
are verified.
The American Civil Liberties Union, in opposition, argues that
privacy protections should not be set aside merely to facilitate
the issuance of vital records:
If this legislation is to be enacted it should include a
two-year sunset in order to assess the impacts of loosening
the requirements for obtaining vital records online.
Additionally, the bill should include a reporting mechanism
for people who have been victims of identity theft and
prohibit fulfilling vital records requests of persons who have
placed fraud alerts or credit reports on their account when
the request is submitted using multilayered remote identity
proofing. If a public entity wishes to release records
without a notarized affidavit of identity, the entity
furnishing the records must be liable for any identity theft
that occurs after a person uses this process to request a
vital record.
In light of the above concerns and the Committee's reluctance to
pass similar legislation in the past, if this Committee were to
approve this bill it should consider doing so only if the bill
�
AB 2636 (Linder)
Page 8 of ?
include a two year sunset so that the Legislature may review the
impacts of allowing individuals to request vital records online.
The author may wish to additionally consider including a
mechanism for acknowledging fraud alerts that have been placed
by persons who have experienced identity theft.
Suggested amendment:
Sunset the provisions of the bill on January 1, 2019.
Support : California Association of Clerks and Election
Officials; California Association of County Veteran Service
Officers; Computing Technology Industry Association (CompTIA);
County Health Executives Association of California (CHEAC)
Little Hoover Commission; Los Angeles County Board of
Supervisors; Riverside County Board of Supervisors; Rural County
Representatives of California (RCRC); San Bernardino County;
Tarrant County Clerk's Office; TechNet;
Opposition : ACLU of California; Privacy Rights Clearinghouse
HISTORY
Source : California State Association of Counties; Urban
Counties of California
Related Pending Legislation : None Known
Prior Legislation :
AB 2275 (Ridley-Thomas) See Comment 3.
AB 464 (Daly, Chapter 78, Statutes of 2013) allowed digitized
images, as defined, to be included as part of a request for a
certified copy of a birth, death, or marriage record.
AB 130 (Jeffries, Chapter 412, Statutes of 2009) extended the
existing limitations on the release and access of birth and
death records to marriage records in order to prevent the
unauthorized use of personal information.
SB 1398 (Margett and Hollingsworth, 2008) was substantially
similar to SB 471. This bill died in the Senate Health
Committee.
�
AB 2636 (Linder)
Page 9 of ?
SB 471 (Margett, 2007) would have required any individual,
authorized by law to obtain a certified copy of a birth or death
certificate, to show proof of identification when the request is
made in person, except when the individual has been a victim of
identity theft. This bill died in the Senate Health Committee.
SB 904 (Battin, 2007) would have required the county recorder,
when furnishing an informational copy of a military service
record, to alter that record by masking the service member's
personal information, as specified, without incurring any
liability. This bill was vetoed by Governor Schwarzenegger.
AB 1179 (Parra, Chapter 6, Statutes of 2004) prohibited county
recorders from providing certified copies of military discharge
papers except to specified persons and allowed county recorders
to accept faxed, notarized documents when specified information
is present and photographically reproducible.
AB 247 (Speier, Chapter 914, Statutes of 2002) authorized the
State Registrar, local registrar or county recorder to provide a
certified copy of a birth or death record to an authorized
person who submits a statement sworn under penalty of perjury
that the requester is signing his or her own legal name and is
an authorized person.
Prior Vote :
Assembly Floor (Ayes 80, Noes 0)
Assembly Appropriations Committee (Ayes 20, Noes 0)
Assembly Privacy and Consumer Protection Committee (Ayes 11,
Noes 0)
Assembly Health Committee (Ayes 19, Noes 0)
**************