BILL ANALYSIS �
AB 1168
Page 1
Date of Hearing: May 2, 2007
ASSEMBLY COMMITTEE ON APPROPRIATIONS
Mark Leno, Chair
AB 1168 (Jones) - As Amended: April 16, 2007
Policy Committee:
JudiciaryVote:10-0
Higher Education 6-0
Urgency: No State Mandated Local Program:
Yes Reimbursable: Yes
SUMMARY
This bill requires specified public agencies to truncate Social
Security numbers (SSNs) in any records that might be displayed
to the public. Specifically, this bill:
1)Requires all colleges and universities located in California
to truncate SSNs from electronic records accessible through
the Internet so that no more than the last four digits of any
SSN are displayed.
2)Authorizes the Attorney General, or any injured person, to
bring a civil action to enforce the above provision.
3)Prohibits a local agency from disclosing to the public any
record that is required to be open to the public by any
provision of law if the record displays more than the last
four digits of any SSN, and makes conforming changes to the
Commercial Code relative to the filing of financial statements
under the Uniform Commercial Code and the forms required for
such filings.
4)Requires the Franchise Tax Board (FTB), unless prohibited by
federal law, to redact the first five digits of any SSN on
lien abstracts or any other public records created by FTB.
FISCAL EFFECT
1)California State University (CSU) . CSU uses Oracle software
systemwide. This database does not provide for the truncation
�
AB 1168
Page 2
of social security numbers, and according to CSU, to do so,
every read/write operation needs to be modified. The entire
system baseline would need to be rewritten, as well as every
third party application that touches the data. CSU believes
the initial rewrite could far exceed $10 million, and there
will be similar multi-million dollar costs required to analyze
and modify each new system "application release" received from
Oracle.
2)The University of California does not have an estimate but
believes that costs will be significant. The university
indicates that it is working with the author.
3)The California Community Colleges indicates that the
Chancellor's Office and the districts are already in
compliance with the bill's requirements.
4)County recorders believe the bill, as currently written, would
make it impractical operationally to continue releasing public
records containing SSNs, but indicate that they are working
with the author.
5)The Franchise Tax Board indicates no additional costs.
COMMENTS
Background and Purpose . Identity theft occurs whenever someone
uses the personal identifying information of another person for
an unlawful purpose, including to obtain, or attempt to obtain,
credit, goods, services, or medical information in the name of
the other person without that person's consent. According to the
Federal Trade Commission (FTC), identity theft has consistently
topped the list of consumer fraud complaints for at least the
last six years. The 255,000 complaints of identity theft filed
in 2005 with the FTC constituted 37% of all complaints. The most
common form of identity theft is opening a line of credit in the
victim's name. For the identity thief, the social security
number is the single-most useful tool.
According to the author, the risk of identity theft is even
�
AB 1168
Page 3
greater in California, which accounted for 45,000 of the 255,000
reported cases in 2005. Because the social security number is
such a crucial piece of information in facilitating identity
theft, this bill would prohibit various public entities from
disclosing more than the last four digits of a social security
number unless they are otherwise required to do so by federal
law. In particular, the author targets three areas that have
proven most subject to abuse: (1) local public records,
especially court records, (2) colleges and universities, and (3)
the California Franchise Tax Board.
Analysis Prepared by : Chuck Nicol / APPR. / (916) 319-2081