BILL ANALYSIS �
Senate Appropriations Committee Fiscal Summary
Senator Christine Kehoe, Chair
1268 (Simitian)
Hearing Date: 05/24/2010 Amended: 05/19/2010
Consultant: Jacqueline Wong-HernandezPolicy Vote: T&H 8-0,
Judiciary 3-1
_________________________________________________________________
____
BILL SUMMARY: SB 1268 prohibits, with some exceptions, a
transportation agency from selling or otherwise providing
personally identifiable information of a person who subscribes
to an electronic toll collection system or who uses a toll
facility that employs such system and establishes time periods
up to which an agency may retain that information. This bill
would specify several exceptions to this prohibition and include
a privacy-policy notice requirement to subscribers, as
specified. This bill authorizes local transportation authorities
to charge a fee to electronic toll collection system users
recover the costs of implementing these provisions. This bill
also provides that a transportation agency may only make
personally identifiable information available to a law
enforcement agency pursuant to a search warrant, with specified
exceptions and notification requirements.
_________________________________________________________________
____
Fiscal Impact (in thousands)
Major Provisions 2010-11 2011-12
2012-13 Fund
User privacy protections
Prohibits sales/sharing $0
$0 $0 Local*
Retention restrictions Unknown potential
costs, recovered by fees Local*
*Transit authorities
_________________________________________________________________
____
STAFF COMMENTS:
This bill places new requirements on entities that administer
electronic toll collection systems, which are primarily local
transit authorities. Fee authority is provided in the bill to
�
allow any transportation agency affected by this bill to charge
fees to electronic toll collection system users to recover the
costs of implementing the privacy protections afforded by this
bill.
Transportation agencies would be prohibited a transportation
agency from selling or otherwise providing to any other person
or entity personally identifiable information of any person who
subscribes to an electronic toll collection system or who uses a
toll bridge, toll lane, or toll highway that employs an
electronic toll collection system. CalTrans is already
statutorily prohibited from these activities, and local transit
authorities have indicated that they do not sell or share users'
personally identifiable information.
This bill would require a transportation agency that uses an
electronic toll collection system to establish a privacy policy
concerning the collection and use of personally identifiable
information and to post the policy on its website. The policy
must include:
Page 2
SB 1268 (Simitian)
1) The types of personally identifiable information collected by
the agency; 2) the categories of third-party persons or entities
with whom the agency may share personally
identifiable information; 3) the process by which a
transportation agency notifies subscribers of material changes
to its privacy policy; 4) the effective date of the privacy
policy; and 5) the process by which a subscriber may review and
request changes to any of his or her personally identifiable
information.
This bill would further require that transportation agencies
"within practical business and cost constraints," store only
personally identifiable information of a person such as the
account name, credit card number, billing address, vehicle
information, and other basic account information required to
perform account functions such as billing, account settlement,
or enforcement activities. All other information must be
discarded six months after the closure date of the billing cycle
or 60 days after the bill has been paid, whichever occurs last.
Additionally, this bill provides that a transportation agency
shall "within practical business and cost constraints," purge
the personal account information of an account within 60 days
�
after the date the account is closed or terminated.
The cost of purging information will vary by transportation
agency, and depend largely on the agency's data system. For more
advanced, modern systems, purging specified information should
be a relatively simple process addition to the computer system.
For antiquated systems, a new platform maybe need to be
constructed to allow for continual purging, based on activity
dates. In either case, this bill allows fees to be charged to
electronic toll system users to cover the cost of implementing
this bill. Because the bill employs subjective language stating
the requirement is for the tasks to be completed "within
practical business and cost constraints", it is unclear whether
expensive system fixes would be able to be enforced.
The bill provides for civil penalties and civil actions against
an entity that sells a user's personally identifiable
information that is protected by these provisions.