Privacy Legislation Enacted in 2008

Unless otherwise noted, all laws go into effect January 1, 2009

AB 86 (Lieu) - Cyberbullying
This law amends existing law to add provisions related to bullying of pupils committed by means of an electronic act, adds a definition of "electronic act", and authorizes school officials to suspend or recommend for expulsion pupils who engage in bullying, as specified. Education Code §§ 32261, 32265, 32270, and 48900.

AB 211 (Jones) - Patient Privacy
This law requires health care providers to implement reasonable safeguards to protect patients' medical information from unlawful access, use or disclosure. It creates the Office of Health Information Integrity within the California Health and Human Services Agency, with the authority to assess administrative fines up to $250,000 against individuals or entities for violation, and to refer individuals, if licensed, to appropriate licensing boards. Civil Code § 56.36, Health & Safety Code § 130200 and following

AB 372 (Salas) - Security Freeze
This law simplifies the procedures and reduces the cost for consumers of placing a security freeze on their credit files. 1) It allows consumers to use regular mail, rather than certified, to request a freeze. 2) It requires consumer credit reporting agencies to place the freeze within three days of receiving the request, rather than five. 3) It lowers the maximum fee allowed for temporarily lifting a freeze for a specific party from $12 to $10. 4) For consumers 65 and older, it reduces the freeze fees allowed from $10 to $5 for each credit reporting agency (for placing or temporarily lifting a freeze). Civil Code § 1785.11.2 and 1785.15

SB 31 (Simitian) - Eavesdropping on RFID
This law makes it a misdemeanor to intentionally remotely read or attempt to read another person's identification document that uses radio-frequency identification (RFID), without the person's knowledge or consent. It also makes it a misdemeanor to reveal the operational system keys used in a contactless identification document. Both crimes are punishable by a jail term of up to one year and/or a fine of up to $1,500. Civil Code § 1798.79 and following

SB 541 (Alquist) - Medical Information Breaches
This law increases certain administrative penalties for health facility deficiencies that jeopardize patient health and safety. It also requires certain health facilities to prevent unlawful or unauthorized access to, or use or disclosure of, a patient's medical information, subject to fines for violation of up to $25,000 per patient record, and up to $17,500 per subsequent occurrence. It sets fines and notification requirements for breaches of patient medical information and requires facilities to report such breaches to the California Department of Public Health. It authorizes the Department of Public Health to assess administrative penalties of $100 per day for failure to report a breach, to a maximum of $250,000. Health & Safety Code §§ 1280.1, 1280.3 and 1280.15

SB 612 (Simitian) - Identity Theft Jurisdiction
This law expands the venue for trial of some identity theft crimes to include the county in which the victim resides. It also authorizes the trial court to hold a hearing to determine whether the county of the victim's residence is the appropriate place for trial in a particular case. Penal Code § 786

SB 1116 (Alquist) - High Technology Crime Advisory Committee
This law makes minor technical changes in the composition of the High Technology Crime Advisory Committee, which formulates strategies to address high technology crime through regional multi-jurisdictional task forces. It designates the Director of the Office of Emergency Services, rather than the Director of Finance, as the appointing authority, updates references to existing members, and adds a representative of the Office of the Chief Information Officer. Penal Code § 13848.6

Legislation chaptered in: 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999