Privacy Legislation Enacted in 2013

  • AB 370 (Muratsuchi) Online tracking transparency This law requires the operator of a commercial web site or online service to disclose in its privacy policy how it responds to a web browser Do Not Track signal or similar mechanism providing consumers with the ability to exercise choice about online tracking (the collection of personal information across sites or services and over time). It also requires the operator to disclose whether third parties are or may be conducting such tracking on the operator’s site or service. Business and Professions Code § 22575

  • AB 658 (Calderon) Confidentiality of Medical Information Act: Medical Apps This law applies the prohibitions of the Confidentiality of Medical Information Act to any business that offers medical application software that is designed to allow individuals to manage their health information, as defined, or care. The Act’s requirements include keeping medical information confidential when creating, maintaining or disposing of it. Civil Code § 56.06

  • AB 1149 (Campos) Data breach notification: local agencies This law imposes the requirements of the data breach notification law, including those in SB 46(below), on local government agencies. Civil Code § 1798.29

  • SB 46 (Corbett) Data breach notification This law amends the breach notice law to require notification of breaches of user ID and password permitting access to online accounts. Civil Code §§ 1798.29 & 1798.82

  • SB 530 (Wright) Employment Background Checks: Expunged Records This law prohibits employers from asking job applicants about criminal records that have been expunged, sealed or dismissed. Labor Code § 432.7, Penal Code § 4852.22

  • SB 568 (Steinberg) Digital Privacy Rights for Minors As of January 1, 2015, this law will prohibit an operator of a Web site or online service directed to minors (California resident under 18) from marketing or advertising to minors specified products or services that minors are legally prohibited from buying. The law will prohibit an operator with actual knowledge that a minor is using it from marketing or advertising such products based on information specific to that minor and knowingly using, disclosing, compiling, or allowing a third party to do so, the personal information of a minor for the purpose of marketing or advertising such products or services. The law will apply this prohibition to an advertising service that is notified by an operator that the site or service is directed to a minor. The law will also require the operator to permit a minor, who is a registered user of the operator’s site or service, to request and obtain removal of content or information posted on the operator’s site or service by the minor, with exceptions. Business and Professions Code §§ 22580-22582

  • AB 1274 (Bradford) Privacy of Customer Electrical and Natural Gas Usage Data This law extends many of the consumer privacy protections that apply to customer usage data maintained by electric and gas utilities to other third-party business that may handle the data. It prohibits such businesses from sharing, disclosing or otherwise making customer usage data accessible to any third party without the customer’s express content. It requires conspicuous disclosure of with whom such data will be shared and how it will be used, and requires businesses to implement and maintain reasonable security to protect the data from unauthorized disclosure. It also prohibits a business form offering incentives or discounts for accessing the data and provides a private right of action for damages for willful violation. Civil Code §§ 1798.98-1798.99

Legislation chaptered in: 2017 | 2016 | 2015 | 2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999