Privacy Legislation Enacted in 2015

The California Legislature considers many bills on privacy issues each year. This page summarizes some of the recently enacted bills. To get more information on the bills, go tohttp://leginfo.legislature.ca.gov.

Unless otherwise noted, laws go into effect January 1, 2016.

• AB 32 (Waldron) Cyber Exploitation: Penalty Increase
  This law increases the penalty for online harassment or "revenge porn" from a maximum of $5,000, to a maximum of $10,000 for each "digital image…distributed." Penal Code § 502
• AB 670 (Irwin) Information Security: State Agencies
  This law requires the California information Security Office, in the Department of Technology, to conduct or require at least 35 independent security assessments of state agencies annually. Government Code § 11549.3
• AB 856 (Calderon) Aerial Photography: Invasion of Privacy
  This law expands existing law on physical invasion of privacy to include when a person knowingly enters into the airspace of another person without permission in order to capture a visual image, sound recording, or other impression of someone engaging in a private, personal or familiar activity, in a manner that is offensive to a reasonable person.. Civil Code § 1708.8
• AB 1116 (Committee on Privacy and Consumer Protection) Connected televisions
  This law prohibits the operation of a voice recognition feature in a connected television without first prominently informing the user, and also prohibits the use or sale for advertising purposes of recordings of spoken words and conversations captured by a connected television for the purpose of improving its voice recognition feature. Business & Professions Code § 22948.20-22948.25
• AB 1310 (Gatto) Cyber Exploitation:  Search Warrants and Jurisdiction
  This law expands jurisdiction for crimes where a person intentionally distributes an image(s) of intimate body parts or sexual acts of another person, where it was agreed that the image(s) would remain private, causing emotional distress (also called "revenge porn"). It allows law enforcement to use a search warrant to get the contents of communications between a customer and service provider. Penal Code §§ 786 and 1524.3
• AB 1541 (Assembly Privacy and Consumer Protection Committee) Information Security
  This law adds (1) a username of email address in combination with password or security question and answer; and (2) health insurance information to the definition of personally identifiable information in the law requiring businesses to protect the information with reasonable and appropriate security. Civil Code § 1798.81.5
• SB 34 (Hill) Automated License Plate Recognition Systems
  This law regulates the privacy and usage of data collected by an automatic license plate recognition (ALPR) system, including prohibiting public agencies from selling or sharing the information except to another public agency and limiting use of the information to authorized purposes. The law also adds information collected through an ALPR system to the definition of personal information in the data breach notification law. Civil Code §§ 1798.29, 1798.82 and 1798.90.5-1798.90.55
• SB 178 (Leno et al.) California Electronic Communications Privacy Act (CalECPA)
  This law generally requires law enforcement entities to obtain a search warrant before accessing data on an electronic device or from an online service provider. Penal Code § 1546 et seq.
• SB 570 (Jackson) Breach Notice Format
  This law requires data breach notices to be titled "Notice of Data Breach" and to follow a standard format in which required content is organized under the headings "What Happened," "What Information Was Involved," "What We Are Doing," "What You Can Do," and "For More Information." It also provides a model breach notice form that affected organizations may use to notify data breach victims. It also requires that organizations who notify victims using the "substitute notice" method to post a website link to the notice conspicuously, as defined, and maintain the notice on the website for at least 30 days. Civil Code §§ 1798.29 and 1798.82
• SB 676 (Cannella) Cyber Exploitation: Forfeiture of Images and Equipment
  This law requires the pre-conviction forfeiture of an image and post-conviction forfeiture of equipment involved in cyber exploitation or "revenge porn," as defined. Penal Code §§ 502.01 and 647.8
• SB 741 (Hill) Mobile Communications: Privacy
  This law establishes requirements that local agencies must meet before acquiring cellular communications interception technology. The requirements include maintaining reasonable security procedures to protect information collected through the technology, implementing a usage and privacy policy that covers the authorized purposes for using the technology, the authorized users, policies and restrictions on sharing the information, and the retention period for the information, among other things. Government Code § 53166