california privacy law: resources & protections
Post on 21-Oct-2014
1.026 views
DESCRIPTION
By Joanne McnabbTRANSCRIPT
Intellectual Property Society Seminar, January 20, 2004 1
CA Privacy Law: Resources & Protections
Joanne McNabb, ChiefOffice of Privacy ProtectionCalifornia Department of Consumer Affairs
2
Constitutional Right All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.
Article 1, Section 1, Constitution of the State of California
3
Office of Privacy ProtectionCA is only state with such an agencyCreated by law passed in 2000Purpose:
“protecting the privacy of individuals’ personal information in a manner consistent with the California Constitution by identifying consumer problems in the privacy area and facilitating development of fair information practices”
4
Office of Privacy ProtectionOffice functions
Consumer assistanceEducation and informationCoordination with law enforcementBest practice recommendations
5
Concerns of Contacts to OPP
17%
9% 8% 6%2% 3% 3%
38%
15%
0%
10%
20%
30%
40%
ID Theft
Concerns
ID Theft
Victim
s
Policies
& Practices
Telemarketi
ng
Financial
Other Unsolici
ted
Medical
General
OPP
11/01-12/03
6
Education and InformationConsumer Information Sheets
ID theft prevention, victim checklist, “criminal” ID theftProtecting SSNs, reading privacy policies, controlling unwanted communicationsHealth info privacy
Workshops and presentations86 for consumers, 64 for business (11/01-12/03)
7
Work with Law EnforcementAdvisory Committee to High Tech Crimes/Identity Theft Task Force
5 regional task forces of local, state and federal law enforcement
Provide information on new laws via web siteMake case referrals
8
“Best Practice” RecommendationsRecommendations of “best practices,” beyond legal requirements By phone in response to requestsWritten sets developed with advisory groups
SSN ConfidentialityNotification of Security Breach
9
CA Privacy Laws Enacted 1999-2003
5
97
1615
02468
1012141618
1999 2000 2001 2002 2003
10
Fair Information Practice Principles (FIPS)TransparencyCollection LimitationPurpose SpecificationUse LimitationData QualityIndividual ParticipationSecurityAccountability
11
CA Privacy Laws & FIPsLimits on collection of personal infoLimits on use of personal infoRequirements of notice of privacy rightsLimits on unwanted commercial communications Requirements for data securityRequirements for individual access to personal infoRights & remedies for identity theft victims
12
Limits on Collection of Personal Information
Ban on recording any personal info when accepting payment by credit cardBan on recording DL # when accepting payment by checkBan on collecting DL# and SSN for supermarket club cardsBan on wiretapping, CATV/satellite TV monitoringBan on state agency collecting personal info not authorized by law or regulation (IPA)
13
Limits on Use of Personal Information 1Info “swiped” from drivers licenses (except for age verification, etc.)Onward sharing of “marketing info” of credit card holders subject to opt-out rightPublic display of Social Security numbersOnward sharing of personal info collected for supermarket club cards
14
Limits on Use of Personal Information 2Printing of >5 digits of credit card numbers on electronic customer receiptsOnward sharing of residential telephone customer calling patterns, financial info, etc.Use by state agency other than as authorized by law (IPA, but cf. Public Records Act)
15
Limits on Use of Personal Information 3
Onward sharing of medical info, other than for TPO, subject to prior consentUse of medical info for marketing purposes, as defined Limited access to birth/death certificates, no SSNs or MMNs on publicly available birth/death record indices
16
Limits on Use of Personal Information 4Sharing of consumer credit & background info, except for specified purposes, by CRAs, Investigative RAs (but cf. FCRA/FACTA)Sharing of personal financial info w/ 3rd
parties by financial institutions (SB 1, eff. 7/1/04)Use of auto “black box” data for other than vehicle safety, etc. (AB 213, eff. 7/1/04)
17
Notice Requirements 1Notice of security breach involving specified personal infoNotice to vets from county recorder re DD214s as public recordsNotice on collection of personal info by state agencies (IPA)Privacy policy notice in state offices and on agency web sites
18
Notice Requirements 2Notice of privacy policies/practices on commercial web sites collecting personal info on CA residents (AB 68, eff. 7/04)Upon request, notice to customer of info sharing details or opt-out opportunity (SB 27, eff. 1/05)Notice of presence of auto “black box” in owner’s manual or subscription contract (AB 213, eff. 7/04)
19
Data SecurityDestruction of customer records by businesses by shredding, etc.Activation process required on substitute credit cards mailed to consumersCredit/debit card “skimmers” outlawedState agencies must use security safeguards to protect personal info (IPA)
20
Individual Access to InformationAccess to and right to correct personal info in records of state agencies (IPA)Access to and right to dispute personal info in medical records (PAHRA, cf. federal HIPAA)
21
Limits on Commercial CommunicationsDo-Not-Call Registry (state/federal laws)Ban on unsolicited commercial text messages sent to cell phones/pagersBan on spam sent in violation of ISP’s policyBan on spam sent w/out prior consent of recipient (but cf. federal CAN SPAM Act)
22
Identity Theft Rights & RemediesDefinition of crime, including possession of documents with intent to defraudRequirement of local police to take reportExpedited judicial process for victimsDatabase for victims of “criminal” ID theft Victim rights in debt collection and against claimantsVictim access to documents on fraudulent accounts (but cf. FCRA/FACTA)
23
Joanne McNabb, ChiefOffice of Privacy ProtectionCalifornia Department of Consumer Affairs400 R Street, Suite 3080Sacramento, CA 95814916-322-4420www.privacy.ca.gov866-785-9663