CA Privacy Law:
Resources & Protections
Joanne McNabb, Chief
Office of Privacy Protection
California Department of Consume...
Constitutional Right
  All people are by nature free and independent
  and have inalienable rights. Among these are
  enjo...
Office of Privacy Protection
  CA is only state with such an agency
  Created by law passed in 2000
  Purpose:
    “protec...
Office of Privacy Protection
  Office functions
    Consumer assistance
    Education and information
    Coordination wit...
Concerns of Contacts to OPP
       40%         38%

       30%

       20%                          17%
                  ...
Education and Information
 Consumer Information Sheets
   ID theft prevention, victim checklist, “criminal”
   ID theft
  ...
Work with Law Enforcement
 Advisory Committee to High Tech
 Crimes/Identity Theft Task Force
   5 regional task forces of ...
“Best Practice” Recommendations
 Recommendations of “best practices,” beyond
 legal requirements
 By phone in response to ...
CA Privacy Laws Enacted 1999-2003
18
16                          16
                                   15
14
12
10
       ...
Fair Information Practice Principles (FIPS)
   Transparency
   Collection Limitation
   Purpose Specification
   Use Limit...
CA Privacy Laws & FIPs
 Limits on collection of personal info
 Limits on use of personal info
 Requirements of notice of p...
Limits on Collection of Personal
Information
  Ban on recording any personal info when accepting
  payment by credit card
...
Limits on Use of Personal Information 1
  Info “swiped” from drivers licenses (except
  for age verification, etc.)
  Onwa...
Limits on Use of Personal Information 2
  Printing of >5 digits of credit card numbers on
  electronic customer receipts
 ...
Limits on Use of Personal Information 3
  Onward sharing of medical info, other than
  for TPO, subject to prior consent
 ...
Limits on Use of Personal Information 4
  Sharing of consumer credit & background
  info, except for specified purposes, b...
Notice Requirements 1
 Notice of security breach involving specified
 personal info
 Notice to vets from county recorder r...
Notice Requirements 2
 Notice of privacy policies/practices on
 commercial web sites collecting personal info
 on CA resid...
Data Security
  Destruction of customer records by businesses
  by shredding, etc.
  Activation process required on substi...
Individual Access to Information
  Access to and right to correct personal info in
  records of state agencies (IPA)
  Acc...
Limits on Commercial Communications
  Do-Not-Call Registry (state/federal laws)
  Ban on unsolicited commercial text messa...
Identity Theft Rights & Remedies
 Definition of crime, including possession of
 documents with intent to defraud
 Requirem...
Joanne McNabb, Chief
Office of Privacy Protection
California Department of Consumer Affairs
400 R Street, Suite 3080
Sacra...
Upcoming SlideShare
Loading in...5
×

California Privacy Law: Resources & Protections

588
-1

Published on

By Joanne Mcnabb

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
588
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

California Privacy Law: Resources & Protections

  1. 1. CA Privacy Law: Resources & Protections Joanne McNabb, Chief Office of Privacy Protection California Department of Consumer Affairs Intellectual Property Society Seminar, January 20, 2004 1
  2. 2. Constitutional Right All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy. Article 1, Section 1, Constitution of the State of California 2
  3. 3. Office of Privacy Protection CA is only state with such an agency Created by law passed in 2000 Purpose: “protecting the privacy of individuals’ personal information in a manner consistent with the California Constitution by identifying consumer problems in the privacy area and facilitating development of fair information practices” 3
  4. 4. Office of Privacy Protection Office functions Consumer assistance Education and information Coordination with law enforcement Best practice recommendations 4
  5. 5. Concerns of Contacts to OPP 40% 38% 30% 20% 17% 15% 9% 8% 10% 6% 2% 3% 3% 0% s s s g l d l l rn im tice etin cia i te i ca era PP nc e V ict a c rk an o l ic ed en O n t Co eft Pr em a Fi ns M G ef Th ies & Tel rU T h ID i c th e ID Pol O 11/01-12/03 5
  6. 6. Education and Information Consumer Information Sheets ID theft prevention, victim checklist, “criminal” ID theft Protecting SSNs, reading privacy policies, controlling unwanted communications Health info privacy Workshops and presentations 86 for consumers, 64 for business (11/01-12/03) 6
  7. 7. Work with Law Enforcement Advisory Committee to High Tech Crimes/Identity Theft Task Force 5 regional task forces of local, state and federal law enforcement Provide information on new laws via web site Make case referrals 7
  8. 8. “Best Practice” Recommendations Recommendations of “best practices,” beyond legal requirements By phone in response to requests Written sets developed with advisory groups SSN Confidentiality Notification of Security Breach 8
  9. 9. CA Privacy Laws Enacted 1999-2003 18 16 16 15 14 12 10 9 8 7 6 5 4 2 0 1999 2000 2001 2002 2003 9
  10. 10. Fair Information Practice Principles (FIPS) Transparency Collection Limitation Purpose Specification Use Limitation Data Quality Individual Participation Security Accountability 10
  11. 11. CA Privacy Laws & FIPs Limits on collection of personal info Limits on use of personal info Requirements of notice of privacy rights Limits on unwanted commercial communications Requirements for data security Requirements for individual access to personal info Rights & remedies for identity theft victims 11
  12. 12. Limits on Collection of Personal Information Ban on recording any personal info when accepting payment by credit card Ban on recording DL # when accepting payment by check Ban on collecting DL# and SSN for supermarket club cards Ban on wiretapping, CATV/satellite TV monitoring Ban on state agency collecting personal info not authorized by law or regulation (IPA) 12
  13. 13. Limits on Use of Personal Information 1 Info “swiped” from drivers licenses (except for age verification, etc.) Onward sharing of “marketing info” of credit card holders subject to opt-out right Public display of Social Security numbers Onward sharing of personal info collected for supermarket club cards 13
  14. 14. Limits on Use of Personal Information 2 Printing of >5 digits of credit card numbers on electronic customer receipts Onward sharing of residential telephone customer calling patterns, financial info, etc. Use by state agency other than as authorized by law (IPA, but cf. Public Records Act) 14
  15. 15. Limits on Use of Personal Information 3 Onward sharing of medical info, other than for TPO, subject to prior consent Use of medical info for marketing purposes, as defined Limited access to birth/death certificates, no SSNs or MMNs on publicly available birth/death record indices 15
  16. 16. Limits on Use of Personal Information 4 Sharing of consumer credit & background info, except for specified purposes, by CRAs, Investigative RAs (but cf. FCRA/FACTA) Sharing of personal financial info w/ 3rd parties by financial institutions (SB 1, eff. 7/1/04) Use of auto “black box” data for other than vehicle safety, etc. (AB 213, eff. 7/1/04) 16
  17. 17. Notice Requirements 1 Notice of security breach involving specified personal info Notice to vets from county recorder re DD214s as public records Notice on collection of personal info by state agencies (IPA) Privacy policy notice in state offices and on agency web sites 17
  18. 18. Notice Requirements 2 Notice of privacy policies/practices on commercial web sites collecting personal info on CA residents (AB 68, eff. 7/04) Upon request, notice to customer of info sharing details or opt-out opportunity (SB 27, eff. 1/05) Notice of presence of auto “black box” in owner’s manual or subscription contract (AB 213, eff. 7/04) 18
  19. 19. Data Security Destruction of customer records by businesses by shredding, etc. Activation process required on substitute credit cards mailed to consumers Credit/debit card “skimmers” outlawed State agencies must use security safeguards to protect personal info (IPA) 19
  20. 20. Individual Access to Information Access to and right to correct personal info in records of state agencies (IPA) Access to and right to dispute personal info in medical records (PAHRA, cf. federal HIPAA) 20
  21. 21. Limits on Commercial Communications Do-Not-Call Registry (state/federal laws) Ban on unsolicited commercial text messages sent to cell phones/pagers Ban on spam sent in violation of ISP’s policy Ban on spam sent w/out prior consent of recipient (but cf. federal CAN SPAM Act) 21
  22. 22. Identity Theft Rights & Remedies Definition of crime, including possession of documents with intent to defraud Requirement of local police to take report Expedited judicial process for victims Database for victims of “criminal” ID theft Victim rights in debt collection and against claimants Victim access to documents on fraudulent accounts (but cf. FCRA/FACTA) 22
  23. 23. Joanne McNabb, Chief Office of Privacy Protection California Department of Consumer Affairs 400 R Street, Suite 3080 Sacramento, CA 95814 916-322-4420 www.privacy.ca.gov 866-785-9663 23
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×