California is always on the forefront of regulating privacy and security on the internet and related to personal information. California Governor Jerry Brown approved six bills designed to enhance and expand California’s privacy laws. These new laws are scheduled to take effect in 2015 and 2016
Expansion of Protection for California Residents’ Personal Information – AB 1710
Under current law, any business that owns or licenses certain personal information about a California resident must implement reasonable security measures to protect the information and, in the event of a data or system breach, must notify affected persons. See Cal. Civil Code §§ 1798.81.5-1798.83. Current law also prohibits individuals and entities from posting, displaying, or printing an individual’s social security number, or requiring individuals to use or transmit their social security number, unless certain requirements are met. See Cal. Civil Code § 1798.85.
Expansion of Constructive Invasion of Privacy Liability – AB 2306
Under current law, a person can be liable for constructive invasion of privacy if the person uses a visual or auditory enhancing device and attempts to capture any type of visual image, sound recording, or other physical impression of the person in a personal or familial activity under circumstances in which the person had a reasonable expectation of privacy. See Cal. Civil Code § 1708.8.
The bill expands the reach of the current law by removing the limitation requiring the use of a “visual or auditory enhancing device” and imposing liability if the person uses any device to capture a visual image, sound recording, or other physical impression of a person in a personal or familial activity under circumstances in which the person had a reasonable expectation of privacy.
The law will also continue to impose liability on those who acquire the image, sound recording, or physical impression of the other person, knowing that it was unlawfully obtained. Those found liable under the law may be subject to treble damages, punitive damages, disgorgement of profits and civil fines.
Protection of Personal Images and Videos (“Revenge Porn” Liability) – AB 2643
Assembly Bill 2643 creates a private right of action against a person who intentionally distributes by any means, without consent, material that exposes a person’s intimate body parts or the person engaging in certain sexual acts, with knowledge that the victim had a reasonable expectation that the material would remain private.
Protection of Student’s Online Personal Information – The Student Online Personal Information Protection Act – SB 1177
The Student Online Personal Information Protection Act (SOPIPA) prohibits an operator of an Internet website, online service, online application or mobile application that is used, designed and marketed primarily for K-12 school purposes from (1) knowingly engaging in targeted advertising to students or their parents or guardians on the site, service, or application, (2) engaging in targeted advertising on a different site, service, or application using any information that was acquired from the operator’s site, service or application, (3) using information created or gathered by the operator’s site, service, or application to generate a profile about a student, (4) selling a student’s information, and (5) disclosing certain information pertaining to a student. The law also requires the operator to maintain reasonable security measures to protect the student’s information from unauthorized access, destruction, use, modification or disclosure.
Protection of Students’ Social Media Information – AB 1442
Assembly Bill 1442 regulates the use of students’ social media information. If a school intends to implement a program to gather students’ social media information, the school must notify students and parents or guardians about the proposed program and provide an opportunity for public comment. If the program is adopted, the school must only gather or maintain information that pertains directly to school or student safety, provide the student with access to his or her information and an opportunity to correct or delete such information, destroy information after the student turns 18 or is no longer enrolled at the school, and notify each parent or guardian that the student’s social media information is being collected.
Protection of Students’ Records in Digital Storage Services – AB 1584
Assembly Bill 1584 permits a school to use a third party for the digital storage, management, and retrieval of student records, or to provide digital educational software or both. In order to protect those records, any such contract with a third party must contain certain provisions, including a statement that all of the records remain the property of and under the control of the school, a description of the procedures that will be used to notify affected students, parents or guardians in the event of any unauthorized disclosure, a prohibition against using any students’ information for any purposes other than those required by the contract, and a certification that students’ information will not be available to the third party upon completion of the contract.