---

Privacy

Wednesday, March 23, 2011

California Legislative Alerts:

On this page, Consumer Action highlights important California legislation and other state issues relating to privacy.

NEW  A “Get out of Jail Free Card” for corporate privacy violators?

Consumer Action opposes AB 1219 (Perea), which would give companies that violated California privacy laws immunity from punishment. In February 2011, the California Supreme Court unanimously re-affirmed the consumer privacy protections of the Song Beverly Credit Card Act in Pineda v. Williams Sonoma. The Court ruled that Williams Sonoma violated the law when it requested consumer zip codes during credit card transactions. Although many credit card users were told, untruthfully, that zip code information was necessary for “security” purposes, the data was collected essentially for marketing purposes, and ultimately was used to obtain cardholders’ physical addresses without those customers’ knowledge or permission. Subsequently, the chain used the ill-gotten information to direct unwanted marketing pitches their way. The California Supreme Court ruled unanimously in favor of the plaintiff, Jessica Pineda, and now other companies that may have violated the privacy of their customers fear that they may face financial penalties as well.

Assemblyman Perea is doing the bidding of giant retailers who insist that any penalty for violating the Song Beverly Act would be inappropriate or excessively harsh. But the state Supreme Court has already stated that trial courts will have discretion in determining the appropriate remedy in any case brought for a violation of this law. The Court said that a penalty could range from a fraction of a penny per violation to the maximum permitted, based on the trial court’s consideration of case-specific circumstances. The sky is not falling. The issue is whether or not corporate lawbreakers will be held accountable.

As we have seen so often, companies that collect too much information about their customers can put those individuals at a higher risk of identity theft should that data subsequently be lost or stolen. The protections under the Song Beverly Credit Card Act are important not merely to discourage corporations from snooping on us, but also to protect consumers from becoming victims of this financial crime. And, once the penalty for breaking the law is removed, other actors are encouraged to behave unlawfully, and firms with greater respect for consumer privacy are effectively put at a disadvantage.

Please join us in opposing AB 1219.

For more info on this bill, see AB 1219

To write to your lawmaker about AB 1219, use our California Action Tools. Click here.

 

SB 24 (Simitian) would improve data breach notifications

Currently, Californians receive notifications when their personal information housed in a company’s database is hacked into or stolen. But anyone who has received one of these advisories knows that the notifications are often empty and confusing form letters, only rarely mentioning the specific data that were compromised during the breach.

Although California passed the nation’s first state-level security breach notification law back in 2003, it has since fallen behind 14 other states in terms of what information companies must provide in the notices to affected consumers. SB 24 would improve upon existing law by requiring breach notification letters to include the types of personal information at risk, a range of dates for the breach, and contact information for the three credit bureaus.

Providing specific information in plain language would help consumers in two ways. Informing consumers affected by data breaches about exactly which personal identifiers had been stolen or unlawfully accessed would, in a breach involving less-sensitive information, avoid causing undue alarm. And, when the compromised data involve the most important personal information like one’s social security number, drivers license, or password, consumers would be empowered to protect themselves appropriately. For instance, if an accessed password served as a security code for other accounts, consumers could change these passwords. If social security numbers were lost, consumers could make a more informed decision about whether to freeze their credit files in order to protect themselves from identity theft.

As it stands, the content of breach notices is insufficient for consumers’ needs. A recent study found that “28% of the individuals receiving a notification do not understand the data involved or the potential consequences of the breach after reading the letter.” The state can do better and avoid this confusion, so Consumer Action supports SB 24.

For more info on this bill, see SB 24

Tags/Keywords

privacy, california legislation, security breach

Article Statistics

Article Viewed: 4383