On October 8, 2015, California Governor Jerry Brown signed into law the California Electronic Communications Privacy Act (“CalECPA” or the “Act”), sponsored by Senator Mark Leno (D-San Francisco). The Act requires law enforcement in California to obtain a search warrant or wiretap order before searching a person’s smartphone, laptop or other electronic device or accessing information stored on the remote servers of internet service providers (“Service Provider”), including locational information.
The Act applies to government entities, service providers, and owners and authorized possessors (“Device Holder”) of electronic devices. Government entities may only compel production of or access to electronic information from a Device Holder or Service Provider consistent with the Act’s provisions. Government entities that execute a warrant or obtain information under the Act must provide notice to the Device Holder. Such notice must inform the Device Holder that information about the Device Holder was compelled or requested, must describe the nature of the government investigation seeking the information, and must include a copy of the warrant. The Act, however, contains various exceptions both to the notice requirements and the warrant/wiretap order requirements.
Some of the exceptions reflect the history of a similar bill introduced by Senator Leno two years ago. That bill was vetoed by Governor Brown, who said the area was sufficiently covered by federal law and that the bill’s requirement for notification to those whose devices are searched could harm criminal investigations. To address those concerns, CalECPA included a broad exception to the notification requirement when it could hamper an ongoing law enforcement investigation or jeopardize efforts to protect the public. The Act also provides exceptions for when the Device Holder gives consent to a search and when law enforcement believes that an emergency involving imminent danger of death or serious physical injury requires access.
In addition, service providers may voluntarily disclose electronic information and subscriber information to government entities unless otherwise prohibited by state or federal law, in which case notice to the Device Holder is not required. Although voluntary disclosure relieves the government of having to get a search warrant or wiretap order, the CalECPA imposes restrictions on voluntarily disclosed information that do not apply when the government following the notice and search warrant/wiretap order approach. In particular, the government entity that receives voluntarily disclosed information must destroy it within 90 days unless the entity receives consent from the sender or recipient of a particular communication, receives a court order authorizing retention, or reasonably believes the information is related to child pornography and retains the information as part of a multiagency database used to investigate child pornography and related crimes.
The CalECPA received strong support from numerous stakeholders. A press release issued by Senator Leno noted that it had broad bipartisan support in California’s Congress. The press release further noted that it was supported by both civil rights organizations and technology companies. In recent years, many of those technology companies “have seen a dramatic rise in requests from law enforcement for consumer data.” Those consumers also largely supported the type of warrant requirements this law provides. A recent poll of California voters revealed that more than eighty percent of those voters supported requiring a warrant from authorities.