The end of September brought four new pieces of California legislation in the area of privacy and data protection to Gov. Jerry Brown's desk – all of which he signed into law. California has taken center stage in state efforts to strengthen consumer privacy protection, and given the global nature of e-commerce and the importance to many companies of doing business in California, these moves in turn impact privacy standards on a national scale.
Notice of Data Breaches to Consumers
Gov. Brown also signed into law S.B. 46, a bill amending California's current data breach notification law (as codified in California Civil Code § § 1798.29 and 1798.82). Also known as the "Breach Notice Bill," the law requires companies to notify consumers if an individual's user name or email address, in combination with a related password or security question and answer, has been exposed. California law already required similar notifications when a data breach exposes consumers' Social Security, driver's license numbers, credit card numbers, or medical and health insurance information. The new notification requirements will take effect January 1, 2013.
"Online Eraser" for Minors
As previously reported here, Gov. Brown also signed into law an "online eraser" bill, SB 568, that applies to platforms "directed to minors" or where the operator "has actual knowledge that a minor is using" its platform. It gives individuals under the age of 18 a right to take down pictures, videos or comments they posted or stored on websites, social media or mobile apps. Sites must either allow teens to remove personal content themselves or set up a way for minors to request that the information be removed.
Regulation of Images Published Online
The final new piece of privacy legislation in California, SB 255, renders it a misdemeanor to publish images of another person without their consent "with the intent to cause serious emotional distress." The crime is punishable with a fine of up to $1,000 or six months in jail.