Page images
PDF
EPUB

AMENDED IN SENATE JUNE 27, 1974

AMENDED IN SENATE JUNE 6, 1974
AMENDED IN ASSEMBLY JANUARY 29, 1974
AMENDED IN ASSEMBLY JANUARY 10, 1974
AMENDED IN ASSEMBLY JANUARY 7, 1974

CALIFORNIA LEGISLATURE-1973-74 REGULAR SESSION

[blocks in formation]

An act to add Title 1.8 (commencing with Section 1798) to Part 4 of Division 3 of the Civil Code, relating to personal data, and making an appropriation therefor.

LEGISLATIVE COUNSEL'S DIGEST

AB 2656, as amended, Bagley (E.C.C.). Personal data. Imposes safeguards, restrictions, and other specified requirements upon the use and transfer of personal data used by computers in automated personal data systems. Makes it a misdemeanor to fail to conform to certain requirements regarding supplying written notice of the described rights of persons to whom the data pertain.

Requires persons governmental bodies maintaining automated personal data systems to file annual notice with Department of Consumer Affairs specifying, among other things,

[blocks in formation]

the nature and purpose of the system and describing intended use thereof. Provides civil penalty for failure to file required report.

Provides cause of action for damages or for an injunction against responsible person parties, as specified for noncompliance with the act.

Excludes certain public records from application of the act. Determines that no relevant evidence relating to any procedure established or required by the act is to be privileged in any civil action for evidentiary purposes, including discovery procedures or other aspects of any cause of action.

Appropriates $4,900,000 to the State Controller for allocation and disbursement to local agencies for costs incurred by them pursuant to this act.

Vote: 3. Appropriation: yes. Fiscal committee: yes. Statemandated local program: yes.

1

The people of the State of California do enact as follows:

SECTION 1. Title 1.8 (commencing with Section 2 1798) is added to Part 4 of Division 3 of the Civil Code, 3 to read:

4

5 TITLE 1.8. CALIFORNIA FAIR INFORMATION PRACTICE ACT OF 1974

6

7

8

9

10

CHAPTER 1. GENERAL PROVISIONS

1798. This act shall be known and may be cited as the 11 California Fair Information Practice Act of 1974. 12

1798a. Recognizing that the people of California have 13 made clear their desire that their privacy be protected by 14 establishing a constitutional right of privacy, and that the 15 application of computer technology to personal 16 recordkeeping has created new opportunities for 17 invasion of that right of privacy, and that personal privacy 18 is poorly protected in law against abusive recordkeeping 19 practices, and that the power of individuals to affect 20 recordkeeping systems is far weaker than the power of 21 such systems to affect their lives, the Legislature of the

[blocks in formation]

1 State of California hereby finds and declares that the 2 constitutional right of privacy includes the right of an 3 individual to control the uses made of personal data about 4 him.

5 Accordingly, the Legislature recognizes these basic 6 principles of fair information practice:

7 (1) There must be no personal data recordkeeping 8 systems whose very existence is secret.

9

(2) There must be a way for an individual to find out 10 what personal information about him is in a record and 11 how it is used.

12 (3) There must be a way for an individual to prevent 13 personal information about him that was obtained for one 14 purpose from being used or made available for other 15 purposes without his consent.

16

(4) There must be a way for an individual to correct 17 or amend a record of identifiable personal information 18 about him.

19 (5) An organization creating, maintaining, using, or 20 disseminating records of identifiable personal data must 21 ensure the reliability of the data for their intended use 22 and must take precautions to prevent misuse of the data. 23 This title shall be construed liberally and in accordance 24 with the principles and findings here set forth.

25

26

1798.1. As used in this title:

(a) "Personal data" means any information that 27 describes anything about an individual and which can be 28 associated with an identifiable individual.

29 (b) "Computer accessible" means recorded on any 30 medium actually used for the storage of data in a form 31 capable of direct use with electronic data processing 32 equipment. "Computer-accessible" media include but 33 are not limited to: (1) magnetic tape, magnetic disk, 34 magnetic drum, punched card, paper tape, or any other 35 magnetic medium; or (2) optically scannable paper or 36 film when these are actually used with optical scanning 37 devices.

38 (c) "Personal data base" means a set of personal data 39 stored in computer-accessible form.

40

(d) "Automated personal data system" means a

[blocks in formation]

1 personal data base used with electronic data-processing

2 equipment and programming.

3

(e) "Administrative decision" means a determination 4 regarding the qualifications, character,

5 opportunities or benefits of an individual.

rights,

6 (f) "Data subject" means an individual who is the 7 subject of a record in an automated personal data system. (g) "Department” means the Department of Consumer Affairs.

8

9

10

(h) "Individual" means a natural person.

11 (i) "Local public entity” means a county, city, district, 12 public authority, public agency, and any other political 13 subdivision or public corporation in the state, but does 14 not include the state.

15

"Person" means an individual, partnership, 16 eorporation, association, local public entity, the state, or 17 other group, however organized but not the United 18 States or any agency thereof.

19

(j) "Governmental body" means the state or any local 20 public entity.

21 (k) "State" means the state and any office, officer, 22 department, division, bureau, board, commission, or 23 agency of the state.

24

25

26

27

28

CHAPTER 2. SAFEGUARD REQUIREMENTS FOR
AUTOMATED PERSONAL DATA SYSTEMS

1798.2. Every person governmental body maintaining 29 an automated personal data system within California 30 shall:

31

(a) Identify one individual responsible for receiving 32 and responding to (1) inquiries and complaints regarding 33 the system, (2) requests for data pursuant to subdivision 34 (b) of Section 1798.5, and (3) disputes regarding the 35 accuracy, completeness, timeliness, or pertinence of data 36 under subdivision (e) of Section 1798.5.

37 (b) Exercise due care to ensure that each of its 38 employees is aware of the requirements of this title and 39 of each rule or procedure which may be adopted by the 40 persen governmental body to ensure compliance with it.

[blocks in formation]

1 (c) Take no disciplinary or punitive action against any 2 person who in good faith brings to the attention of any 3 person governmental body evidence of any violation of 4 this title.

5

(d) Specify and apply disciplinary measures to be 6 applied to any employee who willfully initiates or 7 otherwise contributes to any disciplinary or other 8 punitive action against any person who brings to the 9 attention of any person governmental body, evidence of 10 any violation of this title.

11 te) Take reasonable care to protect personal data in 12 the system from any release, transfer, access, or use which 13 is in violation of any provision of this title.

14

(e) Establish and adhere to procedures to ensure 15 that personal data in the system are accurate, complete, 16 timely, and pertinent. Liability for damages under 17 subdivision (a) of Section 1799, in an action brought for 18 violation of this section, shall be limited to cases in which 19 the person governmental body maintaining the system 20 did not exercise reasonable care in establishing and 21 adhering to such procedures.

22 1798.4. (a) Every person governmental body 23 maintaining an automated personal data system in 24 California on December 31, 1975, shall give notice of the 25 existence and character of its system prior to January 31, 26 1976. Such notice shall be filed with the Director of 27 Consumer Affairs and shall be a permanent public 28 record. Every state or local criminal justice agency 29 maintaining an automated personal data system which 30 contains criminal investigatory, intelligence, or security 31 information, shall file a copy of its public notice with the 32 Attorney General and with the Director of Consumer 33 Affairs. The director may establish_regulations 34 prescribing the form of such notice. The director may 35 charge a yearly filing fee for each notice filed to defray 36 any administrative costs incurred pursuant to this section. 37 Any person governmental body maintaining more than 38 one system shall file notices for each such system 39 simultaneously, and such notices may be combined when 40 convenient and appropriate. Any person governmental

« PreviousContinue »