Privacy
Data Disposal
PA - Representative Mark B. Cohen (D-202) has introduced H.B. 2752, which would require any government entity, or for-profit individual, business or organization disposing of a "record" containing "personal identifying information" to: (1) shred the record before the disposal of the record; (2) destroy the personal identifying information contained in the record; (3) modify the record to make the personal identifying information unreadable; or (4) take actions consistent with commonly accepted industry practices that they reasonably believe will ensure "that no unauthorized person will have access to the personal identifying information contained in the record." H.B. 2752 defines "personal identifying information" as "personal information consisting of any information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted or encrypted with an encryption key that is included in the same record as the encrypted personal information or data element: (1) Social Security number; (2) Driver's license number or non-driver identification card number; (3) Mother's maiden name, financial services account number or code, savings account number or code, checking account number or code, debit card number or code, automated teller machine number or code, electronic serial number or personal identification number; or (4) Date of birth." The bill defines "record" as "any information kept, held, filed, produced or reproduced by, with or for a person or business entity, in any physical form whatsoever, including, but not limited to, reports, statements, examinations, memoranda, opinions, folders, files, books, manuals, pamphlets, forms, papers, designs, drawings, maps, photos, letters, microfilms or computer tapes or discs."

Data Privacy
CA - Governor Arnold Schwarzenegger signed S.B. 1268 into law as Chapter No. 489. Originally sponsored by Sen. S. Joseph Simitian (D-11), this new law prohibits a transportation agency from selling or providing personally identifiable information of a person obtained pursuant to the person's participation in an electronic toll collection system or use of a toll facility. It also requires identifiable information unrelated to transactions to be deleted within six months of collection. This could limit the researchers' ability to collect toll data for research purposes. MRA previously covered the bill in the July Legislative Update and September Legislative Update.

CA - Governor Arnold Schwarzenegger signed S.B. 1476 into law as Chapter No. 497. Originally introduced by Sen. Alex Padilla (D-20), this new law prohibits an electric or gas corporation from sharing, disclosing, or otherwise making accessible to any third party a customer's electrical or gas consumption data. However, a local publicly owned electric utility may still disclose customers' aggregate electrical consumption data for analysis, reporting, or program management if all information has been removed regarding the individual identity of a customer. This law might limit the usefulness of energy consumption data for research purposes. MRA last covered this legislation in the July Legislative Update and September Legislative Update.

Data Security
CA - Governor Arnold Schwarzenegger vetoed S.B. 1166 on September 29, legislation sponsored by Sen. S. Joseph Simitian (D-11), which would have amended the existing breach notification law by introducing specific content requirements for customer notification letters. The Governor claimed that S.B. 1166 "would place additional unnecessary mandates on businesses without a corresponding consumer benefit." The Governor also vetoed a similar version of this bill last year.

Telemarketing/Sales/Non-Research Activities
Impersonation Online
CA - Governor Arnold Schwarzenegger signed S.B. 1411 into law as Chapter No. 335. Originally introduced by Sen. S. Joseph Simitian (D-11), this new law requires that any person who knowingly and without consent credibly impersonates another actual person through or on an Internet Web site or by other electronic means, as specified, for purposes of harming, intimidating, threatening, or defrauding another person is guilty of a misdemeanor. In addition to the specified criminal penalties, the law authorizes a person who suffers damage or loss to bring a civil action against any person who violates that provision. This new law, last covered in the July Legislative Update and September Legislative Update, should have minimal impact on bona fide survey and opinion research.

Spyware
PA - S.B. 123 passed the House and is awaiting the Governor's signature in order to be signed into law. Originally sponsored by Sen. John R. Gordner (R-27), this legislation would prohibit deceptively installing spyware on a consumer's computer or any unauthorized users from willfully or knowledgeably causing spyware from being copied onto the computer of an authorized user. Since bona fide survey and opinion research does not use or encourage spyware, this legislation should have minimal impact on the research profession.