Information Security:
California State Law
California Civil Code
- 1798.81.5
AB 1950 Privacy: Personal Information —
Requires most businesses that own or license personal information about a California
resident to implement and maintain reasonable security procedures and
practices to protect personal information from unauthorized access,
destruction, use, modification, or disclosure. Also requires a business that
discloses personal information to a nonaffiliated third party to require by contract that
those entities maintain reasonable specified security procedures.
- 1798.82 & 1798.29
SB 1386 California Mandatory Disclosure Law —
Requires a state agency, or a person or business that conducts business in California, that
owns or licenses computerized data that includes personal information, as defined, to disclose
in specified ways, any breach of the security of the data, as defined, to any resident of California
whose unencrypted personal information was, or is reasonably believed to have been, acquired by an
unauthorized person. Permits the notifications required by its provisions to be delayed
if a law enforcement agency determines that it would impede a criminal investigation.
Requires an agency, person, or business that maintains computerized data that includes personal
information owned by another to notify the owner or licensee of the information of any breach of
security of the data, as specified. States the intent of the Legislature to preempt all local
regulation of the subject matter of this bill.
California Business and Professions Code
- 17525-17528.5
Cyber Piracy —
It is unlawful to register, traffic in, or use a domain name, that is identical or confusingly
similar to the personal name of another living person or deceased personality, without regard
to the goods or services of the parties.
- 17529-17529.9
Restrictions On Unsolicited Commercial E-mail Advertisers —
It is unlawful to initiate or advertise in an unsolicited commercial e-mail advertisement
(a) from California or advertise in an unsolicited commercial e-mail advertisement sent from California, or
(b) to a California electronic mail address or advertise in an unsolicited commercial e-mail
advertisement sent to a California electronic mail address.
- 22947-22947.6
Consumer Protection Against Computer Spyware Act —
The provisions of this lengthy Act include prohibiting unauthorized persons from causing computer
software to be copied onto the computer of a consumer in California and using the software, through
intentionally deceptive means, to do any of the following:
- Modify settings related to the computer's access to or use of the Internet
- Collect personally identifiable and sensitive information
- Prevent an authorized user's efforts to block the installation of or to disable software
- Allow an authorized user to uninstall or disable software with knowledge that the
software will not in fact be uninstalled or disabled
- Remove, disable, or render inoperative security, antispyware, or antivirus software
installed on the computer
- Take control of the consumer's computer.
The Act also prohibits unauthorized persons from inducing an authorized consumer in California
to install a software component onto the computer by intentionally misrepresenting that installing
software is necessary for security or privacy reasons or to open, view, or play a particular type
of content.
- 22948
SB 355 Anti-Phishing Act of 2005 —
Prohibits any person, through the Internet or other electronic means, to solicit, request, or take any
action to induce another person to provide identifying information by representing itself to be a business
without the approval of that business.
Copyright © 2005 - 2007 by Daniel W. Hancock. All Rights Reserved.
Home Page