CALIFORNIA LEGISLATURE— 2021–2022 REGULAR SESSION

Assembly Bill
No. 1391

Introduced by Assembly Member Chau

February 19, 2021

An act to add Section 1724 to the Civil Code, relating to privacy.


LEGISLATIVE COUNSEL'S DIGEST


AB 1391, as introduced, Chau. Compromised data.
Existing law, the California Consumer Privacy Act of 2018, authorizes a consumer whose nonencrypted and nonredacted personal information, as defined, is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of a business’ violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action, as specified.
This bill would make it unlawful for a person to sell, purchase, or utilize data, as defined, that the person knows or reasonably should know is compromised data. The bill would define the term “compromised data” to mean data that has been obtained or accessed pursuant to the commission of a crime.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 1724 is added to the Civil Code, to read:

1724.
 (a) As used in this section, “compromised data” means data, as defined in Section 502 of the Penal Code, that has been obtained or accessed pursuant to the commission of a crime.
(b) It is unlawful for a person to sell, purchase, or utilize data that the person knows or reasonably should know is compromised data.