1798.79.

 (a) Except as provided in this section, a person or entity that intentionally remotely reads or attempts to remotely read a person’s identification document using radio frequency identification (RFID), identification, for the purpose of reading that person’s identification document without that person’s knowledge and prior consent, shall be punished by imprisonment in a county jail for up to one year, a fine of not more than one thousand five hundred dollars ($1,500), or both that fine and imprisonment.

(b) A person or entity that knowingly discloses, or causes to be disclosed, the operational system keys used in a contactless identification document system shall be punished by imprisonment in a county jail for up to one year, a fine of not more than one thousand five hundred dollars ($1,500), or both that fine and imprisonment.

(c) Subdivision (a) shall not apply to:

(1) The reading of a person’s identification document for triage or medical care during a disaster and immediate hospitalization or immediate outpatient care directly related to a disaster, as defined by the local emergency medical services agency organized under Section 1797.200 of the Health and Safety Code.

(2) The reading of a person’s identification document by a health care professional for reasons relating to the health or safety of that person or an identification document issued to a patient by emergency services.

(3) The reading of an identification document of a person who is incarcerated in the state prison or a county jail, detained in a juvenile facility operated by the Division of Juvenile Facilities in the Department of Corrections and Rehabilitation, or housed in a mental health facility, pursuant to a court order after having been charged with a crime, or to a person pursuant to a court-ordered electronic monitoring.

(4) Law enforcement or government personnel who need to read a lost identification document when the owner is unavailable for notice, knowledge, or consent, or those parties specifically authorized by law enforcement or government personnel for the limited purpose of reading a lost identification document when the owner is unavailable for notice, knowledge, or consent.

(5) Law enforcement personnel who need to read a person’s identification document after an accident in which the person is unavailable for notice, knowledge, or consent.

(6) Law enforcement personnel who need to read a person’s identification document pursuant to a search warrant.

(d) Subdivision (a) shall not apply to a person or entity that unintentionally remotely reads a person’s identification document using RFID in the course of operating a contactless identification document system unless it knows it unintentionally read the document and thereafter intentionally does any of the following acts:

(1) Discloses what it read to a third party whose purpose is to read a person’s identification document, or any information derived therefrom, without that person’s knowledge and consent.

(2) Stores what it read for the purpose of reading a person’s identification document, or any information derived therefrom, without that person’s knowledge and prior consent.

(3) Uses what it read for the purpose of reading a person’s identification document, or any information derived therefrom, without that person’s knowledge and prior consent.

(e) Subdivisions (a) and (b) shall not apply to the reading, storage, use, or disclosure to a third party of a person’s identification document, or information derived therefrom, in the course of an act of good faith security research, experimentation, or scientific inquiry, including, but not limited to, activities useful in identifying and analyzing security flaws and vulnerabilities.

(f) Nothing in this section shall affect the existing rights of law enforcement to access data stored electronically on driver’s licenses.

(g) The penalties set forth in subdivisions (a) and (b) are independent of, and do not supersede, any other penalties provided by state law, and in the case of any conflict, the greater penalties shall apply.